[RFC][PATCH 1/2] add user namespace [try #2]
Kirill Korotaev
dev at sw.ru
Tue Sep 12 06:57:54 PDT 2006
Eric W. Biederman wrote:
> Kirill Korotaev <dev at sw.ru> writes:
>
>
>>BTW...
>>
>>
>>>--- 2.6.18-rc4-mm3.orig/include/linux/sched.h
>>>+++ 2.6.18-rc4-mm3/include/linux/sched.h
>>>@@ -26,6 +26,7 @@
>>>#define CLONE_STOPPED 0x02000000 /* Start in stopped state */
>>> #define CLONE_NEWUTS 0x04000000 /* New utsname group? */
>>> #define CLONE_NEWIPC 0x08000000 /* New ipcs */
>>>+#define CLONE_NEWUSER 0x10000000 /* New user */
>>
>>we have place for 3 namespaces more only.
>>Does anyone have a plan what to do then?
>>I warned about this at the beginning when we were discussing the interfaces
>>and this flags soon going to be exhausted, so probably it is time to
>>do something in advance...
>
>
> Actually there is another unused bit in the middle :)
> Plus there are a bunch of bits that unshare can use but clone can't.
:))) I suggest to write HOWTO-select-unused-bits in CodingStyle :))
> Plus what other namespaces are on the todo list?
> We have network, and pid, and time.
I think more.
proc-ns,
sysfs-ns,
printk-ns or syslog-ns?: syslog should be virtualized
and more...
semi-namespaces:
fs-ns (should regulate which filesystems are accessiable from container, but
probably this is not exact name space... need to think over...),
dev-ns (should regulate which devices are accessiable from container)
Thanks,
Kirill
More information about the Containers
mailing list