[Devel] Re: [RFC][PATCH] ns: Syscalls for better namespace sharing control.
Serge E. Hallyn
serue at us.ibm.com
Mon Mar 8 13:49:45 PST 2010
Quoting Eric W. Biederman (ebiederm at xmission.com):
> Daniel Lezcano <daniel.lezcano at free.fr> writes:
> I guess my meaning is I was expecting.
> child = fork();
> if (child == 0) {
> execve(...);
> }
> waitpid(child);
>
> This puts /bin/sh in the container as well.
>
> I'm not certain about the /proc/self thing I have never encountered that.
> But I guess if your pid is outside of the pid namespace of that instance
> of proc /proc/self will be a broken symlink.
>
> Eric
Hmm, worse than a broken symlink, will it be a wrong symlink if just
the right pid is created in the container?
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list