[Devel] [PATCH] namespaces: introduce sys_hijack (v4)
Serge E. Hallyn
serue at us.ibm.com
Tue Oct 16 07:37:44 PDT 2007
Quoting Paul Menage (menage at google.com):
> One thought on this - could we make the API have a "which" parameter
> that indicates the type of thing being acted upon? E.g., like
> sys_setpriority(), which can specify the target as a process, a pgrp
> or a user.
>
> Right now the target would just be a process, but I'd really like the
> ability to be able to specify an fd on a cgroup directory to indicate
> that I want the child to inherit from that cgroup's namespaces. That
> way you wouldn't need to keep a child process alive in the namespace
> just to act as a hijack target.
Good idea. I would in fact originally have taken a cgroup instead of a
pid, but wasn't sure how best to identify the cgroup. Originally I was
more worried about pid exiting/wraparound, but then decided that with a
real container the container_init can't go away until the container goes
away anyway.
Anyway, I can go ahead and add 'int which' to the parameter list now,
and leave the details of how to specify a cgroup for later. That way at
least the api won't fundamentally change again.
Good idea, thanks.
-serge
More information about the Containers
mailing list