[PATCH 2 of 2] lock: include Linux pid namespace identifier in prefix

[Jun Wu]

Excerpts from Gregory Szorc's message of 2017-02-13 17:22:59 -0700:
> 
> > On Feb 13, 2017, at 12:55, Augie Fackler <raf at durin42.com> wrote:
> > 
> >> On Fri, Feb 10, 2017 at 04:50:55PM -0800, Jun Wu wrote:
> >> I'd like to note that although this patch prevents repo corruption when
> >> running hg inside different containers (which has different pid namespaces),
> >> it does not prevent deadlock - if an hg process is SIGKILL-ed, every other
> >> process will not able to take or remove the lock.
> > 
> > Sigh. Thanks for the fix, queued (and a fist shaken at this weird/poor
> > choice from linux containers.)
> 
> Process namespaces (see clone(2) man page) are a really nifty security
> feature. Unfortunately they do have the side effect of invalidating
> assumptions made since the beginning of UNIX.
> 
> This patch is a step in the right direction. However, it's worth calling
> out that not all containers have a proc filesystem. There have been
> security vulns due to containers having access to procfs. So it is common
> to reduce attack surface area by not mounting it.

I'm aware of that. Also note that /proc could be in a different pidns -
without an explicit remount, it just shows things as seen from the parent
pidns:

    str(os.getpid())     != basename(os.readlink('/proc/self'))
    # pid in this pidns,    pid in the original (parent) pidns

Therefore I wrote in the commit message:

    It depends on /proc being mounted properly. But I don't think there is a
    better way to get pid namespace identifier reliably.