Ulrich Drepper wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Pavel Emelyanov wrote: >> Having access to the same IPCs in different pid namespaces won't work. >> Having access to the same filesystem in different IPC namespaces won't work. >> Having access to the same UID namespace in different VFS namespaces won't >> work. >> Having access to the same <any> namespace in different <many others> >> namespace >> wont' work. >> [...] > > > Then explicitly prevent the cases which cannot work in the clone() > calls. Yes, giving people rope to shoot themselves is a Unix tradition > but it's so unnecessary in this case and will only cause support > problems for innocent people.
:) > I bet the result will be that if you have a separate PID namespace you > need to enforce every other namespace as well. There are simply too > many dependencies. I think, that Ted's proposal (about the "namespaces compatibility matrix") is better. I'd prefer knowing of what can stop working in case I do something rather that forcedly having my hands off this. Thanks, Pavel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/