Date: Wed, 16 Jun 2010 11:10:12 +0300 From: Boyko Yordanov <b.yordanov@exsisto.com> To: Julian Elischer <julian@elischer.org> Cc: freebsd-hackers@freebsd.org, Andriy Gapon <avg@icyb.net.ua> Subject: Re: CLONE_NEWNS or similar in freebsd? Message-ID: <9F69CF52-3793-439E-BEC8-BE9926C4EBA8@exsisto.com> In-Reply-To: <4C181946.7040405@elischer.org> References: <EF565524-1B4D-4F7D-AFA3-E9DCC02C03CF@exsisto.com> <4C17E1A7.90307@icyb.net.ua> <4C181946.7040405@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 16, 2010, at 3:22 AM, Julian Elischer wrote: > On 6/15/10 1:25 PM, Andriy Gapon wrote: >> on 15/06/2010 17:42 Boyko Yordanov said the following: >>> Hi List, >>> >>> I have an app that uses linux's clone() syscall (with the CLONE_NEWNS flag). >>> I need to migrate this app to freebsd. >>> >>> Is there similar functionality in freebsd? For what I read fork() and rfork() >>> wont do the trick. I need the children to have their own private mount >>> namespaces. >> >> >> I am afraid that FreeBSD doesn't have this capability. >> There is a single mount namespace per whole system image. >> BTW, I am intrigued, in what situations this flag is useful? >> > > > See his other email for more detail on what he wants. > I have not heard of this before and you are correct in that we do not have this capacity. > I have considered giving jails the capacity to have their own 'real /' i.e. have a totally different filesystem name space (not just a chroot). Then when the jail is removed then namespace would disappear. but that's sort of different. > > Julian It is different indeed (running in a jail). If I am not wrong, the CLONE_NEWNS flag is something that Linux took from the Plan 9 system. As it seems I'l have to think of some other way to achieve this functionality or just use a different app, although I am not sure if there is anything similar available. It is a custom version of apaches suexec that mounts vhosts directories and chroots for security reasons. When it exits it leaves the vhost dirs mounted on a freebsd system. I prefer this custom suexec because there are several extra features I rely on, like choosing the php version to execute per vhost etc.. There are for sure other options, like mod_chroot or else.. I'm just feeling familiar w/ this one and I thought there might be a solution that I missed. Thanks! Boyko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9F69CF52-3793-439E-BEC8-BE9926C4EBA8>