Controls what mode newly created child namespaces will inherit. At namespace creation, ns_mode is inherited from the parent’s child_ns_mode. The initial value matches the namespace’s own ns_mode.
Values:
- ``global`` - child namespaces will share system-wide CID allocation
and their sockets will be able to reach any VM or socket in any
global namespace.
- ``local`` - child namespaces will have private CID allocation and
their sockets will only be able to connect within their own
namespace.
The first write to child_ns_mode locks its value. Subsequent writes of the same value succeed, but writing a different value returns -EBUSY.
Changing child_ns_mode only affects namespaces created after the change; it does not modify the current namespace or any existing children.
A namespace with ns_mode set to local cannot change child_ns_mode to global (returns -EPERM).