[Devel] [RFC] [PATCH 2/2] namespace enter: introduce sys_hijack (v3)
Serge E. Hallyn
serue at us.ibm.com
Mon Sep 10 12:17:43 PDT 2007
Quoting Paul Menage (menage at google.com):
> On 9/4/07, Serge E. Hallyn <serue at us.ibm.com> wrote:
> > We could of course have the ns_container subsystem do that. The
> > ns_container generally stick around until the admin does a manual rm on
> > its directory, so this way we could keep the nsproxy around.
>
> So how about taking sys_hijack() even further and integrate it with
> control groups too? So when you do sys_hijack() (or maybe an
> alternative name would be sys_fork_in()?) you create a task that
> inherits all the control groups of the target task, as well as the
> namespaces.
>
> Paul
Sorry don't know why i haven't replied to this.
Good point. I see container_fork(p) takes the container from current.
I can change that to container_fork(src, dest) in my next posting.
Is there any reason why we wouldn't want to do that? For instance a
container admin could impose some restrictions which would keep the host
admin from doing something through sys_hijack()? (Not sure that's a big
worry since the restrictions would apply to the container admin as well)
thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list