> This patch isn't a core part of the clone_with_pid functionality, > just something Eric has asked for. So I don't object to dropping > it. But I disagree with Alexey's claim that this isn't a namespace > property. It should be.
OK >> frankly I don't see the reason for doing so. Why should we? >> Especially taking into account, that we essentially cannot >> change thin in the namespace level 3 and deeper? > > What do you mean by that? With this patchset we're not, it's > true, but we trivially can - even now, userspace can simply not > give the container CAP_SYS_ADMIN or write access to the sysctl > so they can't do any more CLONE_NEWPIDS or change the sysctl. It's a misprint - I meant "level 2 and deeper". Sysctl is only pointing at the init_pid_ns variable. > -serge > -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
