[Devel] [RFC] [PATCH 2/2] namespace enter: introduce
sys_hijack (v3)
Dave Hansen
haveblue at us.ibm.com
Tue Sep 4 12:06:18 PDT 2007
On Tue, 2007-09-04 at 07:50 -0500, Serge E. Hallyn wrote:
> > What do you do if there are no processes in a particular container?
>
> The nsproxy will have been released so you couldn't enter it anyway.
Yeah, we'd need some kind of other object to keep the nsproxy around and
hold a reference to it.
But, it also begs other questions about how we define the namespace
boundaries vs. containers. What if we have a normal container with
chroot'd process inside of it? Two such processes will not share an
nsproxy because the chroot'd one has switched filesystem namespaces.
Who is to say that the "container" is represented by one process's
nsproxy more than another?
-- Dave
More information about the Containers
mailing list