[lxc-devel] Anybody looked at unshare(2)?

Rob Landley rlandley at parallels.com
Wed Feb 23 04:22:15 UTC 2011


It looks like clone flags aren't the only way to create a new namespace,
any existing process can move to a new namespace via unshare(2).

This sounds like you could fairly easily make a super_chroot() function
that does most of the container stuff.  The hard part would be doing
mount points, device setup, and TTY I/O.  (How much of this requires a
host daemon?  I still haven't properly investigated how the current
container TTY stuff behind lxc-console works...)

Rob




More information about the lxc-devel mailing list