Am 06.06.2013 09:53, schrieb Daniel P. Berrange:
On Wed, Jun 05, 2013 at 11:23:07PM +0200, Richard Weinberger wrote:
virProcessGetNamespaces() opens files in /proc/XXX/ns/ which will
later be passed to setns().
We have to make sure that the file descriptors in the array are in the correct
order. Otherwise setns() may fail.
What is the scenario / cause of the failure ?
You cannot attach to namespaces in random order.
For example with user namespaces an unprivileged can enter other namespaces.
But to do so you have to enter the user namespace first and then
the other ones.
Same for mnt and pid, if you enter the mnt namespace before pid
your procfs will go nuts.
Thanks,
//richard
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list