Re: per-process namespace?

From: Ram Pai
Date: Tue Jun 29 2004 - 17:26:15 EST

Next message: Bernd Eckenfels: "Re: possible arp table corruption [2.4.18]"
Previous message: viro: "Re: Disk copy, last sector problem"
In reply to: Ram Pai: "Re: per-process namespace?"
Next in thread: Mike Waychison: "Re: per-process namespace?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2004-06-29 at 14:10, Mike Waychison wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ram Pai wrote:
> > Is there a way for an application to
> > 1. fork its own namespace and modify it, and
> > 2. still be able to see changes to the system namespace?
> >
> > Al Viro's Per-process namespace implementation provides the first
> > feature. But is there any work done to do the second part? Is it worth
> > doing?
> >
> > RP
>
> In what sense?
>
> The current model has no definition for a 'system namespace'.

by 'system namespace' I mean the very first initial hand-crafted
namespace.

>
> Accessing /proc/<pid>/mounts where <pid> is running in a different
> namespace appears to work.

Are you sure? I dont see it to be the case. I just verified it on 2.6.7
/proc/<pid>/mounts is a file. However /proc/pid/root is a symbolic link
to the root directory of the process. So the process with a cloned
namespace wont be able to access it through its namespace.

> As well, you can always fchdir back into
> another namespace temporarily. As long as you don't reference any
> file/directories using absolute paths (including following symlinks),
> then you can already navigate the entire namespace.

If this feature is available then great!

>
> This falls apart though when there are no longer any processes keeping
> that namespace alive. When this happens, the vfsmount's are unstitched
> and you end up 'stuck' on a given mount :(.

> Another caveat is that the current system disallows you from doing any
> mount/umount's in another namespace (bogus security?)
> .
>
> - --
> Mike Waychison
> Sun Microsystems, Inc.
> 1 (650) 352-5299 voice
> 1 (416) 202-8336 voice
> http://www.sun.com
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NOTICE: The opinions expressed in this email are held by me,
> and may not represent the views of Sun Microsystems, Inc.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFA4dq9dQs4kOxk3/MRApkaAKCPe0Nw9QBZH425SZeOIvIzSzksUACfQk5D
> xLgBDN/dsmVMkAAD73mugiY=
> =8OEy
> -----END PGP SIGNATURE-----
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernd Eckenfels: "Re: possible arp table corruption [2.4.18]"
Previous message: viro: "Re: Disk copy, last sector problem"
In reply to: Ram Pai: "Re: per-process namespace?"
Next in thread: Mike Waychison: "Re: per-process namespace?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]