Fine-grain virtualization in the GNU Hurd

Posted Apr 17, 2012 16:14 UTC (Tue) by civodul (guest, #58311)
Parent article: A new approach to user namespaces

> The implementation of a proper user namespace has always been a hard problem for a number of reasons.

The GNU Hurd implements PID management as part of its POSIX personality in the form of the proc server, whose interface is defined here. When a process is created via glibc's fork, it is introduced to a proc server, and one of its first actions is to ask it for its PID.

Since proc is "just another server", it can be virtualized: users can start their own instance of proc, and direct new programs to that proc instance. This way, processes can run in their own PID name space.

This foundation for fine-grain virtualization serves as the basis of higher-level virtualization approaches available on the Hurd, such as chroot, fakeroot, and complete sub-hurds.