[Devel] Re: [RFC][PATCH 5/6] Define helper functions to unshare pid namespace
Eric W. Biederman
ebiederm at xmission.com
Sun Mar 11 04:47:42 PDT 2007
sukadev at us.ibm.com writes:
> From: Sukadev Bhattiprolu <sukadev at us.ibm.com>
> Subject: [RFC][PATCH 5/6] Define helper functions to unshare pid namespace
>
> Define clone_pid_ns() and unshare_pid_ns() functions that will be
> used in the next patch to unshare pid namespace.
>
> Changelog:
> - Rewrite of orignal code in -lxc from Cedric Le Goater to enforce
> setsid() requirement on unshare().
Why do we need a setsid() before we unshare?
I know it is almost always the correct thing to do but what requires
the setsid?
Doing the setsid before we switch pid namespaces appears the wrong
order to me.
I am not convinced that unshare can be done safely for a pid
namespace. Changing the meaning or definition of pid on a running
process is questionable.
Eric
_______________________________________________
Containers mailing list
Containers at lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
More information about the Devel
mailing list