Cedric Le Goater <clg@xxxxxxxxxx> writes: > ok. complete isolation would require 2 steps. I guess this is > acceptable because mq uses a fs > > allowing the host to see the child's /dev/mqueue is also 'a nice > to have' feature. unfortunately, we can't do that for all namespaces, > for sysvipc for example. So I'm wondering if we should allow it > at all ? Definitely. One of the lessons from the people doing monitoring is that it really is best done through a filesystem interface. You don't have to have it mounted and there are times you don't want to be able to mount a view into another namespace but having the option is nice. I'm torn because the more I look at the way posix message queues are implemented the more it looks like new versions of sys_open and sys_unlink should never have been written and it should have been a user space convention to always mount mqueuefs on /dev/mqueue. Just doing newinstance and having a pointer in nsproxy will get the job done, but it feels like we may have the opportunity to correct a blunder in the initial implementation. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
