On Thu, Mar 13, 2014 at 10:55:16AM -0700, Andy Lutomirski wrote:
[..]
> >> 2. Docker is a container system, so use the "container" (aka
> >> namespace) APIs. There are probably several clever things that could
> >> be done with /proc/<pid>/ns.
> >
> > pid is racy, if it weren't I would simply go straight
> > to /proc/<pid>/cgroups ...
>
> How about:
>
> open("/proc/self/ns/ipc", O_RDONLY);
> send the result over SCM_RIGHTS?
As I don't know I will ask. So what will server now do with this file
descriptor of client's ipc namespace.
IOW, what information/identifier does it contain which can be
used to map to pre-configrued per container/per namespace policies.
Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
