[lxc-devel] RFC: Device Namespaces

[Serge Hallyn]

Quoting Oren Laadan (orenl at cellrox.com):
> Hi everyone!
> 
> We [1] have been working on bringing lightweight virtualization to
> Linux-based mobile devices like Android (or other Linux-based devices with
> diverse I/O) and want to share our solution: device namespaces.
> 
> Imagine you could run several instances of your favorite mobile OS or other
> distributions in isolated containers, each under the impression of having
> exclusive access to device drivers; Interact and switch between them within
> a blink, no flashing, no reboot.
> 
> Device namespaces are an extension to existing Linux kernel namespaces that
> brings lightweight virtualization to Linux-based end-user devices,
> primarily mobile devices.
> Device namespaces introduce a private and virtual namespace for device
> drivers to create the illusion for a process group that it interacts
> exclusively with a set of drivers. Device namespaces also introduce the
> concepts of an “active” namespace with which a user interacts, vs
> “non-active” namespaces that run in the background, and the ability to
> switch between them.[2]

Note that unless I'm misunderstanding what you're saying here, this is
also what net_ns does.  A netns can exist with no processes so long as
you've bound its /proc/$$/ns/net somewhere.  You can then re-enter that
ns using ns_attach.  I haven't looked closely enough yet to see whether
you should be (or are) using the same interface.

> We are planning to prepare individual patches to be submitted to the

Looking forward to it, and seeing you at the containers track  :)

> 2: https://github.com/Cellrox/devns-patches/wiki/DeviceNamespace
> 3: https://github.com/Cellrox/devns-patches
> 4: https://github.com/Cellrox/devns-demo

(Have looked over the wiki, will look over the patches as well)

-serge