From: Bj÷rn Steinbrink (bjoern.steinbrink_at_isp4p.net)
Date: Fri 05 Nov 2004 - 02:51:31 GMT
> why not do it this way:
> 1. get a new namespace
> 2. create the vfsmount (for example via --bind)
> 3. pivot_root (or similar, maybe new cmd?) to the vfsmount
> 4. cleanup the namespace (remove host stuff)
> 5. do all required/listed mounts inside that namespace
> 6. create the context
I've found an easy way to get a clean namespace using lazy mounts. A
short bash script + description can be found at
(be careful with that, it's just a quick hack!)
Mounting of the whole vserver mount tree happens using host tools.
No / overlay mount.
Namespace is completely clean, not even the rootfs mount is there.
chdir("..") trick is not possible (dunno about fd exchange).
Should be easy to integrate with the current alpha tools.
chroot(1) must not be on a separate partition.
Once inside the namespace currently there's no access to the host's
binaries (i'm working on that, maybe i can do something with
[whatever you dislike about it/i missed]
Comments are welcome.
Vserver mailing list