gpjt
commented
8 years ago Interesting! I've been thinking that maybe what the module should do is take a list of options, one for each of the things you want to unshare. Kind of like the unshare command-line tool uses. What do you think?
Linux 4.6 allows for /proc/$PID/cgroup to be namespaced out with a new CLONE_NEWCGROUP flag for clone(2)/unshare(2). Without this the different unshares will still see the full host cgroup hierarchy, but with this flag each unshare will get a new cgroup namespace for itself.