Oleg Nesterov <oleg@xxxxxxxxxx> writes:
> Eric. I understand that it is too late to discuss this. And yes, I simply
> do not understand the problem space, I never used containers.
>
> But, stupid question. Let's ignore the pid_ns-specific oddities.
>
> 1. Ignoring setns(), why do we need /proc/pid/ns/ ?
>
> 2. Why setns() requires /proc/pid/ns/ ? IOW, why it can't be
>
> sys_setns(pid_t pid, int clone_flags)
> {
> truct task_struct *tsk = find_task_by_vpid(pid);
> struct nsproxy *target = get_nsproxy(tsk->nsproxy);
>
> new_nsproxy = create_new_namespaces(...);
>
> if (clone_flags & CLONE_NEWNS)
> mntns_install(...);
> if (clone_flags & CLONE_NEWIPC)
> ipcns_install(...);
> ...
> }
>
> I feel I missed something trivial, but what?
It is a question of naming.
The problem I set out to solve when all of this was introduced was how
to name namespaces without introducing yet another namespace.
The solution to the naming problem that I finally found was to introduce
something I could mount.