> The namespace join facility looks interesting. Do you have a patch > somewhere for it?
I'll see what I can dig up though it wouldn't tbe erribly difficult to reimplement. You basically just need to modify the pgrp pointer of the proc, adjusting ref counts as required. >> Of course, a lot of the isolation that per-process namespaces give >> you is suddenly undone by the introduction of this facility. > > I'm not sure if the lack of isolation is any different than what can > be done with a child process that shares the namespace. Is there a > particular case that you are thinking? Creating a child process is something that a process explicitly controls and the RFNOTEG flag of rfork(2) allows a process to control whether or not it shares its namespace with its children. Allowing other, unrelated processes to fiddle with your namespace is quite different. Think about multiple processes owned by multiple users running on a cpu server. Which processes should be allowed to join which namespaces? Perhaps allowing only the hostowner to join namespaces for debugging and administration purposes would be acceptable. >> At this point I'm not entirely convinced that it's worth the >> trouble. > > I think that it can be depending on how much time you have spent > building up a namespace for a process. Perhaps I have spent hours > working on something slowly customizing the namespace mounting and > binding things. If I end up running a long running command that > blocks and I want to work in parallel with it then I must remember > everything that I have done and repeat in a new window. It seems > like something the computer should do for me or at least help me to do > it. This seems a contrived example. Would you really spend HOURS working on setting up a namespace by hand? Surely you would instead be working on a script that builds the namespace for you; make the computer do the work. Then when you mess up, you can modify the script, create a new window, and try again. One more thing to consider is the #σ device in 9front which seems to address some of the problems that you might otherwise use nsjoin to solve. -- Cheers, Alex Musolino
