The namespace join facility looks interesting. Do you have a patch somewhere
for it?
> Of course, a lot of the isolation that per-process namespaces give you
> is suddenly undone by the introduction of this facility.
I'm not sure if the lack of isolation is any different than what can be done
> The namespace join facility looks interesting. Do you have a patch
> somewhere for it?
I'll see what I can dig up though it wouldn't tbe erribly difficult to
reimplement. You basically just need to modify the pgrp pointer of
the proc, adjusting ref counts as required.
>> Of course, a lot of th
2017-10-24 16:21 GMT+02:00 Alex Musolino :
> Creating a child process is something that a process explicitly
> controls and the RFNOTEG flag of rfork(2) allows a process to control
> whether or not it shares its namespace with its children. Allowing
> other, unrelated processes to fiddle with your
Here it is:
https://github.com/JehanneOS/jehanne/commit/320e6e6f35bfbc2e37dbd079c8d6a9124bd9ac6c
The simple test attached confirms that it works as expected:
https://github.com/JehanneOS/jehanne/blob/master/qa/kern/nsclone.c
Now it's just matter of modifying the plumber to use this facility and
> Think about multiple processes owned by multiple users running on a
> cpu server. Which processes should be allowed to join which
> namespaces?
>
> Perhaps allowing only the hostowner to join namespaces for debugging
> and administration purposes would be acceptable.
Ah, right. What about onl
Here it is:
https://github.com/JehanneOS/jehanne/blob/master/sys/src/cmd/ns/clone.c
I'll leave the modifications to the plumber for another boring night...
Giacomo
2017-10-25 1:00 GMT+02:00 Chris McGee :
>
>> Think about multiple processes owned by multiple users running on a
>> cpu server. W
