From: ebiederm@xmission.com (Eric W. Biederman)
To: "Zbigniew Jędrzejewski-Szmek" <zbyszek@in.waw.pl>
Cc: Karel Zak <kzak@redhat.com>, util-linux@vger.kernel.org
Subject: Re: [PATCH 2/5] nsenter: add --all meaning all namespaces and cwd and root
Date: Fri, 25 Jan 2013 09:44:50 -0800 [thread overview]
Message-ID: <87pq0tjgx9.fsf@xmission.com> (raw)
In-Reply-To: <20130125163924.GT4278@in.waw.pl> ("Zbigniew \=\?utf-8\?Q\?J\=C4\=99drzejewski-Szmek\=22's\?\= message of "Fri, 25 Jan 2013 17:39:24 +0100")
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> writes:
> On Fri, Jan 25, 2013 at 04:02:10PM +0100, Karel Zak wrote:
>> On Mon, Jan 21, 2013 at 01:38:02AM -0500, Zbigniew Jędrzejewski-Szmek wrote:
>> > I guess that most of the time one will want to enter all
>> > namespaces, and then it is easier not to have to remember
>> > all the option names.
>>
>> Not sure if this is the right argument. From my point of view it's
>> better to be explicit for such things, something like --all sounds
>> like a magical blackbox where semantic depends on features implemented
>> by kernel and nsenter(1).
Which is the reason I did not implement --all in the first place,
although it is attractive.
> Hi,
>
> I'm was trying to document how a user should enter a namespace
> container created by systemd-nspawn. I would prefer not to have the
> user type 'nsenter -t $PID -muipn', but something simpler.
As I see it nsenter is the raw tool for when you need to get your
hands dirty. lxc already has a more integrated version. And
it isn't hard to define a simple wrapper such as:
cat > systemd-nsenter <<EOF
#!/bin/sh
PID=$1
shift
exec nsenter -t $PID --mount --ipc --pid --net --uts "$@"
EOF
If you need things to be slightly simpler and it isn't worth deriving
your own c wrapper.
I assume you didn't include -U because systemd-nspawn doesn't create
a user namespace?
Of course at the point you wrap nsenter you probably want to have
something that takes a name and looks at a pid file I expect.
> What about an alternative patch, which implements --all which means:
> "all namespaces supported by the kernel" (i.e. iterate over /proc/$PID/ns/*'
> and enter all of them. This way the behaviour would depend only on the
> kernel options, not on util-linux version.
If we add another namespace will it have oddball semantics to worry
about? So far the mount namespace, the user namespace, and the pid
namespace do. So judging from history you have a 50/50 chance of
needing special code in nsenter. I don't expect blinding iterarting
over /proc/[pid]/ns/* will remove the need for future changes to
nsenter if and when we add another namespace.
What will keep from breaking peoples scripts is to not have an option
that is ambiguous.
Eric
next prev parent reply other threads:[~2013-01-25 17:45 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-21 6:38 [PATCH 0/5] nsenter,unshare: small usability improvements Zbigniew Jędrzejewski-Szmek
2013-01-21 6:38 ` [PATCH 1/5] nsenter: allow arguments to be specified in any order Zbigniew Jędrzejewski-Szmek
2013-01-25 14:52 ` Karel Zak
2013-01-21 6:38 ` [PATCH 2/5] nsenter: add --all meaning all namespaces and cwd and root Zbigniew Jędrzejewski-Szmek
2013-01-25 15:02 ` Karel Zak
2013-01-25 16:39 ` Zbigniew Jędrzejewski-Szmek
2013-01-25 17:44 ` Eric W. Biederman [this message]
2013-01-25 17:59 ` Zbigniew Jędrzejewski-Szmek
2013-01-27 15:45 ` Ángel González
2013-01-28 2:38 ` Eric W. Biederman
2013-01-28 20:41 ` Ángel González
2013-01-21 6:38 ` [PATCH 3/5] nsenter: respect --exec no matter where it appears Zbigniew Jędrzejewski-Szmek
2013-01-25 15:02 ` Karel Zak
2013-01-25 15:07 ` Zbigniew Jędrzejewski-Szmek
2013-01-25 15:23 ` Karel Zak
2013-01-21 6:38 ` [PATCH 4/5] nsenter: rename --exec/-e to --no-fork/-F Zbigniew Jędrzejewski-Szmek
2013-01-25 15:03 ` Karel Zak
2013-01-21 6:38 ` [PATCH 5/5] unshare: add --all meaning all namespaces Zbigniew Jędrzejewski-Szmek
2013-01-25 15:04 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pq0tjgx9.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=kzak@redhat.com \
--cc=util-linux@vger.kernel.org \
--cc=zbyszek@in.waw.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox