From: Ram <linuxram@us.ibm.com>
To: Jamie Lokier <jamie@shareable.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
7eggert@gmx.de, ericvh@gmail.com, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, smfrench@austin.rr.com,
hch@infradead.org
Subject: Re: [RCF] [PATCH] unprivileged mount/umount
Date: Wed, 11 May 2005 15:42:13 -0700 [thread overview]
Message-ID: <1115851333.6248.225.camel@localhost> (raw)
In-Reply-To: <20050511212810.GD5093@mail.shareable.org>
On Wed, 2005-05-11 at 14:28, Jamie Lokier wrote:
> Ram wrote:
> > What if proc filesystem is removed from the kernel?
> >
> > Ability to access some other namespace through the proc filesystem does
> > not look clean. I think it should be cleanly supported through VFS.
>
> You don't have to use /proc/NNN/root - that's just one convenient way
> to do it.
>
> Other ways are
>
> run_in_namespace mount -t bind / /var/namespaces/$NAME
>
> and
>
> clone + open("/") + pass to parent using unix socket
>
> which I think both work already.
>
> > Also cd'ing into a new namespace just allows you to browse through
> > the other namespace. But it does not effectively change the process's
> > namespace. Things like mount in the other namespace will be failed
> > by check_mount() anyway.
>
> That's correct.
>
> > I think, we need sys calls like sys_cdnamespace() which switches to a
> > new namespace.
>
> Can you give a reason why sys_chdir() shouldn't have that behaviour?
Do you mean to say you want to change the namespace when a process
changes to a directory which belongs to that namespace?
Well it makes it totally confusing. A user would start seeing different
set of mounts suddenly as he changes directories beloning to different
namespaces. I am not sure, if changing namespace implicitly is a good
idea. Not saying its a bad idea, but seems to change my notion of
namespaces completely.
I think a process should have access to one
namespace at any given point in time, and should have the ability
to explicitly switch to a different namespace of its choice, provided
it has enough access permission to that namespace.
having the ability to access two namespaces simultaneously can allow
cross contamination. Which essentially makes namespaces as a concept
irrelevent.
RP
>
> > Effectively the process's current->namespace has to be modified,
> > for the process to be effectively work in the new namespace.
>
> Or just remove current->namespace. It's entire purpose seems to be to
> prevent namespaces from being first class objects. The idea of
> "current namespace" is adequately represented by
> current->fs->mnt_root->mnt_namespace IMHO.
>
> -- Jamie
next prev parent reply other threads:[~2005-05-11 22:42 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <406SQ-5P9-5@gated-at.bofh.it>
[not found] ` <40rNB-6p8-3@gated-at.bofh.it>
[not found] ` <40t37-7ol-5@gated-at.bofh.it>
[not found] ` <42VeB-8hG-3@gated-at.bofh.it>
[not found] ` <42WNo-1eJ-17@gated-at.bofh.it>
2005-05-11 16:41 ` [RCF] [PATCH] unprivileged mount/umount Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-05-11 17:07 ` Jamie Lokier
2005-05-11 18:49 ` Miklos Szeredi
2005-05-11 19:05 ` serue
2005-05-11 19:46 ` Bodo Eggert
2005-05-11 20:40 ` Miklos Szeredi
2005-05-11 21:11 ` Jamie Lokier
2005-05-12 3:05 ` serue
2005-05-11 19:35 ` Ram
2005-05-11 20:31 ` Miklos Szeredi
2005-05-11 21:28 ` Jamie Lokier
2005-05-11 22:42 ` Ram [this message]
2005-05-11 22:58 ` Eric Van Hensbergen
2005-05-12 1:02 ` Jamie Lokier
2005-05-12 2:18 ` Eric Van Hensbergen
2005-05-12 6:45 ` Jamie Lokier
2005-05-12 13:23 ` Eric Van Hensbergen
2005-05-12 13:47 ` serue
2005-05-12 15:16 ` Jamie Lokier
2005-05-12 12:51 ` serue
2005-05-12 18:51 ` Miklos Szeredi
2005-05-12 19:56 ` Jamie Lokier
2005-05-13 8:55 ` Miklos Szeredi
2005-05-13 1:10 ` Ram
2005-05-13 6:06 ` Miklos Szeredi
2005-05-13 7:25 ` Ram
2005-05-13 8:59 ` Ram
2005-05-13 9:10 ` Miklos Szeredi
2005-05-13 16:53 ` Ram
2005-05-13 17:14 ` Miklos Szeredi
2005-05-13 18:44 ` Alan Cox
2005-05-13 20:56 ` Bryan Henderson
2005-05-12 0:59 ` Jamie Lokier
2005-05-13 6:41 ` Ram
2005-05-11 21:09 ` Jamie Lokier
2005-05-11 21:20 ` Miklos Szeredi
2005-05-11 21:32 ` Jamie Lokier
2005-05-11 19:32 ` Bodo Eggert
2005-05-11 21:23 ` Jamie Lokier
2005-05-11 21:34 ` Miklos Szeredi
2005-05-11 21:36 ` Jamie Lokier
2005-05-12 3:08 ` serue
2005-05-03 14:31 Miklos Szeredi
2005-05-04 13:08 ` Eric Van Hensbergen
2005-05-04 14:21 ` Miklos Szeredi
2005-05-04 14:51 ` Eric Van Hensbergen
2005-05-04 15:21 ` Miklos Szeredi
2005-05-11 8:51 ` Christoph Hellwig
2005-05-11 10:31 ` Miklos Szeredi
2005-05-12 21:08 ` Bryan Henderson
2005-05-13 5:47 ` Miklos Szeredi
2005-05-13 7:19 ` Jan Hudec
2005-05-13 8:33 ` Miklos Szeredi
2005-05-13 23:09 ` Bryan Henderson
2005-05-14 6:58 ` Miklos Szeredi
2005-05-16 18:35 ` Bryan Henderson
2005-05-14 11:49 ` Jamie Lokier
2005-05-04 13:47 ` Martin Waitz
2005-05-04 14:34 ` Miklos Szeredi
2005-05-11 8:53 ` Christoph Hellwig
2005-05-11 8:48 ` Christoph Hellwig
2005-05-11 10:20 ` Miklos Szeredi
2005-05-16 9:34 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1115851333.6248.225.camel@localhost \
--to=linuxram@us.ibm.com \
--cc=7eggert@gmx.de \
--cc=ericvh@gmail.com \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=smfrench@austin.rr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).