Re: Network isolation with RLIMIT_NETWORK, cont'd.

From: Bryan Donlan
Date: Thu Dec 17 2009 - 13:25:27 EST

Next message: Darren Hart: "[PATCH V3] tracecmd: Start of a tracecmd swig wrapper for python"
Previous message: Matthew Dharm: "Re: [PATCH] move eject code from zd1211rw to usb-storage"
In reply to: Andi Kleen: "Re: Network isolation with RLIMIT_NETWORK, cont'd."
Next in thread: Bernie Innocenti: "Re: Network isolation with RLIMIT_NETWORK, cont'd."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 17, 2009 at 12:31 PM, Mark Seaborn <mrs@xxxxxxxxxxxxxxxxx> wrote:

> Maybe we could fix (b) by making mount namespaces into first class objects
> that can be named through a file descriptor, so that one process can
> manipulate another process's namespace without itself being subject to the
> namespace.

Can this be done using openat() and friends currently? It would seem
the natural way to implement this; open /proc/(pid)/root, then
openat() things from there (or even chdir to it and see the mounts
that it sees from there...)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Darren Hart: "[PATCH V3] tracecmd: Start of a tracecmd swig wrapper for python"
Previous message: Matthew Dharm: "Re: [PATCH] move eject code from zd1211rw to usb-storage"
In reply to: Andi Kleen: "Re: Network isolation with RLIMIT_NETWORK, cont'd."
Next in thread: Bernie Innocenti: "Re: Network isolation with RLIMIT_NETWORK, cont'd."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]