Hi,
Are there any known issues with nesting mount namespaces inside
Linux-VServer containers? I'm experimenting with pam_namespace and while
unshare(CLONE_NEWNS) returns zero (after adding CAP_SYS_ADMIN to the
vserver), changes made by the module to the mounted filesystems are
visible globally. Am I (or the PAM module) doing something wrong or is
this not supported under Linux-VServer?
Using ns_exec[1] -c -m (or ns_exec -m) also reports successful
unshare/clone but changes to mounts remain visible.
I'm not 100% positive that my setup is correct but I thought I'd ask
before digging deep into kernel code.
Best regards,
Grzegorz Nosek
1.
https://www.linux-cr.org/redmine/projects/test-cr/repository/revisions/64261342b85a7245c5c7f837b891a25a47fc2a61/entry/ns_exec.c
Received on Thu Jun 9 16:07:35 2011