[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Process isolation support for start-stop-daemon


On Thu, 20 Mar 2014 07:08:39 +0100
Guillem Jover <guillem@debian.org> wrote:

> > > * Some system calls are missing proper error checks.
> > > * The quiet warnings seem suspect, I'd say they should either be
> > >   actual errors or normal warnings.

> > Well, those warnings don't necessarily mean something went wrong,
> > which is why I set them to default-quiet mode.

> In that case I think they should just be normal (quiet) notices and
> not warnings.

Right, I haven't found the right macro though :)

> > > * Why remount the /dev filesystems? /proc is needed to get the new
> > >   PID namespace, but the others do not seem needed? And they are
> > >   problematic as they might change depending on the system, for
> > >   example /dev/shm is now /run/shm in Debian.

> > That code it ported from lxc-unshare. I haven't checked if /dev/*
> > things are really needed, so left it as is for a while.

> From the man page, they don't seem to be, although maybe there's
> practical reasons for those.

Probably they can be dropped, it's PID namespace isolation after all.

> And now that you mention it, the lxc code seems to be LGPL? If so I'd
> like to preserve s-s-d as PD, so try to get inspiration but do not
> copy code over, please?

Basically, the only code from LXC are mount_fs and setup_fs functions,
and few lines in do_isolate. Even without /dev handling dropped, I
don't think that's copyrightable — it's just few kernel syscalls after


Attachment: signature.asc
Description: PGP signature

Reply to: