[lxc-devel] device namespaces

[riya khanna]

Hi,

I'm a newbie trying to come up with a fuse/cuse-based solution to
device namespace virtualization.
I know there have been talks about this before. So before I go too far
with the implementation, I wanted to run the design by you all and get
your feedback.

According to the current design, a fuse-based pseudo filesystem (let's
call it "vdevtmps" - virtual dev tmpfs) will be mounted on "/dev" of
container to create virtual device nodes. What virtual device nodes to
create can be determined by lxc.conf (through device cgroup). This
also requires appropriate device view from /sys inside the container
(effectively sysfs namespacing).

Another option is to virtualize/namespacify "sysfs", so that something
like "mdev -s" (or udev) can scan files and auto create device nodes
for a container.

Every device node belonging to this filesystem is accessed through
fuse/cuse operations and is multiplexed on actual device. Desired
container could also get passthrough access to the real devices (e.g.
single active/desired container directly accessing the frame buffer
/dev/fb0).

This is similar to what was proposed at LPC last year, but I'm trying
to do this in user space. Like I said, I'm a newbie at this, so please
let me know if this does not make sense and kindly suggest an
alternative. Thanks!

-Riya