From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ram <linuxram@us.ibm.com>
Subject: Re: [RCF] [PATCH] unprivileged mount/umount
Date: Wed, 11 May 2005 12:35:39 -0700
Message-ID: <1115840139.6248.181.camel@localhost>
References: <406SQ-5P9-5@gated-at.bofh.it> <40rNB-6p8-3@gated-at.bofh.it>
	 <40t37-7ol-5@gated-at.bofh.it> <42VeB-8hG-3@gated-at.bofh.it>
	 <42WNo-1eJ-17@gated-at.bofh.it> <E1DVuHG-0006YJ-Q7@be1.7eggert.dyndns.org>
	 <20050511170700.GC2141@mail.shareable.org>
	 <E1DVwGn-0002BB-00@dorka.pomaz.szeredi.hu>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Cc: jamie@shareable.org, 7eggert@gmx.de, ericvh@gmail.com,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	smfrench@austin.rr.com, hch@infradead.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from e5.ny.us.ibm.com ([32.97.182.145]:33454 "EHLO e5.ny.us.ibm.com")
	by vger.kernel.org with ESMTP id S262030AbVEKTgS (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 11 May 2005 15:36:18 -0400
To: Miklos Szeredi <miklos@szeredi.hu>
In-Reply-To: <E1DVwGn-0002BB-00@dorka.pomaz.szeredi.hu>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Wed, 2005-05-11 at 11:49, Miklos Szeredi wrote:
> > > > How about a new clone option "CLONE_NOSUID"?
> > > 
> > > IMO, the clone call ist the wrong place to create namespaces. It should be
> > > deprecated by a mkdir/chdir-like interface.
> > 
> > And the mkdir/chdir interface already exists, see "cd /proc/NNN/root".
> 
> That's the chdir part.

What if proc filesystem is removed from the kernel?

Ability to access some other namespace through the proc filesystem does
not look clean. I think it should be cleanly supported through VFS.

Also cd'ing into a new namespace just allows you to browse through
the other namespace. But it does not effectively change the process's
namespace.  Things like mount in the other namespace will be failed
by check_mount() anyway.

I think, we need sys calls like sys_cdnamespace() which switches to a
new namespace. 

Effectively the process's current->namespace has to be modified,
for the process to be effectively work in the new namespace.


> 
> The mkdir part is clone() or unshare().

 clone/unshare will give you the ability to share/unshare a know
namespace. But to share some arbitrary namespace to which a process
has access rights to.

> How else do you propose to create new namespaces?
> 

RP


> Miklos
> -
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html