| Re: Re: [RFC][PATCH 0/2] user namespace [try #2] [message #6080 is a reply to message #6072] |
Thu, 07 September 2006 17:55   |
Herbert Poetzl
Messages: 239
Registered: February 2006
|
Senior Member |
|
|
On Thu, Sep 07, 2006 at 08:09:38PM +0400, Kirill Korotaev wrote:
> >>imho this in acceptable for OpenVZ as makes VE files to be
> >>inaccessiable from host. At least this is how I understand your
> >>idea... Am I correct?
> >>
> >>
> >>>I assume the list of other things we'll need to consider includes
> >>> signals between user namespaces
> >>> keystore
> >>> sys_setpriority and the like
> >>>I might argue that all of these should be sufficiently protected
> >>>by proper setup by userspace. Can you explain why that is not
> >>>the case?
> >
> >
> >>The same requirement (ability to send signals from host to VE)
> >>is also applicable to signals.
> >
> >
> >at some point, we tried to move all cross context
> >signalling (from the host to the guests) into a special
> >context, but later on we moved away from that, because
> >it was much simpler and more intuitive to handle the
> >signalling with a separate syscall command
> I'm not sure what a separate context is for, but a separate syscall
> is definetely not a good idea.
care to explain _why_ you think so?
> >what I want to point out here is, that things like
> >sending signals across namespaces is something which
> >is not required to make this work
> well, people have different requirements...
of course, it's all about 'different' requirements ...
TIA,
Herbert
> Kirill
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
