Re: [RCF] [PATCH] unprivileged mount/umount

[serue]

Quoting Jamie Lokier (jamie@xxxxxxxxxxxxx):
> serue@xxxxxxxxxx wrote:
> > Right, sys_unshare(), as per Janak's patch.  Does it lack anything which
> > you would need?
> 
> For creating new namespaces to be held by a daemon for handing out to
> user processes on demand, it's no more convenient than clone().

I see.

My use for namespaces is to simply customize the fs view on login, so
sys_unshare is more convenient than clone because it now allows a pam
library to switch namespaces, which was either impossible or hard to do
using clone.  Making namespaces first-class objects should also work,
since the namespaces can just be set up in advance and then entered from
inside a pam library.

Still I'd agree with Eric.  It'd be good to see just how much we can do
with the ability to clone a namespace outside of clone().  Going back to
the daemon handing out namespaces...  why can't you just take your
earlier example of /var/namespaces/NS1, etc, where you just create a
bunch of fs trees under the /var/namespaces directory using bind mounts,
and then login or pam does

	sys_unshare(CLONE_NEWNS);
	chdir(/var/namespaces/NS3)
	pivot_root(/var/namespaces/NS3, tmp)
	umount(tmp, MNT_DETACH)
	chroot .
?

No daemon needed...

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/