[Devel] [PATCH rh7 v2] ve/devpts: Support per-VE mount namespace
Cyrill Gorcunov
gorcunov at virtuozzo.com
Wed Jul 22 05:32:25 PDT 2015
On Wed, Jul 22, 2015 at 03:16:38PM +0300, Vladimir Davydov wrote:
> >
> > 1) Simply mount devpts without newinstance option. That's how old containers
> > or ubuntu-14 container works: they simply mount devpts and don't consider
> > situation when they are working under lightweight virtualization environment.
> > For this we always provide per-container devpts instance making changes inside
> > kernel itself, so that containers don't see the node's devpts neither they
> > can reach other containers' devpts. Because of being a separate superblock
> > the CRIU notes that and adds @newinstance option into mount options which
>
> Does the first devpts mount performed by CRIU proceeds from VE context?
Yes. But this won't help. The key moment is that only init's devpts
should be hacked this way. Imagine container might have additional
calls to devpts without @newinstance which sould work as expected,
ie provide containers premounted devpts root.
> > >
> > > Yeah, that's what I mean, but you'll have to keep a reference to the
> > > super block rather than vfsmount on ve_struct for that.
> >
> > This won't help though with one shot first mount I fear.
>
> What do you mean by "one short first mount"?
I mean I'll have to use some kind of hack anyway :/
More information about the Devel
mailing list