Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752938AbcCKWsQ (ORCPT ); Fri, 11 Mar 2016 17:48:16 -0500 Received: from h-66-167-227-134.lsan.ca.dynamic.megapath.net ([66.167.227.134]:58221 "EHLO bifrost.lang.hm" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752490AbcCKWsN (ORCPT ); Fri, 11 Mar 2016 17:48:13 -0500 Date: Fri, 11 Mar 2016 14:48:08 -0800 (PST) From: David Lang X-X-Sender: dlang@asgard.lang.hm To: Cole cc: Al Viro , LKML , "Austin S. Hemmelgarn" , Richard Weinberger Subject: Re: Variant symlink filesystem In-Reply-To: Message-ID: References: <56E327FF.1010103@nod.at> <56E3298A.1040008@nod.at> <56E32CD3.1010705@gmail.com> <20160311215106.GU17997@ZenIV.linux.org.uk> <20160311222401.GV17997@ZenIV.linux.org.uk> User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2788 Lines: 56 On Sat, 12 Mar 2016, Cole wrote: > On 12 March 2016 at 00:24, Al Viro wrote: >> On Sat, Mar 12, 2016 at 12:03:11AM +0200, Cole wrote: >> >>> This was one of the first solutions we looked at, and using various >>> namespaces. However we would like to be able to have multiple terminal >>> sessions open, and be able to have each session using a different >>> mount point, or be able to use the other terminals mount point, i.e. >>> switching the mount point to that of the other terminals. We would >>> also like the shell to be able to make use of these, and use shell >>> commands such as 'ls'. >>> >>> When we originally looked at namespaces and containers, we could not >>> find a solution to achieve the above. Is this possible using >>> namespaces? >> >> I'd try to look at setns(2) if you want processes joinging existing namespaces. >> I'm afraid that I'll need to get some sleep before I'll be up to asking >> the right questions for figuring out what requirements do you have and >> what's the best way to do it - after a while coffee stops being efficient >> and I'm already several hours past that ;-/ > > > Sure, not a problem, when you have time to reply I will gladly welcome > any feed back. > > As for the usage, I'll explain it a bit so that you have something to > work off of when you get a chance to read it. > > The problem we encountered with namespaces when we looked at it more > than a year ago was 'how do you get the shell' to join them, or into > one. And also how do you move the shell in one terminal session into a > namespace that another shell is currently in. We wanted a solution > that doesn't require modifying existing programs to make them > namespace aware. However, as I said, this was more than a year ago > that we looked at it, and we could easily have misunderstood > something, or not understood the full functionality available. If you > say this is possible, without modifying programs such as bash, could > you please point me in the direction of the documentation describing > this, and I will try to educate myself. looking at the setns() function, it seems like you could have a suid helper program that you run in one session that changes the namespace and then invokes a bash shell in that namespace that you then run unmodified stuff in. it seems like there should be a way for a root program to change the namespace of another, but I'm not finding it at the moment. There is the nsenter program that will run a program inside an existing namespace. It looks like you need something similar that implements some permission checking (only let you go into namespaces of other programs for the same user or similar), but you should be able to make proof-of-concept scripts with nsenter. David Lang