On Wed, 22 May 2024, Hannes Reinecke wrote: > On 5/22/24 01:19, Eric Wheeler wrote: > > On Sun, 19 May 2024, Hannes Reinecke wrote: > >> On 5/18/24 00:04, Eric Wheeler wrote: > >>> On Fri, 17 May 2024, Hannes Reinecke wrote: > >>> > >>>> On 5/17/24 02:18, Eric Wheeler wrote: > >>>>> Hello everyone, > >>>>> > >>>>> Is there any work being done on namespaces for device-mapper targets, or > >>>>> for the block layer in general? > >>>>> > >>>>> For example, namespaces could make `dmsetup table` or `losetup -a` see > >>>>> only devices mapped in that name space. I found this article from to > >>>>> 2013, > >>>>> but it is quite old: > >>>>> https://lwn.net/Articles/564854/ > >>>>> > >>>>> If you know any more recent work on the topic that I would be > >>>>> interested. > >>>>> Thank you for help! > >>>>> > >>>> It is on my to-do list. > >>>> We sure should work on that one. > >>> > >>> How you envision hooking namespaces into the block layer? > >>> > >> Overall idea is to inherit devices from the original namespace. > >> - upon creation the new namespace inherits all devices from the > >> original ns. > > > > For namespace initialization, is there way to start with an empty > > namespace (no inherit), and only add devices the namespace that you would > > like to provide to the container? For example, you might want to provide a > > logical volume to the container and then let the container users do with > > they want in terms of creating new devices from that namespace-assigned > > "root level" device. > > > > Somehow it needs to be safe in terms of the container users changing the > > device mapper table spec of a "root level" device using `dmsetup reload > > --table`. > > > ... except that you can't add anything as you won't have a tty, and hence > can't start a shell. And you might not be able to call 'malloc', as glibc > cannot call mmap() on /dev/zero. Maybe I could have been more clear: I was asking about blockdev's not char devs. Of course there are many chardevs that are critical. So same question, but for blockdev's alone: Is there way to start with an empty namespace (no inherit), and only add devices to the namespace that you would like to provide to the container? Then the user can start with that blockdev and slice it up however they wish. -- Eric Wheeler > > And the plan is to be introduce namespaces for block devices, not for > character devices, so all character devices need to show up in all > namespaces. > > Cheers, > > Hannes > -- > Dr. Hannes Reinecke Kernel Storage Architect > hare@xxxxxxx +49 911 74053 688 > SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg > HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich > > >
