[CRIU] [PATCH 04/14] namespaces: take into account USERNS id

Pavel Emelyanov xemul at parallels.com
Tue Oct 28 01:18:19 PDT 2014


On 10/14/2014 03:38 PM, Andrey Vagin wrote:
> and return an error, if a proccess live in another userns,
> because criu doesn't support it.
> 
> Signed-off-by: Andrey Vagin <avagin at openvz.org>

I have a generic question about it. Let's imagine two
scenarios.

1.

  unshare(USERNS);
  unshare(NETNS);

2.

  unshare(NETNS);
  unshare(USERNS);

AFAIU the concept, after both the task would live in separate
user and net namespaces, this will be reflected in /proc/pid/ns
links, but there will be fundamental difference between these
two: in the first case the netns would be "owned" bu userns and
task will have capabilities in in, while in the 2nd scenario,
the net namespace would be "owned" by the previous task's namespace
and it will not have many caps.

Am I right? If yes, do we detect it in this set? Can we?

Thanks,
Pavel




More information about the CRIU mailing list