Conversation
Jarkko Sakkinen
jarkko
Edited 7 hours ago
I'll create a rootns AUR repository for Arch Linux kernel with rootns patches. I want to run it in my desktop for some time to get more feel for it and fix any glitches.
I think it is pretty good but for a namespace it is better to try to use it for a while before submitting anything.
The idea of rootns is to namespace root / superblock i.e., that way this dilates from David Howell's original series (or by evolution actually following all review comments from Al and Eric). In David's series topologically container object was something managed by task_struct. In this series, rootns is part of nsproxy, and purely a namespace.
You would think that root is part of filesystem namsepace but actually formally filesystem namespace is all non-empty sets of mount trees not including empty state (there's BUG_ON() to underline this in VFS code). This namespace plays only with detached roots and that way can give guarantees of not mixing up the kernel state.
Once again (as with swcam driver), I ripped off the SRCU/spinlock locking scheme from SGX driver and there are no loops inside spinlock or anything weird like that. I should remember to add cond_resched()'s tho to iterations :-)
I think the gist of David's code had absolutely a reason to exist. It was just not enough constrained, scoped and explained. And it was completely misunderstood by most. I have to give credit to Eric Biedermann giving such great (and many) review comments despite being in existential opposition. This is uncommon and shows high-standards professionalism in a person.
I think it is pretty good but for a namespace it is better to try to use it for a while before submitting anything.
The idea of rootns is to namespace root / superblock i.e., that way this dilates from David Howell's original series (or by evolution actually following all review comments from Al and Eric). In David's series topologically container object was something managed by task_struct. In this series, rootns is part of nsproxy, and purely a namespace.
You would think that root is part of filesystem namsepace but actually formally filesystem namespace is all non-empty sets of mount trees not including empty state (there's BUG_ON() to underline this in VFS code). This namespace plays only with detached roots and that way can give guarantees of not mixing up the kernel state.
Once again (as with swcam driver), I ripped off the SRCU/spinlock locking scheme from SGX driver and there are no loops inside spinlock or anything weird like that. I should remember to add cond_resched()'s tho to iterations :-)
I think the gist of David's code had absolutely a reason to exist. It was just not enough constrained, scoped and explained. And it was completely misunderstood by most. I have to give credit to Eric Biedermann giving such great (and many) review comments despite being in existential opposition. This is uncommon and shows high-standards professionalism in a person.
1
0
0