[lxc-devel] Anybody looked at unshare(2)?
Daniel Lezcano
daniel.lezcano at free.fr
Wed Feb 23 08:53:37 UTC 2011
On 02/23/2011 05:22 AM, Rob Landley wrote:
> It looks like clone flags aren't the only way to create a new namespace,
> any existing process can move to a new namespace via unshare(2).
>
> This sounds like you could fairly easily make a super_chroot() function
> that does most of the container stuff. The hard part would be doing
> mount points, device setup, and TTY I/O. (How much of this requires a
> host daemon? I still haven't properly investigated how the current
> container TTY stuff behind lxc-console works...)
The problem with unshare is you can not create a new pid namespace.
More information about the lxc-devel
mailing list