He's back. And this time he's got a chainsaw.
Yes, folks. We got per-process namespaces. Working. With proper
behaviour on exit(), yodda, yodda. Enjoy. Help with testing would be more
than welcome.
Current patch is on ftp.math.psu.edu/pub/viro/namespaces-S2.gz
It's against 2.4.2.
Contents:
* proper refcounting of struct super_block
* GC for vfsmounts (finally)
* fix for races between get_super() and umount()
* SMP-safe lock_super()
* general cleanup of fs/super.c
* "lazy" option for umount() (detach from mountpoint now, do the
rest when it will cease to be busy - use MNT_DETACH in 'flags' argument
to get that behaviour).
* Plan 9 per-process namespaces (sans unions so far)
* large cleanup of boot process (ramdisk handling, etc.)
Variant without namespaces (they were the last part) is in the same
directory, called s_lock-S2.gz.
rfork.c (in the same place) will copy a namespace and start shell in it.
Use for testing... It's an equivalent of rfork(RFNAMEG) on Plan 9.
One detail - patch requires ramfs built into the kernel (boot process cleanup
part needs that).
It works here (ran for about 12 hours with no problems). It's _NOT_ for
inclusion into 2.4. Some pieces might go (get_super() races have to be
fixed, after all), but most of this stuff is 2.5 fodder. However, it
seems to be working. No doubt there are bugs and it's far from being
a final version. I would call it _very_ early beta. Please, help with
testing.
Comments on the code/design/amount of dope it took to write the thing (zero,
actually) are welcome. I _will_ document it, but it's still not in the
final form. Pretty close to it, hopefully, but...
I'm more than willing to answer questions on the design of the thing - just
ask. So far that's the best I can do - all documentation is a pile of notes
+ CVS log.
Cheers,
Al
PS: hopefully - back for good.
>I'm more than willing to answer questions on the design of the thing -
>just
>ask. So far that's the best I can do - all documentation is a pile of
>notes
>+ CVS log.
>
> Cheers,
> Al
>PS: hopefully - back for good.
That sounds like an especially fascinating pile of notes. Perhaps you
could pile it next to the patch on the ftp site?
Rick Hohensee
:; cLIeNUX /dev/tty5 01:08:45 /
:;ls -d */
Linux/ dev/ help/ owner/ temp/
boot/ device/ incoming/ source/
command/ floppy/ log/ subroutines/
configure/ guest/ mounts/ suite/
:; cLIeNUX /dev/tty5 01:08:55 /
:;
On Sun, 25 Feb 2001, Rick Hohensee wrote:
[I wrote]
> >ask. So far that's the best I can do - all documentation is a pile of
> >notes
> >+ CVS log.
[snip]
> That sounds like an especially fascinating pile of notes. Perhaps you
> could pile it next to the patch on the ftp site?
You know, CDA is dead and gone, but I really doubt that putting this
pile as-is in any vicinity of this account would be a good idea.
Besides, half of them will need a translation - I doubt that 80Kb of
grep output intermixed with comments in English and Russian, some of
them printable, would be useful. Fasicanting - maybe, but... IOW, turning
that into documentation will take some efforts.
Cheers,
Al
Hi Al,
Very neat!
Ron Minnich and I built something similar: we built private namespaces for
login sessions. Ours have slightly different semantics I think.
To do so we changed mount+chroot into "imount" (i = invisible). This landed
a process in a file system that had no root in the Unix directory tree.
(see the "Private name spaces, PNS" project on SourceForge.
We added another goodie, which was called "memdev". It provided a new block
device from a private, i.e. copy on write, memory mapped block device. See
"memdev" on SourceForge.
We used it as follows:
- when you login, you get imounted into an environment where you have full
priviliges (except mknod). The "/" of your environment is not a directory
in the Unix tree.
- in this environment the system file systems are available to you on a
copy on write private basis.
- any files you change get out over a network file system to a server. We
used InterMezzo backed by a ramfs cache.
When the user logs out, everything is gone, except possibly footprints in
swap.
- Peter J. Braam -
Mountain View Data, Inc.
On Mon, Feb 26, 2001 at 08:26:23AM -0800, Peter J. Braam wrote:
> - when you login, you get imounted into an environment where you have full
> priviliges (except mknod). The "/" of your environment is not a directory
> in the Unix tree.
> - in this environment the system file systems are available to you on a
> copy on write private basis.
> - any files you change get out over a network file system to a server. We
> used InterMezzo backed by a ramfs cache.
>
> When the user logs out, everything is gone, except possibly footprints in
> swap.
These changes can be used separately, can't they?
I'd really like to use them with Al's more generic namespaces concept.
Once thing that worries is that his patch want special privilegs for
creating a new namespace and I wonder if we really want that...
Christoph
--
Of course it doesn't work. We've performed a software upgrade.