Virtual private servers and application checkpoint and restart are two advanced operating system features which place different but related requirements on the way kernel-provided resources are accessed by userspace. In Linux, kernel resources, such as process IDs and SYSV shared messages, have traditionally been identified using global tables. Since 2005, these tables have gradually been transformed into perprocess namespaces in order to support both resource availability on application restart and virtual private server functionality. Due to inherent differences in the resources themselves, the semantics of namespace cloning differ for many of the resources. This paper describes the existing and proposed namespaces as well as their uses. Categories and Subject Descriptors C.5.5 [COMPUTER SYSTEM IMPLEMENTATION]: Security ; B.8.1 [PERFORMANCE AND RELIABILITY]: Reliability, Testing, and Fault-Tolerance General Terms Reliability, Security Keywords Survivability, Reliability, Security, C...
Sukadev Bhattiprolu, Eric W. Biederman, Serge E. H