conmon-rs always opens a namespace, even if it won't be used

containers / conmon-rs

An OCI container runtime monitor written in Rust

Apache License 2.0

190 stars 43 forks source link

conmon-rs always opens a namespace, even if it won't be used #1081

Open haircommander opened 1 year ago

haircommander commented 1 year ago

after https://github.com/containers/conmon-rs/pull/1064, conmon-rs always opens a namespace, even if the pod needs a container level namespace. This isn't a behavior problem, but does needlessly add extra mounts and will cause there to be more open files then needed.

saschagrunert commented 1 year ago

@haircommander would it make sense to extend the CLI/Cap'n Proto interface in the same way we have in pinns, for example:

conmonrs pause --ipc       # Unshare to a new IPC namespace
conmonrs pause --ipc=host  # Unshare to the host IPC namespace
conmonrs pause             # Skip unsharing the IPC namespace

haircommander commented 1 year ago

yeah I think so

haircommander commented 1 year ago

also having a target for posterity would be useful (where we just bind mount a path of a namespace)

haircommander commented 1 year ago

I started working on this but didn't finish. I will try to finish next week