Jeff Layton <jlayton@xxxxxxxxxx> wrote: > Ideally we'd like to run the upcall in the same set of namespaces that > the user process initiating the activity is running. Unfortunately, that's not necessarily good enough. A process could see, for example, a mounted network fs that it can interact with that has a different network namespace to the one in that the process is in. This is an issue that the in-kernel AFS fs has a particular problem with because there is a userspace management tool suite that uses AF_RXRPC sockets, but calling socket() will open it in the calling process's namespace, not the target filesystem's namespace. I think we need some sort of pin that you can put in the namespace map that says that for certain combinations of namespaces, you come to this pin and service requests here, in the set of namespaces at this point. David -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html