On 05/07/2011 04:24 AM, Eric W. Biederman wrote: > With the networking stack today there is demand to handle > multiple network stacks at a time. Not in the context > of containers but in the context of people doing interesting > things with routing. > > There is also demand in the context of containers to have > an efficient way to execute some code in the container itself. > If nothing else it is very useful ad a debugging technique. > > Both problems can be solved by starting some form of login > daemon in the namespaces people want access to, or you > can play games by ptracing a process and getting the > traced process to do things you want it to do. However > it turns out that a login daemon or a ptrace puppet > controller are more code, they are more prone to > failure, and generally they are less efficient than > simply changing the namespace of a process to a > specified one. > > Pieces of this puzzle can also be solved by instead of > coming up with a general purpose system call coming up > with targed system calls perhaps socketat that solve > a subset of the larger problem. Overall that appears > to be more work for less reward. > > int setns(int fd, int nstype); > > The fd argument is a file descriptor referring to a proc > file of the namespace you want to switch the process to. > > In the setns system call the nstype is 0 or specifies > an clone flag of the namespace you intend to change > to prevent changing a namespace unintentionally. > > v2: Most of the architecture support added by Daniel Lezcano<dlezcano@xxxxxxxxxx> > v3: ported to v2.6.36-rc4 by: Eric W. Biederman<ebiederm@xxxxxxxxxxxx> > v4: Moved wiring up of the system call to another patch > > Signed-off-by: Eric W. Biederman<ebiederm@xxxxxxxxxxxx> > --- Acked-by: Daniel Lezcano <daniel.lezcano@xxxxxxx> _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
