Re: [RFC PATCH 0/5] Second attempt at contained helper execution

[Ian Kent <ikent@redhat.com>]

On Thu, 2015-01-15 at 11:27 -0500, J. Bruce Fields wrote:
> On Thu, Jan 15, 2015 at 08:26:12AM +0800, Ian Kent wrote:
> > On Wed, 2015-01-14 at 17:10 -0500, J. Bruce Fields wrote:
> > > > On Wed, Jan 14, 2015 at 05:32:22PM +0800, Ian Kent wrote:
> > > > > There are other difficulties to tackle as well, such as how to decide
> > > > > if contained helper execution is needed. For example, if a mount has
> > > > > been propagated to a container or bound into the container tree (such
> > > > > as with the --volume option of "docker run") the root init namespace
> > > > > may need to be used and not the container namespace.
> > > 
> > > I think you have to go through each of the existing upcall examples and
> > > decide what's needed for each.
> > > 
> > > At least for the nfsv4 idmapper I would've thought the namespace the
> > > mount was done in would be the right choice, hence my previous question.
> > 
> > Probably but you don't necessarily know what namespace the mount was
> > done in. It may have been propagated from another namespace or (although
> > I don't think it works yet) bound from another container using the
> > volumes-from docker option.
> 
> Name-id mappings should be associated with the superblock, I guess--so
> don't you store a pointer to the right thing there?

Quite possibly but my original point was, without an acceptable
mechanism to execute the helper we can't know what might need to be done
to use it.

> 
> --b.
> 
> > 
> > At least I believe that's a problem and I agree that, once a suitable
> > method of running helpers is found each case will need to be looked at.
> > 
> > Ian
> > 
> >