On Tue, 2008-12-02 at 19:07 -0500, erik quanstrom wrote: > > None of these questions are any different in this > > context than if there was simply some other process > > sharing the name space and doing the same manipulations. > > > > currently one can prevent external changes to a > namespace by creating a unique ns with rfork. > if /proc/$pid/ns were writable, one would not not > be possible without yet another mechanism.
>From where I sit, the file permissions seem to be quite an adequate a measure to be used for restricting access to any of the files under #p/<id>. I don't see how ns is different from, lets say, mem. Thanks, Roman.