> Think about multiple processes owned by multiple users running on a
> cpu server. Which processes should be allowed to join which
> namespaces?
>
> Perhaps allowing only the hostowner to join namespaces for debugging
> and administration purposes would be acceptable.
Ah, right. What about
Here it is:
https://github.com/JehanneOS/jehanne/commit/320e6e6f35bfbc2e37dbd079c8d6a9124bd9ac6c
The simple test attached confirms that it works as expected:
https://github.com/JehanneOS/jehanne/blob/master/qa/kern/nsclone.c
Now it's just matter of modifying the plumber to use this facility and
2017-10-24 16:21 GMT+02:00 Alex Musolino :
> Creating a child process is something that a process explicitly
> controls and the RFNOTEG flag of rfork(2) allows a process to control
> whether or not it shares its namespace with its children. Allowing
> other, unrelated
> The namespace join facility looks interesting. Do you have a patch
> somewhere for it?
I'll see what I can dig up though it wouldn't tbe erribly difficult to
reimplement. You basically just need to modify the pgrp pointer of
the proc, adjusting ref counts as required.
>> Of course, a lot of
The namespace join facility looks interesting. Do you have a patch somewhere
for it?
> Of course, a lot of the isolation that per-process namespaces give you
> is suddenly undone by the introduction of this facility.
I'm not sure if the lack of isolation is any different than what can be done