[Toybox] [PATCH] add pid namespaces flag to unshare
Rob Landley
rob at landley.net
Fri Aug 30 21:25:39 PDT 2013
On 08/27/2013 03:00:36 AM, hhm wrote:
> User namespaces too.
>
> Should have just put this all into one patch... sorry :-)
It's fine.
I applied this a day or two back, although my email's still a bit
screwy so I'm only replying to the mailing list post now. :)
> By the way; should any non- CLONE_NEW* unshare(2)
> <http://man7.org/linux/man-pages/man2/unshare.2.html> flags be added
> too? "util-linux" does not add them, but they could be useful, if I
> understand properly, however I am not sure if these are true
> "namespaces".
Possibly we should just have a numeric unshare flag you can specify in
hex on the command line, then they could do what they liked without us
arbitrarily assigning letters to stuff...
Eventually I'd like a much simpler lxc replacement to be part of
toybox. Something that can do a sort of "chroot with extreme prejudice"
to set up a container, feed it network devices that route to the
outside world, handle console I/O, let the host get a process list for
the container, etc.
Haven't done the design work to see what that would look like, though.
Vague ideas, not enough details to actually start coding.
Rob
More information about the Toybox
mailing list