Added Daniel to the discussion.. On Tue, 2010-02-23 at 06:07 -0800, Eric W. Biederman wrote: > jamal <hadi@xxxxxxxxxx> writes: > > Does the point after sys_setns(fd) allow me to do io inside > > ns <name>? Can i do open() and get a fd from ns <name>? > > Yes. My intention is that current->nsproxy->net_ns be changed. > We can already change it in unshare so this is feasible. I like it if it makes it as easy as it sounds;-> With lxc, i essentially have to create a proxy process inside the namespace that i use unix domain to open fds inside the ns. Do i still need that? > > The only problem that i see is events are not as nice. I take it i am > > going to get something like an inotify when a new namespace is created? > > Yes. Inotify would at the very least see that mkdir. You could also > use poll on /proc/mounts to see the set of mounts change. It is not as nice but livable. I suppose attributes of the specific namespace are retrieved somewhere there as well.. > > Is it not just a naming convention that you are dealing with? > > Example in your scheme above a nested namespace shows up as: > > /var/run/netns/<name>/<nestedname>, no? > > No. More like: > > For the outer namespace: > /var/run/netns/<name> > > For the inner namespace: > /some/random/fs/path/to/a/chroot/var/run/netns/<name> > > For a doubly nested scenario: > /some/random/fs/path/to/a/chroot/some/other/random/fs/path/to/another/chroot/var/run/netns/<name> > > Since I would be using mount namespaces instead of chroot it is not > strictly required that the fs paths nest at all. Ok. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
