From: Glauber Costa <glommer@parallels.com>
To: Daniel Lezcano <daniel.lezcano@free.fr>
Cc: <linux-kernel@vger.kernel.org>, <cgroups@vger.kernel.org>,
<devel@openvz.org>, <kir@parallels.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Oleg Nesterov <oleg@redhat.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Tejun Heo <tj@kernel.org>
Subject: Re: [PATCH] allow a task to join a pid namespace
Date: Tue, 5 Jun 2012 13:37:10 +0400 [thread overview]
Message-ID: <4FCDD346.9090008@parallels.com> (raw)
In-Reply-To: <4FCDD315.502@free.fr>
On 06/05/2012 01:36 PM, Daniel Lezcano wrote:
> On 06/04/2012 03:33 PM, Glauber Costa wrote:
>> Currently, it is possible for a process to join existing
>> net, uts and ipc namespaces. This patch allows a process to join an
>> existing pid namespace as well.
>>
>> For that to remain sane, some restrictions are made in the calling process:
>>
>> * It needs to be in the parent namespace of the namespace it wants to jump to
>> * It needs to sit in its own session and group as a leader.
>>
>> The rationale for that, is that people want to trigger actions in a Container
>> from the outside. For instance, mainstream linux recently gained the ability
>> to safely reboot a container. It would be desirable, however, that this
>> action is triggered from an admin in the outside world, very much like a
>> power switch in a physical box.
>>
>> This would also allow us to connect a console to the container, provide a
>> repair mode for setups without networking (or with a broken one), etc.
>
> Hi Glauber,
>
> I am in favor of this patch but I think the pidns support won't be
> complete and some corner-cases are not handled.
>
> May be you can look at Eric's patchset [1] where, IMO, everything is
> taken into account. Some of the patches may be already upstream.
>
> Thanks
> -- Daniel
I don't remember seeing such patchset in the mailing lists, but that
might be my fault, due to traffic...
I'll take a look. If it does what I need, I can just drop this.
Thanks
next prev parent reply other threads:[~2012-06-05 9:39 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-04 13:33 [PATCH] allow a task to join a pid namespace Glauber Costa
2012-06-04 16:51 ` Oleg Nesterov
2012-06-05 9:30 ` Daniel Lezcano
2012-06-05 17:18 ` Eric W. Biederman
2012-06-05 9:36 ` Daniel Lezcano
2012-06-05 9:37 ` Glauber Costa [this message]
2012-06-05 10:00 ` [Devel] " Glauber Costa
2012-06-05 12:52 ` Daniel Lezcano
2012-06-05 12:53 ` Glauber Costa
2012-06-05 13:18 ` Daniel Lezcano
2012-06-05 17:39 ` Eric W. Biederman
2012-06-05 11:33 ` Glauber Costa
2012-06-06 18:29 ` Eric W. Biederman
2012-06-05 16:49 ` Eric W. Biederman
2012-06-06 8:54 ` Glauber Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FCDD346.9090008@parallels.com \
--to=glommer@parallels.com \
--cc=cgroups@vger.kernel.org \
--cc=daniel.lezcano@free.fr \
--cc=devel@openvz.org \
--cc=ebiederm@xmission.com \
--cc=kir@parallels.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=serge.hallyn@canonical.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox