On 2017-09-18 21:45, Eric W. Biederman wrote:
> Richard Guy Briggs writes:
>
> > On 2017-09-14 12:33, Eric W. Biederman wrote:
> >> Richard Guy Briggs writes:
> >>
> >> > The trigger is a pseudo filesystem (proc, since PID tree already exists)
> >> > write of
Richard Guy Briggs writes:
> On 2017-09-14 12:33, Eric W. Biederman wrote:
>> Richard Guy Briggs writes:
>>
>> > The trigger is a pseudo filesystem (proc, since PID tree already exists)
>> > write of a u64 representing the container ID to a file representing a
On 2017-09-14 01:30, Richard Guy Briggs wrote:
> On 2017-09-13 14:33, Carlos O'Donell wrote:
> > On 09/13/2017 12:13 PM, Richard Guy Briggs wrote:
> > > Containers are a userspace concept. The kernel knows nothing of them.
> >
> > I am looking at this RFC from a userspace perspective,
On 2017-09-14 12:33, Eric W. Biederman wrote:
> Richard Guy Briggs writes:
>
> > The trigger is a pseudo filesystem (proc, since PID tree already exists)
> > write of a u64 representing the container ID to a file representing a
> > process that will become the first process in a
Richard Guy Briggs writes:
> The trigger is a pseudo filesystem (proc, since PID tree already exists)
> write of a u64 representing the container ID to a file representing a
> process that will become the first process in a new container.
> This might place restrictions on mount
On 2017-09-13 14:33, Carlos O'Donell wrote:
> On 09/13/2017 12:13 PM, Richard Guy Briggs wrote:
> > Containers are a userspace concept. The kernel knows nothing of them.
>
> I am looking at this RFC from a userspace perspective, particularly from
> the loader's point of view and the unshare
On 09/13/2017 12:13 PM, Richard Guy Briggs wrote:
> Containers are a userspace concept. The kernel knows nothing of them.
I am looking at this RFC from a userspace perspective, particularly from
the loader's point of view and the unshare syscall and the semantics that
arise from the use of it.
Containers are a userspace concept. The kernel knows nothing of them.
The Linux audit system needs a way to be able to track the container
provenance of events and actions. Audit needs the kernel's help to do
this.
Since the concept of a container is entirely a userspace concept, a
trigger