From: Glauber Costa <glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
To: Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
kir-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org,
Serge Hallyn
<serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Michael Kerrisk
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH] allow a task to join a pid namespace
Date: Tue, 5 Jun 2012 13:37:10 +0400 [thread overview]
Message-ID: <4FCDD346.9090008@parallels.com> (raw)
In-Reply-To: <4FCDD315.502-GANU6spQydw@public.gmane.org>
On 06/05/2012 01:36 PM, Daniel Lezcano wrote:
> On 06/04/2012 03:33 PM, Glauber Costa wrote:
>> Currently, it is possible for a process to join existing
>> net, uts and ipc namespaces. This patch allows a process to join an
>> existing pid namespace as well.
>>
>> For that to remain sane, some restrictions are made in the calling process:
>>
>> * It needs to be in the parent namespace of the namespace it wants to jump to
>> * It needs to sit in its own session and group as a leader.
>>
>> The rationale for that, is that people want to trigger actions in a Container
>> from the outside. For instance, mainstream linux recently gained the ability
>> to safely reboot a container. It would be desirable, however, that this
>> action is triggered from an admin in the outside world, very much like a
>> power switch in a physical box.
>>
>> This would also allow us to connect a console to the container, provide a
>> repair mode for setups without networking (or with a broken one), etc.
>
> Hi Glauber,
>
> I am in favor of this patch but I think the pidns support won't be
> complete and some corner-cases are not handled.
>
> May be you can look at Eric's patchset [1] where, IMO, everything is
> taken into account. Some of the patches may be already upstream.
>
> Thanks
> -- Daniel
I don't remember seeing such patchset in the mailing lists, but that
might be my fault, due to traffic...
I'll take a look. If it does what I need, I can just drop this.
Thanks
next prev parent reply other threads:[~2012-06-05 9:37 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-04 13:33 [PATCH] allow a task to join a pid namespace Glauber Costa
[not found] ` <1338816828-25312-1-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-06-04 16:51 ` Oleg Nesterov
[not found] ` <20120604165117.GA13091-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-06-05 9:30 ` Daniel Lezcano
2012-06-05 17:18 ` Eric W. Biederman
2012-06-05 9:36 ` Daniel Lezcano
[not found] ` <4FCDD315.502-GANU6spQydw@public.gmane.org>
2012-06-05 9:37 ` Glauber Costa [this message]
[not found] ` <4FCDD346.9090008-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-06-05 10:00 ` [Devel] " Glauber Costa
[not found] ` <4FCDD8A0.1070608-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-06-05 12:52 ` Daniel Lezcano
[not found] ` <4FCE0101.6010908-GANU6spQydw@public.gmane.org>
2012-06-05 12:53 ` Glauber Costa
[not found] ` <4FCE0157.4080007-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-06-05 13:18 ` Daniel Lezcano
2012-06-05 17:39 ` Eric W. Biederman
2012-06-05 11:33 ` Glauber Costa
2012-06-06 18:29 ` Eric W. Biederman
2012-06-05 16:49 ` Eric W. Biederman
2012-06-06 8:54 ` Glauber Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FCDD346.9090008@parallels.com \
--to=glommer-bzqdu9zft3wakbo8gow8eq@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=daniel.lezcano-GANU6spQydw@public.gmane.org \
--cc=devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=kir-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).