>> + int flags[] = { CLONE_NEWPID, CLONE_NEWNS, CLONE_NEWNET, CLONE_NEWIPC,
>> CLONE_NEWUTS };
> ...
>> -static char *namespaces_list[] = {
>> - "MOUNT", "PID", "UTSNAME", "IPC",
>> - "USER", "NETWORK"
>> -};
>> -static int cloneflags_list[] = {
>> - CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUTS, CLONE_NEWIPC,
>> - CLONE_NEWUSER, CLONE_NEWNET
>> -};
>
> These should be commonized. I'm surprised this patch worked for you, as
> the indices for network don't match up.
Yes, they do, but you have to see which one matches against which:
namespaces_list <-> cloneflags_list
but in the lxc_attach_to_pid there's
char *ns[] = { "pid", "mnt", "net", "ipc", "uts" };
so we have
flags <-> ns. In the end, those are totally different arrays.
I've blacklisten USER because I don't know to which file in
/proc/$pid/ns it will map to once the feature is inside the kernel (I
only see the 5 in the char *ns[] list on my system) - I'll happily
rearrange them and add CLONE_NEWUSER to the flags and ns lists in the
attach to pid function.
Regards,
Christian
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
