[Devel] Re: Network isolation with RLIMIT_NETWORK, cont'd.
Bryan Donlan
bdonlan at gmail.com
Thu Dec 17 10:24:50 PST 2009
On Thu, Dec 17, 2009 at 12:31 PM, Mark Seaborn <mrs at mythic-beasts.com> wrote:
> Maybe we could fix (b) by making mount namespaces into first class objects
> that can be named through a file descriptor, so that one process can
> manipulate another process's namespace without itself being subject to the
> namespace.
Can this be done using openat() and friends currently? It would seem
the natural way to implement this; open /proc/(pid)/root, then
openat() things from there (or even chdir to it and see the mounts
that it sees from there...)
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list