Date: Wed, 16 Jun 2010 11:10:12 +0300 From: Boyko Yordanov <b.yordanov@exsisto.com> To: Julian Elischer <julian@elischer.org> Cc: freebsd-hackers@freebsd.org, Andriy Gapon <avg@icyb.net.ua> Subject: Re: CLONE_NEWNS or similar in freebsd? Message-ID: <9F69CF52-3793-439E-BEC8-BE9926C4EBA8@exsisto.com> In-Reply-To: <4C181946.7040405@elischer.org> References: <EF565524-1B4D-4F7D-AFA3-E9DCC02C03CF@exsisto.com> <4C17E1A7.90307@icyb.net.ua> <4C181946.7040405@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 16, 2010, at 3:22 AM, Julian Elischer wrote: > On 6/15/10 1:25 PM, Andriy Gapon wrote: >> on 15/06/2010 17:42 Boyko Yordanov said the following: >>> Hi List, >>>=20 >>> I have an app that uses linux's clone() syscall (with the = CLONE_NEWNS flag). >>> I need to migrate this app to freebsd. >>>=20 >>> Is there similar functionality in freebsd? For what I read fork() = and rfork() >>> wont do the trick. I need the children to have their own private = mount >>> namespaces. >>=20 >>=20 >> I am afraid that FreeBSD doesn't have this capability. >> There is a single mount namespace per whole system image. >> BTW, I am intrigued, in what situations this flag is useful? >>=20 >=20 >=20 > See his other email for more detail on what he wants. > I have not heard of this before and you are correct in that we do not = have this capacity. > I have considered giving jails the capacity to have their own 'real /' = i.e. have a totally different filesystem name space (not just a = chroot). Then when the jail is removed then namespace would disappear. = but that's sort of different. >=20 > Julian It is different indeed (running in a jail). If I am not wrong, the CLONE_NEWNS flag is something that Linux took = from the Plan 9 system. As it seems I'l have to think of some other way to achieve this = functionality or just use a different app, although I am not sure if = there is anything similar available. It is a custom version of apaches suexec that mounts vhosts directories = and chroots for security reasons. When it exits it leaves the vhost dirs = mounted on a freebsd system. I prefer this custom suexec because there = are several extra features I rely on, like choosing the php version to = execute per vhost etc.. There are for sure other options, like = mod_chroot or else.. I'm just feeling familiar w/ this one and I thought = there might be a solution that I missed. Thanks! Boyko=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9F69CF52-3793-439E-BEC8-BE9926C4EBA8>