Pavel Emelianov wrote: > Currently we have two funtions to copy the namespaces: > copy_namespaces() and unshare_nsproxy_namespaces(). The > second one checks for unsupported functionality with > > #ifndef CONFIG_IPC_NS > if (unshare_flags & CLONE_NEWIPC) > return -EINVAL; > #endif > > -like constructions, while the first one does not. One > of the side effects of this is that clone() with the > CLONE_NEWXXX set will return 0 if the kernel doesn't > support XXX namespaces thus confusing the user-level. > > The proposal is to make these calls clean from the ifdefs > and move these checks into each namespaces' stubs. This > will make the code cleaner and (!) return -EINVAL from > fork() in case the desired namespaces are not supported. > > Did I miss something in the design or this patch worth merging? I've sent a more brutal patch in the past removing CONFIG_IPC_NS and CONFIG_UTS_NS. Might be a better idea ? Let me refresh it and resend. C. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
