On Wed, Apr 20, 2005 at 10:45:58AM +0100, Jamie Lokier wrote: > For FUSE, what's needed is that a user can mount something, and the > mounted fs is visible only to that user, but it's visible to _all_ of > the user's processes.
So get that namespace as soon as you log in. > We think namespaces are a nice way to do that: making a user-owned > filesystem only visible to a user. But the mechanism of CLONE_NEWNS > does not work, because it presumes namespace divisions are only > propagated over parent-child divisions, like environment variables. > What we really want is a mount point that propagates across all the > processes owned by one user, but is not there for other users. This is almost certainly bogus. Same user can easily want several different environments set on the same box. > - Have a namespace per user. The user's namespace will be entered > by the "login" program somehow. Trivial right now - just have libpam do that. > - All logins to the same user acquire the same per-user namespace. > This isn't possible at the moment; it would be a kernel extension > + administrative change to login. No. Identical setup at login time - sure. Enforced _single_ namespace is just plain wrong. Moreover, "all user's processes" is the wrong answer to practically any question (well, aside of "what processes do you kill when you get rid of luser's account"). - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
