From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: <3aaafc130907131518y74523ef8rf9ddb92fb3d3d105@mail.gmail.com> <13426df10907131616k203f0676yb181157cac24d179@mail.gmail.com> <3aaafc130907131641x23280307p7c5a478d9ae93a4@mail.gmail.com> <3aaafc130907131742g746fa52cq45e6510aaf7d0b83@mail.gmail.com> Date: Mon, 13 Jul 2009 19:28:24 -0600 Message-ID: From: Latchesar Ionkov To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [9fans] v9fs question Topicbox-Message-UUID: 1e6200f6-ead5-11e9-9d60-3106f5b1d025 I don't see why should we do tricks like that. We have support for private namespaces, why should we make the linux code even more complicated? Thanks, =A0 =A0Lucho On Monday, July 13, 2009, Tim Newsham wrote: > > Could we solve this by making private mounts the default (or only > allowed) behavior? > > > I've wondered if there's enough context information > that the fs driver could "fake" per-process mount points > directly. =A0For example, I mount v9fs on /n. =A0Initially > I have no remote mounts in there, but I have /n/ctl. > I echo "mount 1.2.3.4 foo" to /n/ctl and now I have > /n/foo which is served from 1.2.3.4 for my process, but > other processes dont see /n/foo. =A0I fork a child and it > gets /n/foo, too. =A0In the child I mount another directory > and the changes are seen in both the child and the parent. > I then echo "copyns" to /n/ctl and then perform another > mount and the new mount is visible in the child process but > not the parent process. > > This would of course require that the kernel filesystem > (probably vfs layer) could distinguish who made a filesystem > request. =A0It might also require some hackery to get the > inheritance on fork working properly (although perhaps some > existing unix mechanism could be reused for this purpose, such > as session and process group stuff). > > Feasible at all in Linux? *BSD? =A0Win32? > > Upsides: Kernel doesnt need to otherwise support any notion > of mount namespace. =A0Removes security concerns of per-process > namespaces since you could never rebind over /etc/passwd or > other important files. > > Downsides: Perhaps not possible. =A0Mount/bind namespaces not > universally present, only within certain mount points. > > > ron > > > Tim Newsham > http://www.thenewsh.com/~newsham/ > >