Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964808AbWBFUlE (ORCPT ); Mon, 6 Feb 2006 15:41:04 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964805AbWBFUlD (ORCPT ); Mon, 6 Feb 2006 15:41:03 -0500 Received: from e36.co.us.ibm.com ([32.97.110.154]:27559 "EHLO e36.co.us.ibm.com") by vger.kernel.org with ESMTP id S964809AbWBFUlA (ORCPT ); Mon, 6 Feb 2006 15:41:00 -0500 Message-ID: <43E7B452.2080706@watson.ibm.com> Date: Mon, 06 Feb 2006 15:40:50 -0500 From: Hubertus Franke User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Eric W. Biederman" CC: linux-kernel@vger.kernel.org, vserver@list.linux-vserver.org, Herbert Poetzl , "Serge E. Hallyn" , Alan Cox , Dave Hansen , Arjan van de Ven , Suleiman Souhlal , Cedric Le Goater , Kyle Moffett , Kirill Korotaev , Greg , Linus Torvalds , Andrew Morton , Greg KH , Rik van Riel , Alexey Kuznetsov , Andrey Savochkin , Kirill Korotaev , Andi Kleen , Benjamin Herrenschmidt , Jeff Garzik , Trond Myklebust , Jes Sorensen Subject: Re: [RFC][PATCH 0/20] Multiple instances of the process id namespace References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2458 Lines: 71 Eric W. Biederman wrote: > There have been several discussions in the past month about how > to do a good job of implementing a subset of user space that > looks like it has the system to itself. Essentially making > chroot everything it could be. This is my take on what > the implementation of a pid namespace should look like. > Eric, this looks very good. The pspace internal implementation is very similar to what I was working on objectifying the pidmap etc. I was pursuing the same route in using find_pid() functions as the means to distinguish pspaces rather then actually virtualizing them. But this code already goes so much further in many many aspects. Kudos to you. I am still going through some of the details, but this is an excellent starting position. > > What follows is a real patch set that is sufficiently complete > to be used and useful in it's own right. There are a few areas > of the kernel where the patchset does not reach, mostly these > cause the compile to fail. In addition a good thorough review > still needs to be done. This patchset does paint a picture > of how I think things should look. > > From the kernel community at large I am asking: > Does the code look generally sane? Yes, but I have one question for you... Large parts of the patch are adding the pspace argument to find_task_by_pid() and in many cases that argument is current->pspace. It might bring down the size of the patch if you have find_task_by_pid( pid ) { return find_task_pidspace_by_pid ( current->pspace, pid ); } and then only deal with the exceptional cases using find_task_pidspace_by_pid when the pidspace is different.. > > Does the use of clone to create a new namespace instance look > like the sane approach? > At he surface it looks OK .. how does this work in a multi-threaded process which does cloen ( CLONE_NPSPACE ) ? We discussed at some point that exec is the right place to do it, but what I get is that because this is the container_init task we are OK ! A bit clarification would help here ... > Hopefully this code is sufficiently comprehensible to allow a good > discussion to come out of this. > Yes > Thanks for your time, > > Eric -- Hubertus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/