Re: RFC: Multiple instances of kernel namespaces.
From: Serge E. Hallyn
Date: Fri Jan 20 2006 - 15:12:24 EST
Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
>
> At this point I have to confess I have been working on something
> similar, to IBM's pid virtualization work. But I have what is at
> least for me a unifying concept, that makes things easier to think
> about.
>
> The idea is to think about things in terms of namespaces. Currently
> in the kernel we have the fs/mount namespace already implemented.
>
> Partly this helps on what the interface for creating a new namespace
> instance should be. 'clone(CLONE_NEW<NAMESPACE_TYPE>)', and how
> it should be managed from the kernel data structures.
>
> Partly thinking of things as namespaces helps me scope the problem.
>
> Does this sound like a sane approach?
And a bonus of this is that for security and vserver-type applications,
the CLONE_NEWPID and CLONE_NEWFS will often happen at the same time.
How do you (or do you?) address naming namespaces? This would be
necessary for transitioning into an existing namespace, performing
actions on existing namespaces (i.e. checkpoint, migrate to another
machine, enter the namespace and kill pid 521), and would just be
useful for accounting purposes, i.e. how else do you have a
"ps --all-namespaces" specify a process' namespace?
Doubt we want to add an argument to clone(), so do we just add a new
proc, sysfs, or syscall for setting a pid-namespace name?
Do we need a new syscall for transitioning into an existing namespace?
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/