On Fri, Dec 08, 2006 at 08:40:59AM -0600, Serge E. Hallyn wrote: > Quoting Herbert Poetzl (herbert at 13thfloor.at): > > > > just a question: why do we keep the fs (struct_fs) > > outside of nsproxy? > > Good question. So we have a mounts namespace, and you > would consider the per-process fs root to be an fs > namespace? Practically, it would mean that chroot > and pivot_mount would create a new nsproxy, but i guess > that's not a real problem. > > It might force us to stop our current lazy checks for > 'current->nsproxy==&init_nsproxy', since the pivot_mount > in early boot would make that not true. well, IMHO those are broken anyway, I can imagine a number of applications using private namespaces (the old ones) without running in 'containers' best, Herbert > -serge