On 05/07/2011 04:24 AM, Eric W. Biederman wrote: > Create files under /proc/<pid>/ns/ to allow controlling the > namespaces of a process. > > This addresses three specific problems that can make namespaces hard to > work with. > - Namespaces require a dedicated process to pin them in memory. > - It is not possible to use a namespace unless you are the child > of the original creator. > - Namespaces don't have names that userspace can use to talk about > them. > > The namespace files under /proc/<pid>/ns/ can be opened and the > file descriptor can be used to talk about a specific namespace, and > to keep the specified namespace alive. > > A namespace can be kept alive by either holding the file descriptor > open or bind mounting the file someplace else. aka: > mount --bind /proc/self/ns/net /some/filesystem/path > mount --bind /proc/self/fd/<N> /some/filesystem/path > > This allows namespaces to be named with userspace policy. > > It requires additional support to make use of these filedescriptors > and that will be comming in the following patches. > > Signed-off-by: Eric W. Biederman<ebiederm@xxxxxxxxxxxx> Acked-by: Daniel Lezcano <daniel.lezcano@xxxxxxx> _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
