Namespace support in Application Framework

Can this be closed ?

I made a work to allow splitting smack rules across light-containers. It relates to compilation of security-manager. This is not integrated. Latest work on light containers installed the apps in the main container, circumventing the need of that evolution.

Note that LSM Smack is not compatible with namespaces.

The application-framework-main provides  configuration files that can be tuned to add in the generated  systemd services the directive that handle namespacing. While doing this some change might be need in the application framework but not big changes, that is my bet.

  What is left to be done on this epic?  What is the current status?  If there is more to do can you create a related issue to track that work?

Do you mean that the epic "namespace control" is different from the epic "resource control"? It works for me. However I will probably propose to provide the same solution for both cases: leveraging systemd features using a tight integration under control of permissions.

I am currently working on a tight integration of the framework and systemd.
In this work, namespace will be available to authorized applications through permissions.