On 6/8/07, Serge E. Hallyn <[EMAIL PROTECTED]> wrote: > > I do fear that that could become a maintenance nightmare. For instance > right now there's the call to fsnotify_mkdir(). Other such hooks might > be placed at vfs_mkdir, which we'd then likely want to have placed in > our container_mkdir() and container_clone() fns. And of course > may_create() is static inline in fs/namei.c. It's trivial, but still if > it changes we'd want to change the version in kernel/container.c as > well.
Do we need to actually need to respect may_create() in container_clone()? I guess it would provide a way for root to control which processes could unshare namespaces. > > What would be the main advantage of doing it this way? Do you consider > the extra subys->auto_setup() hook to be avoidable bloat? > I was thinking that it would be nice to be able to atomically set up the resources in the new container at the point when it's created rather than later. But I guess this way can work too. Can we call it something like "clone()" rather than "auto_setup()"? Paul ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ ckrm-tech mailing list https://lists.sourceforge.net/lists/listinfo/ckrm-tech
