On Wed, 10 Dec 2014 16:03:02 +0000 David Howells <dhowells@xxxxxxxxxx> wrote: > Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx> wrote: > > > > This thread might be interesting: > > > https://lkml.org/lkml/2014/11/24/885 > > > > > > > Nice. I wasn't aware that Ian was working on this. I'll take a look. > > I'm not sure what the current state of this is. There was some discussion > over how best to determine which container we need to run in - and it's > complicated by the fact that the mounter may run in a different container to > the program that triggered the mount due to mountpoint propagation. > Yes. It's quite a thorny problem. Part of the issue is that the different namespaces (net, mount, etc...) are completely orthogonal to one another as far as the kernel is concerned, but they really can't be when we start talking about userland stuff. For example, all of the nfs and nfsd namespace code was tied to the net namespace. But, once you start involving things like gssd, the mount namespace matters too as it has to deal with files (libraries and config files, in particular). Q: What happens if you have two "containers" that have the same net namespace but different mount namespaces along with a different krb5 configuration in each? Maybe even with a gssd running in each? A: A horrible mess, AFAICT... Without something that really enforces a 1:1 relationship between all of the different sorts of namespaces, the whole container/namespace concept quickly descends into a horrid mess. It makes my head hurt. -- Jeff Layton <jlayton@xxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
