Two Objects Not Namespaced by the Linux Kernel (2017)

&gt; The current set of namespaces in the kernel are: mount, pid, uts, ipc, net, user, and cgroup. [...] [Time is] not namespaced. [...] The kernel keyring is another item not namespaced.<p>I&#x27;ve always argued that &quot;everything is a file&quot; is an exaggeration. These moments make the extent of that exaggeration clear.<p>If everything truly was a file, the only thing you would need to namespace is the filesystem. But in reality there are a lot of other kernel objects that are not files at all.

Since this was written a time namespace was proposed: <a href="https:&#x2F;&#x2F;www.phoronix.com&#x2F;scan.php?page=news_item&amp;px=Linux-Time-Namespace-RFC" rel="nofollow">https:&#x2F;&#x2F;www.phoronix.com&#x2F;scan.php?page=news_item&amp;px=Linux-Ti...</a>

I wonder whether namespacing time would also result in those namespaces being able to have separate &quot;clocks&quot; (time backends? time schedulers?) that progress at different rates, or for different reasons.<p>Being able to put a process into a time namespace with a deterministic &quot;clock&quot; would obviate a large benefit of <a href="http:&#x2F;&#x2F;www.zerovm.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.zerovm.org&#x2F;</a>.<p>Also, having &quot;clock slew&quot; be a matter of perspective—with processes that <i>can</i> handle leap seconds seeing them happen instantaneously; and processes that <i>can&#x27;t</i> handle leap-seconds, seeing slewed time—would be nice. Then you could have different system facilities that care about <i>monotonic</i> time, vs. <i>synced to calendar</i> time, vs. <i>one second per second</i> time, all having that kind of time available to them as &quot;the time&quot;, rather than through different APIs.

I personally miss core pattern namespacing. I would love to give some of my containers a custom coredump handler, but this is impossible.<p>And in general, a sysctls settings namespace would be really useful. Sure, sometimes it makes no sense to namespace a setting, but net.ipv4.tcp_congestion_control for example? I&#x27;d love to be able to change it without modifying the code.

meta: This is from 2017,<p>Super interesting though, the keyring thing especially seems to have broader implications...

Syslog seems to be on the proposal list as well.

Why is this the case? No one has bothered to do it? It would break backwards compatibility? Linus thinks it&#x27;s a bad idea?

I’m not sure that people who think ”containers are just like VMs” should have any business working with containers.

You can&#x27;t change time in container, but it&#x27;s possible to change timezone files.<p>With generating fake timezones it is possible to change time in container.