From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 31 02:27:10 2020 Received: (at 42849) by debbugs.gnu.org; 31 Aug 2020 06:27:10 +0000 Received: from localhost ([127.0.0.1]:51356 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdHa-00005c-0R for submit@debbugs.gnu.org; Mon, 31 Aug 2020 02:27:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34454) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdHY-00005Q-El for 42849@debbugs.gnu.org; Mon, 31 Aug 2020 02:27:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51196) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCdHS-0008K5-MV; Mon, 31 Aug 2020 02:27:02 -0400 Received: from [2a01:e0a:19b:d9a0:24e2:2545:c1f2:cf9e] (port=36232 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kCdHS-0006xO-4j; Mon, 31 Aug 2020 02:27:02 -0400 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#42849] [PATCH 2/3] linux-container: Add a jail? argument. References: <20200813123419.263639-1-othacehe@gnu.org> <20200813123419.263639-2-othacehe@gnu.org> <87sgc3hpvp.fsf@gnu.org> Date: Mon, 31 Aug 2020 08:27:00 +0200 In-Reply-To: <87sgc3hpvp.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Sun, 30 Aug 2020 21:53:30 +0200") Message-ID: <87k0xfib4b.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42849 Cc: 42849@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hey Ludo, > Why not just change the caller to pass #:mounts '() then? Am I missing > something? > > I=E2=80=99m reluctant to introducing =E2=80=9Cjail=E2=80=9D because that= =E2=80=99s undefined in this > context (reminds me of FreeBSD). The purpose here is to avoid the "pivot-root" call that is done unconditionally in "mount-file-systems". This way containerized process can share the parent root file-system. Maybe something like that would make more sense: --8<---------------cut here---------------start------------->8--- (lambda () (unless (null? mounts) (mount-file-systems root mounts #:mount-/proc? (memq 'pid namespaces) #:mount-/sys? (memq 'net namespaces)))) --8<---------------cut here---------------end--------------->8--- Thanks, Mathieu