Gao feng <[email protected]> writes: > 于 2012年11月17日 00:35, Eric W. Biederman 写道: >> From: "Eric W. Biederman" <[email protected]> >> >> - Pid namespaces are designed to be inescapable so verify that the >> passed in pid namespace is a child of the currently active >> pid namespace or the currently active pid namespace itself. >> >> Allowing the currently active pid namespace is important so >> the effects of an earlier setns can be cancelled. >> >> Signed-off-by: Eric W. Biederman <[email protected]> >> --- > > Hi Eric > > I noticed that,after we call setns to change task's pidns to container A's > pidns. > we can't see this task in container A's proc filesystem. > > Is this what we expected?
Only children move to the new pid namespace so yes. Any other semantic requires ugly races with changing the pid of an existing process. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
