>>imho this in acceptable for OpenVZ as makes VE files to be >>inaccessiable from host. At least this is how I understand your >>idea... Am I correct? >> >> >>>I assume the list of other things we'll need to consider includes >>> signals between user namespaces >>> keystore >>> sys_setpriority and the like >>>I might argue that all of these should be sufficiently protected >>>by proper setup by userspace. Can you explain why that is not >>>the case? > > >>The same requirement (ability to send signals from host to VE) >>is also applicable to signals. > > > at some point, we tried to move all cross context > signalling (from the host to the guests) into a special > context, but later on we moved away from that, because > it was much simpler and more intuitive to handle the > signalling with a separate syscall command I'm not sure what a separate context is for, but a separate syscall is definetely not a good idea. > what I want to point out here is, that things like > sending signals across namespaces is something which > is not required to make this work well, people have different requirements... Kirill