From: Mike Waychison <Michael.Waychison@Sun.COM>
To: Ram Pai <linuxram@us.ibm.com>
Cc: linux-kernel@vger.kernel.org, viro@parcelfarce.linux.theplanet.co.uk
Subject: Re: per-process namespace?
Date: Tue, 29 Jun 2004 17:10:21 -0400 [thread overview]
Message-ID: <40E1DABD.9000202@sun.com> (raw)
In-Reply-To: <1088534826.2816.38.camel@dyn319623-009047021109.beaverton.ibm.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ram Pai wrote:
> Is there a way for an application to
> 1. fork its own namespace and modify it, and
> 2. still be able to see changes to the system namespace?
>
> Al Viro's Per-process namespace implementation provides the first
> feature. But is there any work done to do the second part? Is it worth
> doing?
>
> RP
In what sense?
The current model has no definition for a 'system namespace'.
Accessing /proc/<pid>/mounts where <pid> is running in a different
namespace appears to work. As well, you can always fchdir back into
another namespace temporarily. As long as you don't reference any
file/directories using absolute paths (including following symlinks),
then you can already navigate the entire namespace.
This falls apart though when there are no longer any processes keeping
that namespace alive. When this happens, the vfsmount's are unstitched
and you end up 'stuck' on a given mount :(.
Another caveat is that the current system disallows you from doing any
mount/umount's in another namespace (bogus security?).
- --
Mike Waychison
Sun Microsystems, Inc.
1 (650) 352-5299 voice
1 (416) 202-8336 voice
http://www.sun.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: The opinions expressed in this email are held by me,
and may not represent the views of Sun Microsystems, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA4dq9dQs4kOxk3/MRApkaAKCPe0Nw9QBZH425SZeOIvIzSzksUACfQk5D
xLgBDN/dsmVMkAAD73mugiY=
=8OEy
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2004-06-29 21:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-29 18:47 per-process namespace? Ram Pai
2004-06-29 21:10 ` Mike Waychison [this message]
2004-06-29 22:10 ` viro
2004-06-29 23:22 ` Ram Pai
2004-06-30 13:15 ` Mike Waychison
2004-06-30 18:15 ` Ram Pai
2004-07-01 0:14 ` Serge E. Hallyn
2004-07-01 1:32 ` Ram Pai
2004-06-29 22:25 ` Ram Pai
2004-06-30 13:30 ` Mike Waychison
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40E1DABD.9000202@sun.com \
--to=michael.waychison@sun.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox