Namespace support in Application Framework
Description
Environment
relates to
Activity

Jan-Simon Moeller May 6, 2021 at 12:09 PM
Can this be closed ?

jose bollo April 7, 2020 at 12:03 PM
I made a work to allow splitting smack rules across light-containers. It relates to compilation of security-manager. This is not integrated. Latest work on light containers installed the apps in the main container, circumventing the need of that evolution.
Note that LSM Smack is not compatible with namespaces.
The application-framework-main provides configuration files that can be tuned to add in the generated systemd services the directive that handle namespacing. While doing this some change might be need in the application framework but not big changes, that is my bet.
Walt Miner April 6, 2020 at 6:02 PM
What is left to be done on this epic? What is the current status? If there is more to do can you create a related issue to track that work?

Jose Bollo January 26, 2017 at 9:38 AM
Do you mean that the epic "namespace control" is different from the epic "resource control"? It works for me. However I will probably propose to provide the same solution for both cases: leveraging systemd features using a tight integration under control of permissions.

Jose Bollo January 26, 2017 at 9:21 AM
I am currently working on a tight integration of the framework and systemd.
In this work, namespace will be available to authorized applications through permissions.
Details
Details
Assignee

Add namespace support in application framework.