Namespaces exhausted CLONE_XXX bits problem

Serge E. Hallyn serue at
Mon Jan 14 08:32:46 PST 2008

Quoting Cedric Le Goater (clg at
> to be more precise :
> 	long sys_clone_something(struct clone_something_args args) 
> and 
> 	long sys_unshare_something(struct unshare_something_args args) 
> The arg passing will be slower bc of the copy_from_user() but we will 
> still have the sys_clone syscall for the fast path.
> C.

I'm fine with the direction you're going, but just as one more option,
we could follow more of the selinux/lsm approach of first requesting
clone/unshare options, then doing the actual clone/unshare.  So
something like

	sys_clone(usual args)


	echo pid,mqueue,user,ipc,uts,net > /proc/self/clone_unshare


More information about the Containers mailing list