From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <3e1162e60709071426mf4a4ea2kfdb4500fe763b0a9@mail.gmail.com> Date: Fri, 7 Sep 2007 14:26:10 -0700 From: "David Leimbach" To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> Subject: Re: [9fans] 1/2 OT: per-process mounts/namespace @ Linux In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_1782_17887052.1189200370904" References: <20070907200915.GA20929@nibiru.local> Cc: Topicbox-Message-UUID: bb211a4c-ead2-11e9-9d60-3106f5b1d025 ------=_Part_1782_17887052.1189200370904 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On 9/7/07, Eric Van Hensbergen wrote: > > Linux actually has private namespaces, its just off by default. There > is a flag to clone which can be used to establish new processes in > private namespaces (CLONENS or some such thng). > > Primary downside is that its superuser only -- but you could get > around it with setuid or custom kernel. > > -eric > > Then you have to worry about what happens when people do things like binding over /etc/passwd :-) ------=_Part_1782_17887052.1189200370904 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline

On 9/7/07, Eric Van Hensbergen <ericvh@gmail.com> wrote:
Linux actually has private namespaces, its just off by default.  There
is a flag to clone which can be used to establish new processes in
private namespaces (CLONENS or some such thng).

Primary downside is that its superuser only -- but you could get
around it with setuid or custom kernel.

             -eric


Then you have to worry about what happens when people do things like binding over /etc/passwd :-)


------=_Part_1782_17887052.1189200370904--