Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103813 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 15735 invoked from network); 24 Jan 2019 00:37:44 -0000 Received: from unknown (HELO outbound2.mail.transip.nl) (149.210.149.73) by pb1.pair.com with SMTP; 24 Jan 2019 00:37:44 -0000 Received: from submission8.mail.transip.nl (submission8.mail.transip.nl [149.210.149.41]) by outbound2.mail.transip.nl (Postfix) with ESMTP id 43lJ3f5S6lzYcqV for ; Wed, 23 Jan 2019 22:15:42 +0100 (CET) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by submission8.mail.transip.nl (Postfix) with ESMTPA id 43lJ3c1ZS7z2ZNnb for ; Wed, 23 Jan 2019 22:15:40 +0100 (CET) Received: by mail-wr1-f43.google.com with SMTP id r10so4143312wrs.10 for ; Wed, 23 Jan 2019 13:15:40 -0800 (PST) X-Gm-Message-State: AJcUukeFT0f2E6kUs4+qZhmSvCTf4dv8EHjhv9oXdmry8iaL0mB5FKWz 68aAxbms7dFQddKP9AxPVrxhlGSQa+OtZViTgIU= X-Google-Smtp-Source: ALg8bN4/4I9UF20ZOXn/COIP07ZFuwAifKvzXg/Frsk3Si39bBWvDt5K6LoEzvWWG+lDb277QZ8icOdGr85RcpOJL54= X-Received: by 2002:a5d:4a8e:: with SMTP id o14mr4211044wrq.159.1548278138280; Wed, 23 Jan 2019 13:15:38 -0800 (PST) MIME-Version: 1.0 Date: Wed, 23 Jan 2019 21:15:29 +0000 X-Gmail-Original-Message-ID: Message-ID: To: PHP internals Content-Type: multipart/alternative; boundary="000000000000722559058026982f" X-Scanned-By: ClueGetter at submission8.mail.transip.nl DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=transip-a; d=pmmaga.net; t=1548278141; h=from:subject:to:date: mime-version:content-type; bh=qFGcTrMdV58VQO+8t2aMFgDpSfHAs24iYaN2D2iNLeM=; b=oMKOzpnSXfUtxKr+n5Pf5YYI5CPO9L5QAr+/+X8qOPGhZvRWl4k4Pnnc28bls47Fl02lvL Hy6pgVpCjSwAOjzrjUo8OXlqqo6y3hzvUTxrPRX7HUUcbHQ2LnTWYULBNMtQylSD2AG8Ok oku5+QWpqE/vuL1YYlxgNg6Q7Kqhydk3IYbq/YQaOLwltqqBWbL7fh15AYT2lhk4dMPhnX xrtuJvcYTAqdYSb4FQzwFCBzxw1inW7+XR4uA+S8p6XVIh78pDCgsVF9PEJUCKn6Dgof3a 9mwEu7SCLuWhahnkveuHhdJwofnBaRwYEwNw1gMXB5FOxD21shYBqSWy2Tw5Qg== X-Report-Abuse-To: abuse@transip.nl Subject: Exposing the linux namespaces API via pcntl_* From: mail@pmmaga.net (=?UTF-8?Q?Pedro_Magalh=C3=A3es?=) --000000000000722559058026982f Content-Type: text/plain; charset="UTF-8" Hi internals, Linux namespaces have been around for a long time and in recent years their usage has increased dramatically with the popularization of containers. Modern browsers also make use of them to sandbox certain processes and so on. To quote an introduction to the subject: The purpose of each namespace is to wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. One of the overall goals of namespaces is to support the implementation of containers, a tool for lightweight virtualization (as well as other purposes) that provides a group of processes with the illusion that they are the only processes on the system. - from https://lwn.net/Articles/531114/ I think it can be useful for a language to expose this functionality to the users for that kind of purpose (ie. run a security sensitive task in isolation, simulate certain conditions like no network access, etc..). For that end, I've put forward https://github.com/php/php-src/pull/3760 which provides an implementation of `pcntl_unshare(int $flags): bool`. And I'm looking for some feedback if anyone would oppose the introduction of this function (and probably `setns` next). Regards, Pedro --000000000000722559058026982f--