semantics for namespace naming
haveblue at us.ibm.com
Fri Dec 15 09:08:55 PST 2006
On Thu, 2006-12-14 at 14:56 -0700, Eric W. Biederman wrote:
> Because that model fundamentally keeps every process in it's own
> container and never allows it to leave, nor does it allow things
> from one container to cross into another container in an uncontrolled
> fashion this feels to me like a very safe model.
This is like saying that brain surgery is safe and controlled because
the surgeon never actually goes into the patient's brain! :)
I think of ptrace as a pretty wide-open interface. While ptrace itself
has well-defined semantics, I could hardly consider using it in
production, nor would I want to be the one to write the userspace apps
to do the syscall futzing for each of Linux's architectures.
More information about the Containers