[Devel] Re: [RFC][PATCH 6/6]: Enable unsharing pid namespace.
Eric W. Biederman
ebiederm at xmission.com
Tue Mar 13 02:01:26 PDT 2007
Cedric Le Goater <clg at fr.ibm.com> writes:
>> | > Index: lx26-20-mm2b/kernel/nsproxy.c
>> | > ===================================================================
>> | > --- lx26-20-mm2b.orig/kernel/nsproxy.c 2007-03-09 14:56:12.000000000 -0800
>> | > +++ lx26-20-mm2b/kernel/nsproxy.c 2007-03-09 15:03:05.000000000 -0800
>> | > @@ -83,13 +83,16 @@ int copy_namespaces(int flags, struct ta
>> | > struct nsproxy *old_ns = tsk->nsproxy;
>> | > struct nsproxy *new_ns;
>> | > int err = 0;
>> | > + int ns_all;
>> | >
>> | > if (!old_ns)
>> | > return 0;
>> | >
>> | > get_nsproxy(old_ns);
>> | >
>> | > - if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC)))
>> | > + ns_all = CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWPID;
>> | > +
>> |
>> | This doesn't quite seem to make sense why the extra intermediate variable?
>>
>> Will drop ns_all variable.
>
> well, in the patch reserving the pid namespace clone flags,
> we could define :
>
> #define NS_ALL (CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID)
>
> which is useful in many ways.
Yes. Especially if we structured it something like:
#ifdef CONFIG_PID_NS
#define CLONE_NEWPID_NSALL CLONE_NEWPID
#else
#define CLONE_NEWPID_NSALL
#endif
#define NS_ALL (CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID_NSALL)
So we have a natural way of disabling the pid namespace, until we are certain
it is complete and remove it from CONFIG_EXPERIMENTAL
Eric
_______________________________________________
Containers mailing list
Containers at lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
More information about the Devel
mailing list