On Thu, Dec 14, 2006 at 09:36:31AM -0600, Serge E. Hallyn wrote: [lot of stuff zapped here] > Quoting Cedric Le Goater (clg at fr.ibm.com): > > how do you enter only a subset of namespaces of a nsproxy/container > > and not all of it ? > > one container corresponds to one nsproxy which is one set of > namespaces. Are you asking how you would only switch your pid > namespace but keep your network namespace as the original? > > I'm not sure that's something we want/need to support. I can, we use this for several purposes, one is to extend or modify the VFS namespace by mounting or unmounting filesystems _into_ the guest > (Can you cite a use case?) > But since I haven't specified how to ask for the nsproxy switch > anyway, it's too early to ask how we add a flag to specify a > namespace subset :) we (Linux-VServer) extended the set/enter_namespace command to take a flag mask similar to unshare (only 64bit wide :) to allow for 'selecting' the proper spaces note: the nsproxy a context is referring to can also be changed this way, and a priviledged process can enter each guest space separately ... [more stuff zapped here] best, Herbert