Mark Nelson <[EMAIL PROTECTED]> writes: > Hi Paul and Eric, > > Do you guys have any objections to dropping the hijack_pid() and > hijack_cgroup() parts of sys_hijack, leaving just hijack_ns() (see > below for discussion)?
I need to step back and study what is being proposed. My gut feeling is that you are proposing something that does not support forking me a process inside a container so I can have a shell without having to run a login program. There is a reason I proposed ptrace as an initial prototype. All of the other uses of enter in a namespace context I feel confident we can support by just having proper virtual filesystems available to processes outside of the container. For monitoring and control. Eric - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html