On Thursday 03 December 2015 15:20:30 Andy Lutomirski wrote: > > * Netlink is designed for such type of workloads. It allows to expand > > the interface and save backward compatibility. It allows to generates > > packets with a different set of parameters. > > * If we use a file descriptor, we can create it and decrease > > capabilities of the current process. It's a good feature which will be > > unavailable if we decide to create a system call. > > If this is actually a real goal and it matters, then I'd suggest doing > it right. Make a way to create an fd that represents a pidns and, > specifically, the right to query non-secret properties of the > processes in the pidns. My first thought about doing an interface here was to create a virtual file system that can be queried rather than using netlink, but then I realized that the idea was to avoid procfs ;-) More seriously, maybe the answer is to have a transaction file in procfs itself. Procfs already knows about namespaces, so adding a /proc/task-diag file as the entry point into the kernel could get that out of the way. The simple_transaction infrastructure that we have is limited to a little under a page for the total data size, but something similar could be used. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html