[CRIU] [PATCH 04/14] namespaces: take into account USERNS id
Andrew Vagin
avagin at parallels.com
Tue Oct 28 05:37:15 PDT 2014
On Tue, Oct 28, 2014 at 12:18:19PM +0400, Pavel Emelyanov wrote:
> On 10/14/2014 03:38 PM, Andrey Vagin wrote:
> > and return an error, if a proccess live in another userns,
> > because criu doesn't support it.
> >
> > Signed-off-by: Andrey Vagin <avagin at openvz.org>
>
> I have a generic question about it. Let's imagine two
> scenarios.
>
> 1.
>
> unshare(USERNS);
> unshare(NETNS);
>
> 2.
>
> unshare(NETNS);
> unshare(USERNS);
>
> AFAIU the concept, after both the task would live in separate
> user and net namespaces, this will be reflected in /proc/pid/ns
> links, but there will be fundamental difference between these
> two: in the first case the netns would be "owned" bu userns and
> task will have capabilities in in, while in the 2nd scenario,
> the net namespace would be "owned" by the previous task's namespace
> and it will not have many caps.
>
> Am I right? If yes, do we detect it in this set? Can we?
I will try to detect these cases and criu will report an error in a
second case for now. I don't think it's interesting for anyone now.
>
> Thanks,
> Pavel
>
>
More information about the CRIU
mailing list