The clone() and unshare() syscalls can allow a process (initially root)
to run in a separate distinct namespace than the initial namespace the
kernel starts with. In this separate namespace, you could unmount some
filesystems and mount others.

I'm curious what the semantics, or at least the intended semantics, are.

Consider what happens if a process enters a separate namespace, mounts a
new filesystem, then exits. Does that filesystem get automatically
unmounted, say because the namespace reference count decremented to zero
(if there is such a reference count)?

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-02-14-1158@ipal.net |
|------------------------------------/-------------------------------------|