[Ksummit-2010-discuss] checkpoint-restart: naked patch
Alexey Dobriyan
adobriyan at gmail.com
Fri Nov 19 08:25:13 PST 2010
On Fri, Nov 19, 2010 at 6:10 PM, Tejun Heo <tj at kernel.org> wrote:
> Well, if you ask me, having pidns w/o a way to reinstate PID from
> userland is pretty silly
No.
Chrome uses CLONE_PID so that exploit couldn't attach to processes in
parent pidns.
> and you and I might not know yet but it's
> quite imaginable that there will be other use cases for the capability
> unlike in-kernel CR. Kernel provides building blocks not the whole
> frigging package and for very good reasons.
Speaking of pids, pid's value itself is never interesing (except maybe pid 1).
It's a cookie.
CLONE_SET_PID came up only now because only C/R wants it.
More information about the Containers
mailing list