[RFC] ns containers (v2): namespace entering
Herbert Poetzl
herbert at 13thfloor.at
Tue Mar 13 06:16:54 PDT 2007
On Mon, Mar 12, 2007 at 10:00:34AM -0700, Dave Hansen wrote:
> On Sat, 2007-03-10 at 02:36 +0100, Herbert Poetzl wrote:
> > you mount a filesystem inside a namespace, so that
> > only the guest will see it (in theory) now you somehow
> > show that in the namespace copy too (on the host system)
> > and if some task decides to go camping there (cd into
> > that) it might keep the guest from unmounting that
> > device without ever knowing why ... or do you have some
> > smart solution to that?
>
> What is the actual issue here?
> That an underlying device might still be in use,
yes, after thinking about it, it might not be such
an issue after all, because in 95% of all cases,
this is only a problem for the host admin, and can
be prevented by simply _not_ doing that ...
> or that the container user has a directory they don't want
> mounted sitting in their fs tree?
that shouldn't actually happen no? if the guest
is allowed to do unmounts, then the mount can be
removed from inside, if not, then the mount has to
be part of the guest configuration, so no problem
there IMHO
thanks,
Herbert
> -- Dave
More information about the Containers
mailing list