Re: [PATCH 0/7] containers (V7): Generic Process Containers

From: Paul Menage
Date: Tue Feb 20 2007 - 18:36:51 EST

On 2/20/07, Sam Vilain <sam@xxxxxxxxxx> wrote:
Paul Menage wrote:
>> No. A reverse mapping is not needed and is not interesting.
> ... to you.

You're missing the point of Eric's next sentence. If you can achieve
everything you need to achieve and get all the information you are after
without it, then it is uninteresting.

Yes, you can do it with an exhaustive trawl of /proc. That can be very
expensive on busy machines.

>> As long as I can walk all processes and ask what namespace are
>> you in I don't care.
> How do you currently do that?

Take a look at /proc/PID/mounts for example.

That doesn't tell you what mounts namespace a process is in - it tells
you what the process can *view* in the namespace.

So make helpers. Macros. Anything, just don't introduce model
limitations like the container structure, because we've already got the
structure; the nsproxy.

As I mentioned in another email, nsproxy is fine for things that don't
need explicit configuration or reporting, or which already have
configuration methods (such as fork(), mount(), etc) available, and
which don't need to support movement of processes between different
"namespaces". If it was extended to support the
naming/config/movement, then it would be fine to use it as the
equivalent of a container.

I'd actually be interested in trying to combine my container object
and the nsproxy object into a single concept.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at