Eric W. Biederman wrote: > Pavel Emelianov <xemul@xxxxxxxxxx> writes: > >> This is the largest patch in the set. Make all (I hope) >> the places where the pid is shown to or get from user >> operate on the virtual pids. >> >> An exception is copy_process - it was in one of the >> previous patches - and the proc - this will come as a >> separate patch. > > > This is progress. However you don't currently handle the > case of sending a signal from one namespace to another or > passing unix credentials from one namespace to another. That's true. Sending of signal from parent ns to children is tricky question. It has many solutions, I wanted to discuss which one is better: 1. Make an "unused" pid in each namespace and use it when signal comes from outside. This resembles the way it is done in OpenVZ. 2. Send the signal like it came from the kernel. > In particular we need to know the pid of the source task > in the destination namespace. But the source task is not always visible in dst. In this case we may use pid, that never exists in the destination, just like it was kill run from bash by user. > Eric > _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
