From: ebiederm@xmission.com (Eric W. Biederman)
To: "Yordan Karadzhov \(VMware\)" <y.karadz@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
viro@zeniv.linux.org.uk, rostedt@goodmis.org, mingo@redhat.com,
hagen@jauu.net, rppt@kernel.org,
James.Bottomley@HansenPartnership.com, akpm@linux-foundation.org,
vvs@virtuozzo.com, shakeelb@google.com,
christian.brauner@ubuntu.com, mkoutny@suse.com,
Linux Containers <containers@lists.linux.dev>
Subject: Re: [RFC PATCH 0/4] namespacefs: Proof-of-Concept
Date: Thu, 18 Nov 2021 12:55:07 -0600 [thread overview]
Message-ID: <87a6i1xpis.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20211118181210.281359-1-y.karadz@gmail.com> (Yordan Karadzhov's message of "Thu, 18 Nov 2021 20:12:06 +0200")
Adding the containers mailing list which is for discussions like this.
"Yordan Karadzhov (VMware)" <y.karadz@gmail.com> writes:
> We introduce a simple read-only virtual filesystem that provides
> direct mechanism for examining the existing hierarchy of namespaces
> on the system. For the purposes of this PoC, we tried to keep the
> implementation of the pseudo filesystem as simple as possible. Only
> two namespace types (PID and UTS) are coupled to it for the moment.
> Nevertheless, we do not expect having significant problems when
> adding all other namespace types.
>
> When fully functional, 'namespacefs' will allow the user to see all
> namespaces that are active on the system and to easily retrieve the
> specific data, managed by each namespace. For example the PIDs of
> all tasks enclosed in the individual PID namespaces. Any existing
> namespace on the system will be represented by its corresponding
> directory in namespacesfs. When a namespace is created a directory
> will be added. When a namespace is destroyed, its corresponding
> directory will be removed. The hierarchy of the directories will
> follow the hierarchy of the namespaces.
It is not correct to use inode numbers as the actual names for
namespaces.
I can not see anything else you can possibly uses as names for
namespaces.
To allow container migration between machines and similar things
the you wind up needing a namespace for your names of namespaces.
Further you talk about hierarchy and you have not added support for the
user namespace. Without the user namespace there is not hierarchy with
any namespace but the pid namespace. There is definitely no meaningful
hierarchy without the user namespace.
As far as I can tell merging this will break CRIU and container
migration in general (as the namespace of namespaces problem is not
solved).
Since you are not solving the problem of a namespace for namespaces,
yet implementing something that requires it.
Since you are implementing hierarchy and ignoring the user namespace
which gives structure and hierarchy to the namespaces.
Since this breaks existing use cases without giving a solution.
Nacked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Eric
next prev parent reply other threads:[~2021-11-18 18:55 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-18 18:12 [RFC PATCH 0/4] namespacefs: Proof-of-Concept Yordan Karadzhov (VMware)
2021-11-18 18:12 ` [RFC PATCH 1/4] namespacefs: Introduce 'namespacefs' Yordan Karadzhov (VMware)
2021-11-18 18:12 ` [RFC PATCH 2/4] namespacefs: Add methods to create/remove PID namespace directories Yordan Karadzhov (VMware)
2021-11-18 18:12 ` [RFC PATCH 3/4] namespacefs: Couple namespacefs to the PID namespace Yordan Karadzhov (VMware)
2021-11-18 18:12 ` [RFC PATCH 4/4] namespacefs: Couple namespacefs to the UTS namespace Yordan Karadzhov (VMware)
2021-11-18 18:55 ` Eric W. Biederman [this message]
2021-11-18 19:02 ` [RFC PATCH 0/4] namespacefs: Proof-of-Concept Steven Rostedt
2021-11-18 19:22 ` Eric W. Biederman
2021-11-18 19:36 ` Steven Rostedt
2021-11-18 19:24 ` Steven Rostedt
2021-11-19 9:50 ` Kirill Tkhai
2021-11-19 12:45 ` James Bottomley
[not found] ` <20211119092758.1012073e@gandalf.local.home>
2021-11-19 16:42 ` James Bottomley
2021-11-19 17:14 ` Yordan Karadzhov
2021-11-19 17:22 ` Steven Rostedt
2021-11-19 23:22 ` James Bottomley
2021-11-20 0:07 ` Steven Rostedt
2021-11-20 0:14 ` James Bottomley
[not found] ` <f6ca1f5bdb3b516688f291d9685a6a59f49f1393.camel@HansenPartnership.com>
2021-11-19 16:47 ` Steven Rostedt
2021-11-19 16:49 ` Steven Rostedt
2021-11-19 23:08 ` James Bottomley
2021-11-22 13:02 ` Yordan Karadzhov
2021-11-22 13:44 ` James Bottomley
2021-11-22 15:00 ` Yordan Karadzhov
2021-11-22 15:47 ` James Bottomley
2021-11-22 16:15 ` Yordan Karadzhov
2021-11-19 14:26 ` Yordan Karadzhov
2021-11-18 21:24 ` Mike Rapoport
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a6i1xpis.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux.dev \
--cc=hagen@jauu.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mkoutny@suse.com \
--cc=rostedt@goodmis.org \
--cc=rppt@kernel.org \
--cc=shakeelb@google.com \
--cc=viro@zeniv.linux.org.uk \
--cc=vvs@virtuozzo.com \
--cc=y.karadz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).