Linux Kernel Architecture

Chapter 8: The Virtual Filesystem

used on Sparc systems to emulate SunOS; special files and libraries needed for emulation are

installed in a directory (usually/usr/gnemul/). Information on this path is stored in thealt

elements.

The above directory is always scanned first when searching for a file so that libraries or system

files of the emulation are found before the Linux originals (these are searched afterward). This

supports the parallel use of different libraries for different binary formats. Since this technique is

rarely used, I won’t discuss it further.

VFS Namespaces

Recall from Chapter 2 that the kernel provides the possibility to implement containers. A single system

can provide many containers, but processes trapped in a container cannot see the world outside and do

not have any information about their fellow containers. The containers are completely independent of

each other, and from the VFS point of view, this implies that mounted filesystems need to be tracked

separately for each container. A single global view is not sufficient.

AVFS namespaceis the collection of all mounted filesystems that make up the directory tree of a con-

tainer.^10

Normally, forked or cloned processes inherit the namespace of theirparent process. However, the

CLONE_NEWNSflag can be set to create a new VFS namespace (in the following, I drop the distinction

betweenVFS namespaceandnamespace, although the kernel also provides non-VFS namespaces). If the

new namespace is modified, changes are not propagated to processes belonging to a different namespace.

Neither do changes to other namespaces affect the new namespace.

Recall thatstruct task_structcontains a member element,nsproxy, which is responsible for names-

pace handling.

The kernel uses the following (slightly simplified) structure to manage namespaces. One of the names-

paces is the VFS namespace.

<nsproxy.h>

struct nsproxy {

...

struct mnt_namespace *mnt_ns;

...

};

The amount of information required to implement a VFS namespace is comparatively little:

<mnt_namespace.h>

struct mnt_namespace {

atomic_t count;

struct vfsmount * root;

struct list_head list;

...

};

(^10) Note thatchrootenvironments do not require a separate namespace. Although they cannot access the complete directory tree,
they are affected by changes to their superordinate namespace — unmounting a directory, for example — if the changes are in their
territory.