Dan Smith wrote: > NL> I'd like there to be some discussion about this, because namespace > NL> creation seems like a significant addition to the semantics of > NL> restart as I understand it. > > Indeed. > > NL> Is namespace creation during restart unavoidable, or merely > NL> desirable? Is there a case for requiring the user to provide a > NL> suitable namespace environment before attempting restart? > > Information about the namespaces has to be saved at checkpoint time no > matter what, right? I guess I don't see any compelling reason to not > have the restart operation replicate the environment of the original > process. Otherwise we require userspace to read and interpret the > checkpoint stream and selectively feed the bits that the kernel is > responsible for to the kernel and process the rest itself (or have the > kernel ignore those records). > Assuming you have a process and this one unshared the network 100 times and each time opens a socket, how do you checkpoint these namespaces ? > What's the argument for depending on userspace to set this up? > Maybe, CR of the namespaces is more complicate topic than it looks like and the CR itself is big enough to not complicate things. IMHO, I would recommend as the first step to forbid the unshare inside a container and let the container implementation to save the configuration with the statefile in order to recreate it at the restart _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
