[PATCH 10/15] Make each namespace has its own proc tree
Dave Hansen
haveblue at us.ibm.com
Thu Jul 26 10:38:58 PDT 2007
On Thu, 2007-07-26 at 18:54 +0400, Pavel Emelyanov wrote:
>
> + if (flags & MS_KERNMOUNT)
> + ns = (struct pid_namespace *)data;
> + else
> + ns = current->nsproxy->pid_ns;
So, a current /proc mount doesn't use the data pointer at all?
Instead of having a brand spanking new mount flag that only one FS uses,
how about creating a new fs_type for the internal proc mounts?
We could have proc_fs_type and proc_fs_kernel_type each with a quick
stub ->get_sb function to find the correct pid_ns and pass it into the
real proc_get_sb().
But, the basic problem still boils down to the fact that we don't want
random people mounting random pid_ns's /procs. If we set up rules for
that, like that you can mount childrens' /proc but not parents', I think
this might just fall out and work.
-- Dave
More information about the Containers
mailing list