Hi, Aleksa Sarai:
Sorry for the late replay.
> what happens if you have processes in the same pidns that have
different mount namespaces?
We support this. The coredump file will be saved in the same mount
namespace with the processes. This is implemented by patch
<Limit dump_pipe program's permission to init for container>
> Just my $0.02.
Thanks.
Best Regards
Cao ShuFeng
在 2017年08月02日 15:07, Aleksa Sarai 写道:
Currently, each container shared one copy of coredump setting
with the host system, if host system changed the setting, each
running containers will be affected.
Same story happened when container changed core_pattern, both
host and other container will be affected.
For container based on namespace design, it is good to allow
each container keeping their own coredump setting.
From what I can see, this is basically setting a per-pidns
core_pattern (which is hierarchically applied). I'm not sure this
actually solves the more general problem (that usermode helper
settings aren't generally namespace-aware) -- and what happens if you
have processes in the same pidns that have different mount namespaces?
If we _had_ to do it like this I would think it makes more sense to
pin it to mountns, but I was under the impression that someone was
working on making usermode helpers play nicer with namespaces.
Just my $0.02.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
