[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: OS-level virtualization
On Thu, 8 Apr 2021 18:12:18 +0200
Rhialto <rhialto%falu.nl@localhost> wrote:
> I had the same idea in the past, but haven't done anything concrete with
I'd like to give it a try. My big roadblock at the moment is how to add
a system call. The only thing search engines are finding appear to be
FreeBSD specific; is there a NetBSD guide or a man page for this?
> For other things, like UIDs, GIDs, etc it is a bit trickier because you
> could get multiple 'namespaces' using the same value and you can't even
> prevent it without causing weird failures. For those, you'd need some
> mapping layer somewhere to translate between global values and
> inside-the-namespace values. There is something like that for stacked
> file systems (mount_umap) but that won't be enough.
If kauth is preventing processes from any interaction, why do the
UID/GID even matter anymore?
Unless processes in different PID namespaces are also sharing the same
filesystem. I can't think of a use case for that (Not that there isn't
Aaron B. <aaron%zadzmo.org@localhost>
Main Index |
Thread Index |