Hi, On 14 July 2016 at 20:20, Andrey Vagin <avagin@xxxxxxxxxx> wrote: > Each namespace has an owning user namespace and now there is not way > to discover these relationships. > > Pid and user namepaces are hierarchical. There is no way to discover > parent-child relationships too. > > Why we may want to know relationships between namespaces? > > One use would be visualization, in order to understand the running system. This looks interesting to me because I am interested in representing in a graphical way the relationship between different mounts in different mount namespaces (showing the ID, the parent-children relationships, mount peer groups, the master-slave relationships etc), specially for containers. The first idea was to take both /proc/1/mountinfo and /proc/$OTHER_PID/mountinfo and I can correlate the "shared:" and "master:" fields in the mountinfo files. But I cannot read the /proc/$pid/mountinfo of mount namespaces when there are no processes in those mount namespaces. For example, if those mount namespaces stay alive only because they contain "shared&slave" mounts between master mounts and slave mounts that I can see in /proc/$pid/mountinfo. Fictional example: # mntns 1, mountinfo 1 (visible via /proc/1/mountinfo) 61 0 253:1 / / rw shared:1 # mntns 2, mountinfo 2 (not visible via any /proc/$pid/mountinfo) 731 569 0:75 / / rw master:1 shared:42 # mntns 3, mountinfo 3 (not visible via any /proc/${container_pid}/mountinfo) 762 597 0:82 / / rw master:42 shared:76 As far as I understand, I cannot get a reference to the mntns2 fd because mnt namespaces are not hierarchical, and I cannot get its /proc/???/mountinfo because no processes live inside. Is there a way around it? Should this use case be handled together? Thanks! Alban > Another would be to answer the question: what capability does process X have to > perform operations on a resource governed by namespace Y? > > One more use-case (which usually called abnormal) is checkpoint/restart. > In CRIU we age going to dump and restore nested namespaces. > > There [1] was a discussion about which interface to choose to determing > relationships between namespaces. > > Eric suggested to add two ioctl-s [2]: >> Grumble, Grumble. I think this may actually a case for creating ioctls >> for these two cases. Now that random nsfs file descriptors are bind >> mountable the original reason for using proc files is not as pressing. >> >> One ioctl for the user namespace that owns a file descriptor. >> One ioctl for the parent namespace of a namespace file descriptor. > > Here is an implementaions of these ioctl-s. > > [1] https://lkml.org/lkml/2016/7/6/158 > [2] https://lkml.org/lkml/2016/7/9/101 > > Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > Cc: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> > Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx> > Cc: "W. Trevor King" <wking@xxxxxxxxxx> > Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> > > -- > 2.5.5 > > _______________________________________________ > Containers mailing list > Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx > https://lists.linuxfoundation.org/mailman/listinfo/containers _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers