From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 05 Nov 2004 - 18:53:45 GMT
On Fri, Nov 05, 2004 at 02:41:46PM +1300, Sam Vilain wrote:
> Herbert Poetzl wrote:
> >I guess we should move away from what we have now, get
> >some distance, and think about what we want to have
> >in let's say half a year (or maybe a year) then start
> >to work in that direction ...
> Alright! Well, Christmas is coming, so from context 0 (or 1) I'd like
> to be able to do this (unless the context has a flag set):
> # ls /proc/virtual/61823/namespace
> bin dev home lib media opt root srv tmp var
> boot etc initrd lost+found mnt proc sbin sys usr
> And I want it to give a different device number inside there so I can
> use `find -xdev' on /proc to just search proc, not the filesystems of
> all the vservers too.
trust me, you don't want that, for several reasons
what you might want is something like:
vmount --xid 42 /mnt/vservers/42
> And I want to be able to do this:
> # mount --rbind /proc/virtual/61823/namespace /mnt/foo
then you can do:
mount --rbind /mnt/vservers/42 /proc/virtual/42/namespace ;)
> And I want this to opportunistically create a new namespace and
> automatically get rid of unreachable mounts:
hmm, unreachable .. interesting idea ...
(but I guess enrico will disagree)
> # chroot /mnt/foo/. sh -c "cat /proc/mounts"
> /dev/root / ext3 rw 0 0
> procns /proc proc rw,nodiratime 0 0
> shmns /tmp tmpfs rw 0 0
> ptsns /dev/pts devpts rw 0 0
> I'd like /proc/PID/mounts to be:
> - a symlink to /proc/mounts if the namespace hasn't been changed from
> the last pivot_root (or boot) in the host system, or if it is the
> same as the ``system'' namespace, if such a thing exists
> - a symlink to /proc/virtual/XID/mounts, if the process is `in' the
> context in namespace terms
> - a normal file, straight after a CLONE_NS, which has the same inode
> number on the /proc filesystem as any process with that namespace,
> and the number of links on it corresponds to the number of processes
> in that namespace.
> Maybe also, similarly with /proc/PID/namespace, a symlink to "/",
> "/proc/virtual/XID/namespace", or a real directory.
> And I want them all to virtualise magically so that you can create a
> vserver that can have vservers within it and not be able to tell the
> difference just by looking at /proc/mounts or /proc/PID/namespace. And
> I don't want to have to give contexts full mount ability to do that.
> And I want the implementation to think of a day when the we can have
> vservers within vservers, maybe an s_context has a parent s_context.
> (Zombie contexts! yay!)
this is not the first time this comes up ...
until now the downsides have outweighted the ups
(at least IMHO)
- huge overhead in _all_ context checks
- orphaned contexts
- sub-xid management across contexts
doesn't mean that we won't do it sooner or later ... ;)
> And I want to be able to kill off all processes on my context 0 system,
> get init to chroot(2) into a new filesystem I made, then all the other
> mounted filesystems just fall off the bottom of the mounts table and get
> umounted (as no namespaces are referring to them).
> And I'd like a Pony.
ah, that sounds easy ... ;)
thanks for the input,
> Sam Vilain, sam /\T vilain |><>T net, PGP key ID: 0x05B52F13
> (include my PGP key ID in personal replies to avoid spam filtering)
> Vserver mailing list
Vserver mailing list