[PATCH 09/11] pidns: Add setns support

Eric W. Biederman ebiederm at xmission.com
Mon Nov 19 09:27:41 UTC 2012


Gao feng <gaofeng at cn.fujitsu.com> writes:

> 于 2012年11月17日 00:35, Eric W. Biederman 写道:
>> From: "Eric W. Biederman" <ebiederm at xmission.com>
>> 
>> - Pid namespaces are designed to be inescapable so verify that the
>>   passed in pid namespace is a child of the currently active
>>   pid namespace or the currently active pid namespace itself.
>> 
>>   Allowing the currently active pid namespace is important so
>>   the effects of an earlier setns can be cancelled.
>> 
>> Signed-off-by: Eric W. Biederman <ebiederm at xmission.com>
>> ---
>
> Hi Eric
>
> I noticed that,after we call setns to change task's pidns to container A's pidns.
> we can't see this task in container A's proc filesystem.
>
> Is this what we expected?

Only children move to the new pid namespace so yes.

Any other semantic requires ugly races with changing the pid of an
existing process.

Eric



More information about the Containers mailing list