On Wed, Oct 8, 2014 at 4:08 AM, Andrew Vagin <avagin@xxxxxxxxxxxxx> wrote: > On Tue, Oct 07, 2014 at 01:45:22PM -0700, Eric W. Biederman wrote: >> Andrey Vagin <avagin@xxxxxxxxxx> writes: >> >> > From: Andrey Vagin <avagin@xxxxxxxxx> >> > >> > Currently when we create a new container with a separate root, >> > we need to clone the current mount namespace with all mounts and then >> > clean up it by using pivot_root(). A big part of mountpoints are cloned >> > only to be umounted. >> >> Is the motivation performance? Because if that is the motivation we >> need numbers. > > The major motivation to create a clean mount namespace which contains > only required mounts. > > Now you want to convince us that there is nothing wrong if we use > userns, because all inherited mounts are locked. My point is that all > useless mounts should be umounted. If the current root isn't on rootfs, > pivot_root() allows us to umount all useless points. But pivot_root() > doesn't work, if the current root is on rootfs. How can we umount > useless points in this case? > > Maybe we want to say that rootfs should not be used if we are going to > create containers... > Could we have an extra rootfs-like fs that is always completely empty, doesn't allow any writes, and can sit at the bottom of container namespace hierarchies? If so, and if we add a new syscall that's like pivot_root (or unshare) but prunes the hierarchy, then we could switch to that rootfs then. > Thanks, > Andrew > > -- > To unsubscribe from this list: send the line "unsubscribe linux-api" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
