Quoting Miklos Szeredi ([EMAIL PROTECTED]):
> > Not objecting to prctl(), but two other options would be
> >
> > 1. add a CLONE_NEW_NS_USERMNT flag - kind of ugly, but that is
> > the time at which the ns is created, so in that sense it
> > makes sense.
>
> Yes, I thought about this, but there's no easy way to set the flag for
> the initial namespace, and a second flag CLONE_NEW_NS_NOUSERMNT would
> be needed to turn off the flag.
Not mentioning it would 'turn it off' for the cloned ns, but the default
value for the initial namespace is still a problem.
> > 2. use the nsproxy container subsystem (see Paul Menage's
> > containers patchset) to set this using, e.g.,
> >
> > echo 1 > /containers/vserver1/mounts/usermount
>
> That again would lose some flexibility: only namespaces which
> are part of a container could be manipulated.
In the nsproxy subsystem, every namespace gets a container so
long as the nsproxy subsystem is mounted.
> Does that exclude the
> initial namespace?
No, the initial namespace is tied to the root dentry - so if as my
example was assuming youve done
mount -t container -o ns none /containers
then to change the setting for the initial namespace you would
echo 0 > /containers/mounts/usermount
> Also how would a process find out which vserver it is running in?
cat /proc/$$/container
-serge
-
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
