| |||||||||||||
Namespaces in operation, part 1: namespaces overviewNamespaces in operation, part 1: namespaces overviewPosted Jan 9, 2013 1:17 UTC (Wed) by hallyn (subscriber, #22558)Parent article: Namespaces in operation, part 1: namespaces overview
Hi Michael, thanks for the great writeup. Wanted to point out one thing. I'm sure this will be expanded upon in a later article, but
> A process can see (e.g., view via /proc/PID and send signals with kill()) only processes contained in its own PID namespace and the namespaces nested below that PID namespace.
That's true in the process' own (newly mounted) procfs. But the contents of a procfs mount are determined by the superblock, which is determined by the pidns in which it was mounted. The contents of a procfs mount are not determined by the pidns of the reader.
Therefore, if I unshare a new pidns (and don't mount a new proc), I can look under the old /proc and see information on the tasks my the parent pidns. Or for that matter mount -t proc proc /mnt, and see the old proc under /proc and new proc under /mnt. (Note that one thing we don't (yet) have is an easy way to determine which tasks are the same.)
(Log in to post comments)
Namespaces in operation, part 1: namespaces overview Posted Jan 9, 2013 1:44 UTC (Wed) by mkerrisk (editor, #1978) [Link] Therefore, if I unshare a new pidns (and don't mount a new proc), I can look under the old /proc and see information on the tasks my the parent pidns. Or for that matter mount -t proc proc /mnt, and see the old proc under /proc and new proc under /mnt. (Note that one thing we don't (yet) have is an easy way to determine which tasks are the same.) Oops, yes of course! I knew this, but somehow forgot as I wrote that piece. Thanks for the correction, Serge. I've added a small strikethrough in the article.
|
|||||||||||||