[Devel] Re: [RFC][PATCH 1/2] add user namespace [try #2]
Eric W. Biederman
ebiederm at xmission.com
Mon Sep 11 04:16:51 PDT 2006
Cedric Le Goater <clg at fr.ibm.com> writes:
> Herbert Poetzl wrote:
>>
>> resource (could be limits and/or accounting),
>> lightweight-net, (maybe fs in contrast to vfs)
>
> I guess we're reaching the limits anyway and it would not leave much room
> in the clone flags for other features not related to containers.
>
> It's not like we're adding one or two, we would take at least 6 : uts, ipc,
> user, pid, net, time, etc. I'm sure ideas to extend the list will come when
> this is in use ...
I think the resource is possibly real, as at least ubc introduces
a new set of global names, and yet another global namespace sucks.
Something I now need to challenge the implementors on.
If we do a lightweight net I don't think it will be a namespace.
Because isolation does needs separate names, just some sort of filtering
mechanism.
I think being tight here is in some sense a virtue, as it forces
us to think very carefully about adding yet another namespace :)
Eric
More information about the Devel
mailing list