Quoting Jamie Lokier ([email protected]):
> [email protected] wrote:
> > Right, sys_unshare(), as per Janak's patch. Does it lack anything which
> > you would need?
>
> For creating new namespaces to be held by a daemon for handing out to
> user processes on demand, it's no more convenient than clone().
I see.
My use for namespaces is to simply customize the fs view on login, so
sys_unshare is more convenient than clone because it now allows a pam
library to switch namespaces, which was either impossible or hard to do
using clone. Making namespaces first-class objects should also work,
since the namespaces can just be set up in advance and then entered from
inside a pam library.
Still I'd agree with Eric. It'd be good to see just how much we can do
with the ability to clone a namespace outside of clone(). Going back to
the daemon handing out namespaces... why can't you just take your
earlier example of /var/namespaces/NS1, etc, where you just create a
bunch of fs trees under the /var/namespaces directory using bind mounts,
and then login or pam does
sys_unshare(CLONE_NEWNS);
chdir(/var/namespaces/NS3)
pivot_root(/var/namespaces/NS3, tmp)
umount(tmp, MNT_DETACH)
chroot .
?
No daemon needed...
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
