Cedric Le Goater wrote: > Dan Smith wrote: > >> DL> I guess it will be esay to implement with a nsproxy level counter. >> DL> Each time you unshare, the new nsproxy count is incremented. >> DL> Assuming the init_nsproxy is level 0, when the nsproxy counter is >> DL> > 1, the process is uncheckpointable. >> >> This should also be possible by just making sure that the nsproxy of >> the root process being checkpointed is the same as any of the >> children, correct? That way we avoid having to modify the core >> nsproxy bits and can still reject any nested namespaces. >> > > Daniel L, could we cleanup the patch we have on ns_group which filters > out the clone() done with the 'wrong' clone flags ? > > Thanks, > Sure. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
