CLONE_NEWNS or similar in freebsd?

[Boyko Yordanov]

On Jun 16, 2010, at 3:22 AM, Julian Elischer wrote:

> On 6/15/10 1:25 PM, Andriy Gapon wrote:
>> on 15/06/2010 17:42 Boyko Yordanov said the following:
>>> Hi List,
>>> 
>>> I have an app that uses linux's clone() syscall (with the CLONE_NEWNS flag).
>>> I need to migrate this app to freebsd.
>>> 
>>> Is there similar functionality in freebsd? For what I read fork() and rfork()
>>> wont do the trick. I need the children to have their own private mount
>>> namespaces.
>> 
>> 
>> I am afraid that FreeBSD doesn't have this capability.
>> There is a single mount namespace per whole system image.
>> BTW, I am intrigued, in what situations this flag is useful?
>> 
> 
> 
> See his other email for more detail on what he wants.
> I have not heard of this before and you are correct in that we do not have this capacity.
> I have considered giving jails the capacity to have their own 'real /'  i.e. have a totally different filesystem name space (not just a chroot). Then when the jail is removed  then namespace would disappear. but that's sort of different.
> 
> Julian

It is different indeed (running in a jail).

If I am not wrong, the CLONE_NEWNS flag is something that Linux took from the Plan 9 system.

As it seems I'l have to think of some other way to achieve this functionality or just use a different app, although I am not sure if there is anything similar available.

It is a custom version of apaches suexec that mounts vhosts directories and chroots for security reasons. When it exits it leaves the vhost dirs mounted on a freebsd system. I prefer this custom suexec because there are several extra features I rely on, like choosing the php version to execute per vhost etc.. There are for sure other options, like mod_chroot or else.. I'm just feeling familiar w/ this one and I thought there might be a solution that I missed.

Thanks!

Boyko