I haven’t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite."><metaname=authorcontent="Jake Hillion"><linkrel=canonicalhref=https://blog.hillion.co.uk/posts/weekly-2022-04-25/><linkcrossorigin=anonymoushref=/assets/css/stylesheet.min.48a18943c2fc15c38a372b8dde1f5e5dc0bc64fa6cb90f5a817d2f8c76b7f3ae.cssintegrity="sha256-SKGJQ8L8FcOKNyuN3h9eXcC8ZPpsuQ9agX0vjHa3864="rel="preload stylesheet"as=style><scriptdefercrossorigin=anonymoussrc=/assets/js/highlight.min.b95bacdc39e37a332a9f883b1e78be4abc1fdca2bc1f2641f55e3cd3dabd4d61.jsintegrity="sha256-uVus3DnjejMqn4g7Hni+Srwf3KK8HyZB9V4809q9TWE="onload=hljs.initHighlightingOnLoad()></script>
<script>vardoNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];functiongtag(){dataLayer.push(arguments)}gtag("js",newDate),gtag("config","G-4CXXF49E7M",{anonymize_ip:!1})}</script><metaproperty="og:title"content="Jake's Weekly - 25th April 2022"><metaproperty="og:description"content="ResearchProjectDissertationdraftAblockofprogressonthestufflearntsofarandhoweachofthenamespacescanbemodifiedtocreateavoid.TheworkisavailablehereonOverleaf(permissionsrequired),hereonGitea(nopermissionsrequired),andacurrentdraftisavailablehere.
Finished Table 1 (history of namespaces).
I haven’t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite."><metaproperty="og:type"content="article"><metaproperty="og:url"content="https://blog.hillion.co.uk/posts/weekly-2022-04-25/"><metaproperty="article:section"content="posts"><metaproperty="article:published_time"content="2022-04-25T11:00:00+00:00"><metaproperty="article:modified_time"content="2022-04-25T11:00:00+00:00"><metaproperty="og:site_name"content="Jake Hillion"><metaname=twitter:cardcontent="summary"><metaname=twitter:titlecontent="Jake's Weekly - 25th April 2022"><metaname=twitter:descriptioncontent="ResearchProjectDissertationdraftAblockofprogressonthestufflearntsofarandhoweachofthenamespacescanbemodifiedtocreateavoid.TheworkisavailablehereonOverleaf(permissionsrequired),hereonGitea(nopermissionsrequired),andacurrentdraftisavailablehere.
Finished Table 1 (history of namespaces).
I haven’t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite."><scripttype=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://blog.hillion.co.uk/posts/"},{"@type":"ListItem","position":2,"name":"Jake's Weekly - 25th April 2022","item":"https://blog.hillion.co.uk/posts/weekly-2022-04-25/"}]}</script><scripttype=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Jake'sWeekly-25thApril2022","name":"Jake\u0027sWeekly-25thApril2022","description":"ResearchProjectDissertationdraftAblockofprogressonthestufflearntsofarandhoweachofthenamespacescanbemodifiedtocreateavoid.TheworkisavailablehereonOverleaf(permissionsrequired),hereonGitea(nopermissionsrequired),andacurrentdraftisavailablehere.\nFinishedTable1(historyofnamespaces).\nIhaven\u0026rsquo;tmentioneditinthewriteupbutthiswashorribletofirstlyfindtheanswerstoandsecondlytocite.","keywords":[],"articleBody":"ResearchProjectDissertationdraftAblockofprogressonthestufflearntsofarandhoweachofthenamespacescanbemodifiedtocreateavoid.TheworkisavailablehereonOverleaf(permissionsrequired),hereonGitea(nopermissionsrequired),andacurrentdraftisavailablehere.\nFinishedTable1(historyofnamespaces).\nIhaven’tmentioneditinthewriteupbutthiswashorribletofirstlyfindtheanswerstoandsecondlytocite.Someseriousgitcommandswereneededtofindthecommitswherethingswereadded.OnceIfoundthecommitcitingthemwasn’ttoobad.Theversionchangelogsarehorribletocite.TheyusedtobepostedbyLinusonthemailinglist,butnowthey’repostedonasitethat’sbasicallyaWiki(andreferredtobyLinusinthereleaseemail).Leavesaloadofnoauthorentriesinmybibtex…Wrotealargesectiononmountnamespaces(§3.1).\nIfinallyunderstandthehorrorshowthatismountnamespaces.ThedissertationcontainssnippetsofCandshellcodethattrytobackupeachthingIsayclearly.MadeacommitmenttomyselftoaddthesecommitsandversionstoWikipediawhenIgetthechance,makingthismucheasierinfuture.Citedsomeofthereasonsthesechoicesweremade,inanattempttoprovideabalancedview.Ihavesomethoughtsonhowthiscouldbedonefromthegroundupinafarbetterway,butdidn’tincludethemastheyaren’tparticularlyuseful-hindsightisawonderfulthing.TherealsomightbeabugintheMNT_DETACHlogic,butagainI’mnotsureIcanfullybackthisup.Discussedmoreintheprogrammingsectionofthispost.Wrotesectionsonhoweachofthenamespacescanbeusedtomakeavoid.\nHaven’tyetcompletedcgroupandusernamespaces,astheymayneedsomeextraworkthatisn’tcurrentlypresentinthecode.Therestprovideanaccurateviewofhowtoprovidetheutmostseparation.There’sanideafloatingaroundofseparationofthehostfromthecontainerversusseparationofthecontainerfromthehost.Ihaven’tgotgoodwordingforthisyet.E.g.cgroupnamespacescanprovidedecentseparationofthehostfromthecontainer,asyoucangointoanisolatedsubtree,butthehostcanstillmodifythatsubtree.ThereasonIhaven’tsaidtoomuchonthisisthatrootonthehostcanmodifyanythinginthissystemifitreallywants.IwrotebrieflyaboutsomefutureworkondynamiclinkingthatispossibleandsuitsthethreatmodelthatIdon’tthinkI’llhavetimetocomplete.\nMinorunloggedchangeselsewhere.\nProgrammingTestedandexpandedthemountnamespacevoiding.\nAswritteninthedissertation,mountnamespacesaretricky.Myinitialcodeforvoidingthemcompletelyborkedthehostsystem.Hadagoodofflineexchangewithoursysadmintryingtofigureoutwhichofuswasbreakingthemachine.PossibleexposedakernelbugwithMNT_DETACHcrossingsharedsubtreeboundariesand
