[snip]
| Maybe it's worth disabling cross-namespaces ptracing...
I think so too. Its probably not a serious limitation ?
Several people think we will implement 'namespace entering' through a
ptrace hack, where maybe the admin ptraces the init in a child pidns,
Why not implement namespace entering w/o any hacks? :)
makes it fork, and makes the child execute what it wants (i.e. ps -ef).
You're talking about killing that functionality?
No. We're talking about disabling the things that are not supposed
to work at all.
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
