[lxc-devel] Anybody looked at unshare(2)?
Daniel Lezcano
daniel.lezcano at free.fr
Wed Feb 23 09:40:36 UTC 2011
On 02/23/2011 09:53 AM, Daniel Lezcano wrote:
> On 02/23/2011 05:22 AM, Rob Landley wrote:
>> It looks like clone flags aren't the only way to create a new namespace,
>> any existing process can move to a new namespace via unshare(2).
>>
>> This sounds like you could fairly easily make a super_chroot() function
>> that does most of the container stuff. The hard part would be doing
>> mount points, device setup, and TTY I/O. (How much of this requires a
>> host daemon? I still haven't properly investigated how the current
>> container TTY stuff behind lxc-console works...)
>
> The problem with unshare is you can not create a new pid namespace.
Neither a new user namespace.
More information about the lxc-devel
mailing list