On Wed, 2005-04-20 at 05:47, Eric Van Hensbergen wrote: > On 4/19/05, Ram <[EMAIL PROTECTED]> wrote: > > On Tue, 2005-04-19 at 18:24, Eric Van Hensbergen wrote: > > > > > > Is this sufficient to cover any exposure? What's the correct solution > > > for the shared sub-trees RFC? Should there be something similar for > > > user mounts/binds? > > > > A new namespace in a shared subtree realm can create number-of- > > private-namespaces number of mounts or binds depending on the number of > > binds and mounts in the shared tree. > > > > for example if there were 10 shared vfsmounts in the original > > namespace, a new private namespace will duplicate 10 of these, and > > any mount or bind attempted in any of these vfsmounts will double the > > number of mounts and binds. > > > > Hence probably you may want to keep a tab on the number mounts and > > binds a user does, instead of keeping a tab on the number of namespaces > > a user creates. > > > > Yeah, that does make a lot more sense, I suppose in the worst case a > user is guaranteed to not have more namespaces than processes anyways. > So, should the count of mounts be inclusive of mounts the user > inherits, or only the ones he creates? I suppose as a resource limit, > it should probably cover both.
Yes I think it should be both. It should be the sum total of all the mounts that exists in all the user-created-namespaces. I would not add "the mounts that propogated to some other namespace because of a mount in the user's namespace" towards the total, because those mounts are for some other user/namespace. RP > > -eric - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
