Re: [patch -mm 0/4] mqueue namespace

From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Date: Thu, 19 Jun 2008 20:39:44 -0700

ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes:

One way to fix that is to add a hidden directory to the mnt namespace.
Where magic in kernel filesystems can be mounted. Only visible
with a magic openat flag. Then:

fd = openat(AT_FDKERN, ".", O_DIRECTORY)
fchdir(fd);
umount("./mqueue", MNT_DETACH);
mount(("none", "./mqueue", "mqueue", 0, NULL);

Would unshare the mqueue namespace.

Implemented for plan9 this would solve a problem of how do you get
access to all of it's special filesystems. As only bind mounts
and remote filesystem mounts are available. For linux thinking about
it might shake the conversation up a bit.

Thinking about this some more. What is especially attractive if we do
all namespaces this way is that it solves two lurking problems.
1) How do you keep a namespace around without a process in it.
2) How do you enter a container.

If we could land the namespaces in the filesystem we could easily
persist them past the point where a process is present in one if we so
choose.

Entering a container would be a matter of replacing your current
namespaces mounts with namespace mounts take from the filesystem.

I expect performance would degrade in practice, but it is tempting
to implement it and run a benchmark and see if we can measure anything.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow-Ups:
- Re: [patch -mm 0/4] mqueue namespace
  - From: Serge E. Hallyn

References:
- Re: [patch -mm 0/4] mqueue namespace
  - From: Eric W. Biederman

Prev by Date: Re: [Security] [PATCH 0/3 2.6.27] cxgb3i: Add iSCSI driver
Next by Date: Apple SMC key enumeration
Previous by thread: Re: [patch -mm 0/4] mqueue namespace
Next by thread: Re: [patch -mm 0/4] mqueue namespace
Index(es):
- Date
- Thread

Relevant Pages

Re: [PATCH] Send quota messages via netlink
... Are we able to find out in which "namespace type" we are ... You do want the unix user id, not the filesystem notion. ... uid 1000 in one user namespace versus uid 1000 in another namespace. ... machineA and machineB) listening on the netlink socket. ...
(Linux-Kernel)
[RFC] relinquish_fs() syscall
... relinquish_fsis a replacement for the chroottechnique ... Rather than using a directory on the normal filesystem it places the ... process in an alternate namespace. ... -static void __init init_mount_tree ...
(Linux-Kernel)
Re: [PATCH] Send quota messages via netlink
... So internal to the kernel we have such a universal identifier. ... It probably makes sense to do the struct user to ... The problem with the filesystem view is that there will be occasions ... contain the user namespace of whoever mounted the filesystem. ...
(Linux-Kernel)
Re: [PATCH 0/4] FS: userspace notification of errors
... stuff moved out from procfs into sysfs. ... Yeah, but mounted volumes are namespace dependent, and namespaces are ... but the "use sysfs for new stuff" does not count in this case. ... has the advantage that it nicely solves the problem with a filesystem ...
(Linux-Kernel)
Re: silent semantic changes with reiser4
... > filesystem starting point to emulate a new system call. ... can emulate some of the other stuff with open+ fchdir+ syscall, ... In that sense it is, indeed, the same namespace. ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)