From owner-freebsd-hackers@FreeBSD.ORG Wed Jun 16 08:10:17 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D9341065674 for ; Wed, 16 Jun 2010 08:10:17 +0000 (UTC) (envelope-from b.yordanov@exsisto.com) Received: from exaxrb1.exsisto.com (exaxrb1.exsisto.com [81.29.192.98]) by mx1.freebsd.org (Postfix) with ESMTP id EB55F8FC1D for ; Wed, 16 Jun 2010 08:10:16 +0000 (UTC) Received: (qmail 2969 invoked by uid 507); 16 Jun 2010 10:10:13 +0200 Received: by simscan 1.4.0 ppid: 2964, pid: 2965, t: 0.1181s scanners: clamav: 0.96.1/m:52/d:7874 Received: from unknown (HELO ?192.168.1.100?) (b.yordanov@exsisto.com@94.26.39.44) by exaxrb1.exsisto.com with AES128-SHA encrypted SMTP; 16 Jun 2010 10:10:13 +0200 Mime-Version: 1.0 (Apple Message framework v1078) Content-Type: text/plain; charset=us-ascii From: Boyko Yordanov In-Reply-To: <4C181946.7040405@elischer.org> Date: Wed, 16 Jun 2010 11:10:12 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <9F69CF52-3793-439E-BEC8-BE9926C4EBA8@exsisto.com> References: <4C17E1A7.90307@icyb.net.ua> <4C181946.7040405@elischer.org> To: Julian Elischer X-Mailer: Apple Mail (2.1078) Cc: freebsd-hackers@freebsd.org, Andriy Gapon Subject: Re: CLONE_NEWNS or similar in freebsd? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2010 08:10:17 -0000 On Jun 16, 2010, at 3:22 AM, Julian Elischer wrote: > On 6/15/10 1:25 PM, Andriy Gapon wrote: >> on 15/06/2010 17:42 Boyko Yordanov said the following: >>> Hi List, >>>=20 >>> I have an app that uses linux's clone() syscall (with the = CLONE_NEWNS flag). >>> I need to migrate this app to freebsd. >>>=20 >>> Is there similar functionality in freebsd? For what I read fork() = and rfork() >>> wont do the trick. I need the children to have their own private = mount >>> namespaces. >>=20 >>=20 >> I am afraid that FreeBSD doesn't have this capability. >> There is a single mount namespace per whole system image. >> BTW, I am intrigued, in what situations this flag is useful? >>=20 >=20 >=20 > See his other email for more detail on what he wants. > I have not heard of this before and you are correct in that we do not = have this capacity. > I have considered giving jails the capacity to have their own 'real /' = i.e. have a totally different filesystem name space (not just a = chroot). Then when the jail is removed then namespace would disappear. = but that's sort of different. >=20 > Julian It is different indeed (running in a jail). If I am not wrong, the CLONE_NEWNS flag is something that Linux took = from the Plan 9 system. As it seems I'l have to think of some other way to achieve this = functionality or just use a different app, although I am not sure if = there is anything similar available. It is a custom version of apaches suexec that mounts vhosts directories = and chroots for security reasons. When it exits it leaves the vhost dirs = mounted on a freebsd system. I prefer this custom suexec because there = are several extra features I rely on, like choosing the php version to = execute per vhost etc.. There are for sure other options, like = mod_chroot or else.. I'm just feeling familiar w/ this one and I thought = there might be a solution that I missed. Thanks! Boyko=