Serge E. Hallyn wrote: > Quoting Cedric Le Goater (clg at fr.ibm.com): >>> The next steps are (not necessarily in order): >>> >>> 1. allow rm -rf to kill all processes under a >>> ns_container - with the intent of killing all >>> processes in a virtual server >>> >>> 2. implement transitioning into a populated container, >>> with the effect of setting the task's nsproxy to >>> the one represented by the container. >>> >>> 3. define a file for each type of namespace in each >> could that file be a directory exposing some critical data >> from each namespace ? > > it probably could be, but that might be confusing since subcontainers > are also directories. Would just putting the data into the namespace > files suffice? This isn't sysfs so no 1-value-per-file restrictions... ok. Would it be reasonable to use such a file to expose or hide network interfaces in an l3 network namespace ? what would be nice now is to rebase Paul's patchset on next -mm and see how we interact with it and the namespaces ? I already did such a merge a while ago but there was no connections between the features. We need to come to that point. I'll try again when andrew releases and include your patch, serge. regards, C.