<spanclass=logo-switches><buttonid=theme-toggleaccesskey=ttitle="(Alt + T)"><svgid="moon"xmlns="http://www.w3.org/2000/svg"width="24"height="24"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"><pathd="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svgid="sun"xmlns="http://www.w3.org/2000/svg"width="24"height="24"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"><circlecx="12"cy="12"r="5"/><linex1="12"y1="1"x2="12"y2="3"/><linex1="12"y1="21"x2="12"y2="23"/><linex1="4.22"y1="4.22"x2="5.64"y2="5.64"/><linex1="18.36"y1="18.36"x2="19.78"y2="19.78"/><linex1="1"y1="12"x2="3"y2="12"/><linex1="21"y1="12"x2="23"y2="12"/><linex1="4.22"y1="19.78"x2="5.64"y2="18.36"/><linex1="18.36"y1="5.64"x2="19.78"y2="4.22"/></svg></button></span></div><ulid=menu><li><ahref=https://blog.hillion.co.uk/categories/title=categories><span>categories</span></a></li><li><ahref=https://blog.hillion.co.uk/tags/title=tags><span>tags</span></a></li></ul></nav></header><mainclass=main><articleclass=post-single><headerclass=post-header><divclass=breadcrumbs><ahref=https://blog.hillion.co.uk/>Home</a> » <ahref=https://blog.hillion.co.uk/posts/>Posts</a></div><h1class=post-title>Jake's Weekly - 25th April 2022</h1><divclass=post-meta><spantitle='2022-04-25 11:00:00 +0000 UTC'>April 25, 2022</span> · 5 min · Jake Hillion</div></header><divclass=post-content><h2id=research-project>Research Project<ahiddenclass=anchoraria-hidden=truehref=#research-project>#</a></h2><h3id=dissertation-draft>Dissertation draft<ahiddenclass=anchoraria-hidden=truehref=#dissertation-draft>#</a></h3><p>A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available <ahref=https://www.overleaf.com/project/6227c8e96fcdc06e56454f24>here</a> on Overleaf (permissions required), <ahref=https://gitea.hillion.co.uk/JakeHillion/dissertation>here</a> on Gitea (no permissions required), and a current draft is available <ahref=dissertation.pdf>here</a>.</p><ul><li><p>Finished Table 1 (history of namespaces).</p><ul><li>I haven’t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite.</li><li>Some serious git commands were needed to find the commits where things were added. Once I found the commit citing them wasn’t too bad.</li><li>The version changelogs are horrible to cite. They used to be posted by Linus on the mailing list, but now they’re posted on a site that’s basically a Wiki (and referred to by Linus in the release email). Leaves a load of <code>noauthor</code> entries in my bibtex…</li></ul></li><li><p>Wrote a large section on mount namespaces (§3.1).</p><ul><li>I <em>finally</em> understand the horror show that is mount namespaces. The dissertation contains snippets of C and shell code that try to backup each thing I say clearly.</li><li>Made a commitment to myself to add these commits and versions to Wikipedia when I get the chance, making this much easier in future.</li><li>Cited some of the reasons these choices were made, in an attempt to provide a balanced view.</li><li>I have some thoughts on how this could be done from the ground up in a far better way, but didn’t include them as they aren’t particularly useful - hindsight is a wonderful thing.</li><li>There also might be a bug in the <code>MNT_DETACH</code> logic, but again I’m not sure I can fully back this up. Discussed more in the programming section of this post.</li></ul></li><li><p>Wrote sections on how each of the namespaces can be used to make a void.</p><ul><li>Haven’t yet completed <code>cgroup</code> and <code>user</code> namespaces, as they may need some extra work that isn’t currently present in the code. The rest provide an accurate view of how to provide the utmost separation.</li><li>There&
<ahref=https://git.io/hugopapermodrel=noopenertarget=_blank>PaperMod</a></span></footer><ahref=#toparia-label="go to top"title="Go to Top (Alt + G)"class=top-linkid=top-linkaccesskey=g><svgxmlns="http://www.w3.org/2000/svg"viewBox="0 0 12 6"fill="currentcolor"><pathd="M12 6H0l6-6z"/></svg></a><script>letmenu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();vart=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>varmybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>