Two Objects Not Namespaced by the Linux Kernel (2017)

by setraon 10/31/2018, 8:49:02 PM with 9 comments
  • by habermanon 10/31/2018, 10:11:36 PM

    > The current set of namespaces in the kernel are: mount, pid, uts, ipc, net, user, and cgroup. [...] [Time is] not namespaced. [...] The kernel keyring is another item not namespaced.

    I've always argued that "everything is a file" is an exaggeration. These moments make the extent of that exaggeration clear.

    If everything truly was a file, the only thing you would need to namespace is the filesystem. But in reality there are a lot of other kernel objects that are not files at all.

  • by wmfon 10/31/2018, 9:21:26 PM

    Since this was written a time namespace was proposed: https://www.phoronix.com/scan.php?page=news_item&px=Linux-Ti...

  • by derefron 10/31/2018, 9:34:26 PM

    I wonder whether namespacing time would also result in those namespaces being able to have separate "clocks" (time backends? time schedulers?) that progress at different rates, or for different reasons.

    Being able to put a process into a time namespace with a deterministic "clock" would obviate a large benefit of http://www.zerovm.org/.

    Also, having "clock slew" be a matter of perspective—with processes that can handle leap seconds seeing them happen instantaneously; and processes that can't handle leap-seconds, seeing slewed time—would be nice. Then you could have different system facilities that care about monotonic time, vs. synced to calendar time, vs. one second per second time, all having that kind of time available to them as "the time", rather than through different APIs.

  • by theamkon 11/1/2018, 1:03:47 AM

    I personally miss core pattern namespacing. I would love to give some of my containers a custom coredump handler, but this is impossible.

    And in general, a sysctls settings namespace would be really useful. Sure, sometimes it makes no sense to namespace a setting, but net.ipv4.tcp_congestion_control for example? I'd love to be able to change it without modifying the code.

  • by vxNsron 10/31/2018, 10:29:56 PM

    meta: This is from 2017,

    Super interesting though, the keyring thing especially seems to have broader implications...

  • by tyingqon 10/31/2018, 9:25:29 PM

    Syslog seems to be on the proposal list as well.

  • by lalaithionon 10/31/2018, 9:15:04 PM

    Why is this the case? No one has bothered to do it? It would break backwards compatibility? Linus thinks it's a bad idea?

  • by Sharlinon 11/1/2018, 11:25:51 AM

    I’m not sure that people who think ”containers are just like VMs” should have any business working with containers.

  • by timeattackon 10/31/2018, 9:39:59 PM

    You can't change time in container, but it's possible to change timezone files.

    With generating fake timezones it is possible to change time in container.