On Thu, Jul 30, 2020 at 06:01:20PM +0300, Kirill Tkhai wrote: > On 30.07.2020 17:34, Eric W. Biederman wrote: > > Kirill Tkhai <ktkhai@xxxxxxxxxxxxx> writes: > > > >> Currently, there is no a way to list or iterate all or subset of namespaces > >> in the system. Some namespaces are exposed in /proc/[pid]/ns/ directories, > >> but some also may be as open files, which are not attached to a process. > >> When a namespace open fd is sent over unix socket and then closed, it is > >> impossible to know whether the namespace exists or not. > >> > >> Also, even if namespace is exposed as attached to a process or as open file, > >> iteration over /proc/*/ns/* or /proc/*/fd/* namespaces is not fast, because > >> this multiplies at tasks and fds number. Could you describe with more details when you need to iterate namespaces? There are three ways to hold namespaces. * processes * bind-mounts * file descriptors When CRIU dumps a container, it enumirates all processes, collects file descriptors and mounts. This means that we will be able to collect all namespaces, doesn't it?
