Re: [RFC PATCH 0/5] Second attempt at contained helper execution

[Ian Kent]

On Wed, 2015-01-14 at 17:10 -0500, J. Bruce Fields wrote:
> > On Wed, Jan 14, 2015 at 05:32:22PM +0800, Ian Kent wrote:
> > > There are other difficulties to tackle as well, such as how to decide
> > > if contained helper execution is needed. For example, if a mount has
> > > been propagated to a container or bound into the container tree (such
> > > as with the --volume option of "docker run") the root init namespace
> > > may need to be used and not the container namespace.
> 
> I think you have to go through each of the existing upcall examples and
> decide what's needed for each.
> 
> At least for the nfsv4 idmapper I would've thought the namespace the
> mount was done in would be the right choice, hence my previous question.

Probably but you don't necessarily know what namespace the mount was
done in. It may have been propagated from another namespace or (although
I don't think it works yet) bound from another container using the
volumes-from docker option.

At least I believe that's a problem and I agree that, once a suitable
method of running helpers is found each case will need to be looked at.

Ian


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/