Multiple instances of the process id namespace
|| ||email@example.com (Eric W. Biederman)|
|| ||[RFC][PATCH 0/20] Multiple instances of the process id namespace|
|| ||Mon, 06 Feb 2006 12:19:30 -0700|
Herbert Poetzl <firstname.lastname@example.org>,
"Serge E. Hallyn" <email@example.com>,
Alan Cox <firstname.lastname@example.org>,
Dave Hansen <email@example.com>,
Arjan van de Ven <firstname.lastname@example.org>,
Suleiman Souhlal <ssouhlal@FreeBSD.org>,
Hubertus Franke <email@example.com>,
Cedric Le Goater <firstname.lastname@example.org>,
Kyle Moffett <email@example.com>,
Kirill Korotaev <firstname.lastname@example.org>, Greg <email@example.com>,
Linus Torvalds <firstname.lastname@example.org>,
Andrew Morton <email@example.com>, Greg KH <firstname.lastname@example.org>,
Rik van Riel <email@example.com>,
Alexey Kuznetsov <firstname.lastname@example.org>,
Andrey Savochkin <email@example.com>,
Kirill Korotaev <firstname.lastname@example.org>, Andi Kleen <email@example.com>,
Benjamin Herrenschmidt <firstname.lastname@example.org>,
Jeff Garzik <email@example.com>,
Trond Myklebust <firstname.lastname@example.org>,
Jes Sorensen <email@example.com>|
There have been several discussions in the past month about how
to do a good job of implementing a subset of user space that
looks like it has the system to itself. Essentially making
chroot everything it could be. This is my take on what
the implementation of a pid namespace should look like.
What follows is a real patch set that is sufficiently complete
to be used and useful in it's own right. There are a few areas
of the kernel where the patchset does not reach, mostly these
cause the compile to fail. In addition a good thorough review
still needs to be done. This patchset does paint a picture
of how I think things should look.
From the kernel community at large I am asking:
Does the code look generally sane?
Does the use of clone to create a new namespace instance look
like the sane approach?
Hopefully this code is sufficiently comprehensible to allow a good
discussion to come out of this.
Thanks for your time,
p.s. My apologies at the size of the CC list. It is very hard to tell who
the interested parties are, and since there is no one list we all subscribe
to other than linux-kernel how to reach everyone in a timely manner. I am
copying everyone who has chimed in on a previous thread on the subject. If
you don't want to be copied in the future tell and I will take your name off
of my list.