Eric W. Biederman writes: > Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> writes: >>> Not sure if this is the right argument. From my point of view it's >>> better to be explicit for such things, something like --all sounds >>> like a magical blackbox where semantic depends on features implemented >>> by kernel and nsenter(1). > > Which is the reason I did not implement --all in the first place, > although it is attractive. > >> Hi, >> >> I'm was trying to document how a user should enter a namespace >> container created by systemd-nspawn. I would prefer not to have the >> user type 'nsenter -t $PID -muipn', but something simpler. > > As I see it nsenter is the raw tool for when you need to get your > hands dirty. lxc already has a more integrated version. And > it isn't hard to define a simple wrapper such as: > > cat > systemd-nsenter <<EOF > #!/bin/sh > PID=$1 > shift > exec nsenter -t $PID --mount --ipc --pid --net --uts "$@" > EOF > > If you need things to be slightly simpler and it isn't worth deriving > your own c wrapper. Except that when you are distributing such script (eg. an init-like script), your shell script will need to add code detecting which namespaces the kernel supports (and adding appropiate flags to nsenter) and checking if your nsenter version supports them or not. It's better to have --all to enter all namespaces that nsenter supports. If you want to, it could print a warning when using --all and nsenter knows about more namespaces than the kernel or if it detects that the kernel knows about more namespaces than itself. But having a --all to enter “as namespaces as possible” would be the right thing IMHO. -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
