unshare() pid ns
Serge E. Hallyn
serue at us.ibm.com
Thu Aug 30 07:35:18 PDT 2007
Quoting Pavel Emelyanov (xemul at openvz.org):
> Serge E. Hallyn wrote:
> > Quoting Pavel Emelyanov (xemul at openvz.org):
> >> sukadev at us.ibm.com wrote:
> >>> Pavel,
> >>> unshare() of pid ns seems to fail with -EINVAL in 2.6.23-rc3-mm1.
> >>> I thought we supported it in the earlier patchsets. I guess
> >>> I missed that in the review of recent patchsets.
> >> I disabled unsharing of pid namespaces because it's almost
> >> impossible. Look - you have to reattach all the pids to the
> >> task with saving its ids as seen in previous namespaces.
> > We agree, but thought you for some perverse reason preferred unshare to
> > clone for pidns :)
> I did that in my first version of patches, but then realized
> that such problem (the need in reattaching pids) makes the
> unsharing ugly.
> BTW, unsharing of a pid namespace is a valid operation, so I
> think I will enable it in the nearest future. I have some
> thought on how to make such a reattach ;)
Of course it's not just the kernel ugliness, but also the userspace
ugliness, for instance the rumored (I haven't looked to confirm) caching
of pids by glibc.
But in the end if we can achieve symmetry between all the CLONE_NEW*
flags all the better.
More information about the Containers