> Not objecting to prctl(), but two other options would be > > 1. add a CLONE_NEW_NS_USERMNT flag - kind of ugly, but that is > the time at which the ns is created, so in that sense it > makes sense. Yes, I thought about this, but there's no easy way to set the flag for the initial namespace, and a second flag CLONE_NEW_NS_NOUSERMNT would be needed to turn off the flag. > 2. use the nsproxy container subsystem (see Paul Menage's > containers patchset) to set this using, e.g., > > echo 1 > /containers/vserver1/mounts/usermount That again would lose some flexibility: only namespaces which are part of a container could be manipulated. Does that exclude the initial namespace? Also how would a process find out which vserver it is running in? Thanks, Miklos - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
