[lxc-devel] [RFC lxc 2/2] Added lxc.start.unshare
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Nov 27 22:01:44 UTC 2015
Quoting Wolfgang Bumiller (w.bumiller at proxmox.com):
> > On November 20, 2015 at 5:24 PM Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> >
> > Quoting Wolfgang Bumiller (w.bumiller at proxmox.com):
> > > If manual mounting with elevated permissions is required
> > > this can currently only be done in pre-start hooks or before
> > > starting LXC. In both cases the mounts would appear in the
> > > host's namespace.
> > > With this flag the namespace is unshared before the startup
> > > sequence, so that mounts performed in the pre-start hook
> > > don't show up on the host.
> > >
> > > Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> >
> > Hi,
> >
> > ack on the code. But I want to bikeshed on the name. 'lxc.start.unshare'
> > makes it sound like the container won't be unshared by default. How
> > about either lxc.monitor.unshare or lxc.early_unshare? Do you have any
> > other ideas?
>
> I'm not very good at coloring bike sheds ;-)
> lxc.monitor.unshare makes sense as it probably describes the situation
> best. Underscores are weird (IMO the only warranted cases are id_map and
> the 2nd one in aa_allow_incomplete), and the hooks use hyphens. So it's
> probably good to avoid them.
Hi,
were you going to resend with that change?
More information about the lxc-devel
mailing list