Hi! > >> In addition, there are probably going to be some problems with > >> capability bits when calling execve(2) after doing setns on user ns > >> (see capabilities(7), "Thread capability sets"). > >> > >> Yes, user namespaces are even bigger PITA than pid namespaces. :) > > > > Looks like that. > > > > Maybe the best solution would be explicit getopt-like switches, telling > exec_ns which namespaces and in which order to setns.
I came to this conclusion as well. It does not need to be getopt-like, maybe just list of namespaces to join, the important part is that the order would be preserved. I would just accept the parameters the same way as the ns_create does, i.e. list of argv parameters. And handle them in two passes, first one would check that the parameters are correct and the second pass would actually call the setns() one by one in the order they were specified. -- Cyril Hrubis chru...@suse.cz ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
