Eric W. Biederman wrote:
> Daniel Lezcano <daniel.lezcano@free.fr> writes:
> 
>>> I agree with that and that is a worthy discussion.
>>>
>>> One of the reasons I'm not too concerned is that sys_ptrace completely
>>> solves that problem today.  The syscall interface completely sucks for
>>> handling that case but it works.
>>>
>>> The one instance where we clearly need a way to talk about namespaces
>>> besides enter is for moving network interfaces between network
>>> namespaces and I haven't looked close yet but I don't think either
>>> Dmitry or Daniel in their network namespace patches was using this id.
>>>
>> Well, I don't do that for the moment, but I was planning to use the namespace
>> id.
> 
> To be very clear.
> - I completely agree we need an identifier for namespaces.
>   So far my vision is one per namespace not one per nsproxy.
> - I believe the identifier should be in one of the namespaces,
>   so we don't have problems with recursion.

a new nsproxy is created each time any namespace is unshared, so it's 
basically the same to use the nsproxy id. today you can identify 
any namespace by its nsproxy. that's how the bind_ns syscalls works. 

but he, let's see where the discussion brings us.

at least, we *agreed* that we need an id. now, let's find a location
for it and a way to bind to it.

> I want to be able to use things like the pam_namespace module in a
> guest.

It should be possible.

C.
_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers