Gao feng <gaofeng@xxxxxxxxxxxxxx> writes: > 于 2012年11月17日 00:35, Eric W. Biederman 写道: >> From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> >> >> - Pid namespaces are designed to be inescapable so verify that the >> passed in pid namespace is a child of the currently active >> pid namespace or the currently active pid namespace itself. >> >> Allowing the currently active pid namespace is important so >> the effects of an earlier setns can be cancelled. >> >> Signed-off-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> >> --- > > Hi Eric > > I noticed that,after we call setns to change task's pidns to container A's pidns. > we can't see this task in container A's proc filesystem. > > Is this what we expected? Only children move to the new pid namespace so yes. Any other semantic requires ugly races with changing the pid of an existing process. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
