On 08/27/2015 04:13 PM, Cyril Hrubis wrote: > Hi! >>>> In addition, there are probably going to be some problems with >>>> capability bits when calling execve(2) after doing setns on user ns >>>> (see capabilities(7), "Thread capability sets"). >>>> >>>> Yes, user namespaces are even bigger PITA than pid namespaces. :) >>> >>> Looks like that. >>> >> >> Maybe the best solution would be explicit getopt-like switches, telling >> exec_ns which namespaces and in which order to setns. > > I came to this conclusion as well. It does not need to be getopt-like, > maybe just list of namespaces to join, the important part is that the > order would be preserved.
./ns_exec 1234 mnt pid uts ls / seems a bit confusing to me. Maybe use just $2 and comma-separate the names? (Also for ns_create, for consistency.) pid=$(./ns_create pid,mnt,uts,net) ./ns_exec $pid mnt,pid ls / > > I would just accept the parameters the same way as the ns_create does, > i.e. list of argv parameters. And handle them in two passes, first one > would check that the parameters are correct and the second pass would > actually call the setns() one by one in the order they were specified. The first pass would be checking by open(2)-ing already, which needs to be done due to mount (ie. old /proc not available in the new ns) and pid (old pid invalid) namespaces. > ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
