namespace and nsproxy syscalls

Serge E. Hallyn serue at us.ibm.com
Tue Sep 26 05:56:49 PDT 2006


Quoting Cedric Le Goater (clg at fr.ibm.com):
> Hello all,
> 
> A while ago, we expressed the need to have a new syscall specific to
> namespaces. the clone and unshare are good candidates but we are reaching
> the limit of the clone flags and clone has been hijacked enough. 
> 
> So, I came up with unshare_ns. the patch for the core feature follows
> the email. Not much difference with unshare() for the moment but it gives
> us the freedom to diverge when new namespaces come in. I have faith also ! 
> If you feel it's useful, i'll send the full patchset for review on the list.
> 
> I'd like to discuss of another syscall which would allow a process to
> bind to a set of namespaces ( == nsproxy == container) : 
> 
> 	bind_ns(ns_id_t id, int flags) 

What about just using a pid instead of introducing some ns_id_t?  I'm
guessing that any time you want to bind to some other nsproxy, it will
be the nsproxy of a decendent nsproxy, so even if it is in a new
pidspace, you will have a pid in your pidspace to reference it.

-serge



More information about the Containers mailing list