On 2025-08-27, Alexander Monakov <amonakov@xxxxxxxxx> wrote: > > Frankly, in such situation I would spawn a thread for that, did unshare(CLONE_FILES) > > in it, replaced the binary and buggered off, with parent waiting for it to complete. > > Good to know, but it doesn't sound very efficient (and like something that could be > integrated in Go runtime). Can't you create a goroutine, runtime.LockOSThread, unshare(CLONE_FILES), do the work, and then return -- without runtime.UnlockOSThread (to kill the thread and stop it from being used by other Go code)? Or does that not work in stdlib? We have to do this a lot in runc and other Go programs that mess around with unshare() or other per-thread attributes that don't play well with Go's process model. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/
Attachment:
signature.asc
Description: PGP signature
