From: Ram <linuxram@us.ibm.com>
To: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Cc: Jamie Lokier <jamie@shareable.org>,
Eric Van Hensbergen <ericvh@gmail.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call
Date: Wed, 20 Apr 2005 11:33:16 -0700 [thread overview]
Message-ID: <1114021996.4920.168.camel@localhost> (raw)
In-Reply-To: <20050420170921.GT13052@parcelfarce.linux.theplanet.co.uk>
On Wed, 2005-04-20 at 10:09, Al Viro wrote:
> On Wed, Apr 20, 2005 at 09:51:26AM -0700, Ram wrote:
> > Reading through the thread I assume the requirement is:
> >
> > 1) A User being able to create his own VFS-mount environment
> > 2) being able to use the same VFS-mount environment from
> > multiple login sessions.
> > 3) Being able to switch some processes to some other
> > VFS-mount environment.
>
> Excuse me, but could somebody give coherent rationale for such requirements?
> _Especially_ for joining existing group by completely unrelated process -
> something we don't do for any other component of process.
Would it be wrong to do (3) if access-controlled properly? Currently the
only way to share the same namespace is to inherit it, which is possible
only if the process belongs to the heridity chain of the creator of the
namespace.
I extracted the requirement (3) from this discussion
--------------------------------------------------------------------
> We think namespaces are a nice way to do that: making a user-owned
> filesystem only visible to a user. But the mechanism of CLONE_NEWNS
> does not work, because it presumes namespace divisions are only
> propagated over parent-child divisions, like environment variables.
> What we really want is a mount point that propagates across all the
> processes owned by one user, but is not there for other users.
This is almost certainly bogus. Same user can easily want several
different environments set on the same box.
--------------------------------------------------------------------
RP
> -
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2005-04-20 18:33 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-19 22:13 [RFC][2.6 patch] Allow creation of new namespaces during mount system call Eric Van Hensbergen
2005-04-19 22:23 ` Al Viro
2005-04-19 23:53 ` Eric Van Hensbergen
2005-04-20 3:33 ` Al Viro
2005-04-20 9:45 ` Jamie Lokier
2005-04-20 10:27 ` Al Viro
2005-04-20 12:03 ` Jamie Lokier
2005-04-20 12:39 ` Al Viro
2005-04-20 16:51 ` Ram
2005-04-20 17:09 ` Al Viro
2005-04-20 17:53 ` Miklos Szeredi
[not found] ` <a4e6962a0504201107518416e9@mail.gmail.com>
2005-04-20 18:18 ` Eric Van Hensbergen
2005-04-20 18:34 ` Miklos Szeredi
2005-04-20 20:43 ` Jamie Lokier
2005-04-20 20:54 ` Al Viro
2005-04-20 22:16 ` Jamie Lokier
2005-04-20 21:08 ` Al Viro
2005-04-20 22:19 ` Jamie Lokier
2005-04-20 18:00 ` Eric Van Hensbergen
2005-04-20 18:33 ` Ram [this message]
2005-04-20 22:04 ` Jamie Lokier
2005-04-30 8:56 ` Christoph Hellwig
2005-04-30 15:01 ` Jamie Lokier
2005-05-11 9:05 ` Christoph Hellwig
2005-04-21 7:33 ` Mount bind filehandle (Was: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call) Jan Hudec
2005-04-21 8:09 ` Christoph Hellwig
2005-04-21 9:32 ` Jan Hudec
2005-04-20 18:57 ` [RFC][2.6 patch] Allow creation of new namespaces during mount system call Bryan Henderson
2005-04-20 19:37 ` Miklos Szeredi
2005-04-21 0:08 ` Bryan Henderson
2005-04-21 8:06 ` Miklos Szeredi
2005-04-21 13:33 ` [RFC][patch] mount permissions (was: [RFC][2.6 patch] Allow ...) Miklos Szeredi
2005-04-21 16:57 ` [RFC][2.6 patch] Allow creation of new namespaces during mount system call Bryan Henderson
2005-04-20 20:51 ` Al Viro
2005-04-21 0:23 ` Bryan Henderson
2005-04-21 0:32 ` Al Viro
2005-04-21 8:10 ` Christoph Hellwig
2005-04-20 21:09 ` Ram
2005-04-21 0:42 ` Bryan Henderson
2005-04-21 19:10 ` Ram
2005-04-20 18:25 ` Bryan Henderson
2005-04-20 12:48 ` Jan Hudec
2005-04-20 22:13 ` Jamie Lokier
2005-04-21 10:09 ` Jan Hudec
2005-04-21 18:44 ` Jamie Lokier
2005-04-21 18:52 ` Hiding secrets from root (Was: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call) Jan Hudec
2005-04-21 20:35 ` Jamie Lokier
2005-04-20 13:14 ` [RFC][2.6 patch] Allow creation of new namespaces during mount system call Eric Van Hensbergen
2005-04-20 13:55 ` Eric Van Hensbergen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1114021996.4920.168.camel@localhost \
--to=linuxram@us.ibm.com \
--cc=ericvh@gmail.com \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox