Sorry for delay, vacation. On 08/29, Eric W. Biederman wrote: > > I goofed when I made unshare(CLONE_NEWPID) only work in a > single-threaded process. There is no need for that requirement and in > fact I analyzied things right for setns. The hard requirement > is for tasks that share a VM to all be in the pid namespace and > we properly prevent that in do_fork. Yes, agreed, with the current meaning of ->pid_ns unshare(NEWPID) looks safe even if the caller is multi-threaded... and this matches pidns_install() which doesn't require single-threaded. Oleg. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
