Dan Smith wrote: > DL> I guess it will be esay to implement with a nsproxy level counter. > DL> Each time you unshare, the new nsproxy count is incremented. > DL> Assuming the init_nsproxy is level 0, when the nsproxy counter is > DL> > 1, the process is uncheckpointable. > > This should also be possible by just making sure that the nsproxy of > the root process being checkpointed is the same as any of the > children, correct? That way we avoid having to modify the core > nsproxy bits and can still reject any nested namespaces. > Right, this is another option. The nsproxy counter will allow to flag at runtime a process to be uncheckpointable. The nsproxy comparison will detect nested nsproxies at checkpoint time. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
