Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns
From: Nicolas Dichtel
Date: Fri Sep 26 2014 - 09:39:07 EST
Le 26/09/2014 03:58, Cong Wang a Ãcrit :
On Thu, Sep 25, 2014 at 1:53 AM, Nicolas Dichtel
<nicolas.dichtel@xxxxxxxxx> wrote:
Le 24/09/2014 18:48, Cong Wang a Ãcrit :
On Wed, Sep 24, 2014 at 9:31 AM, Nicolas Dichtel
<nicolas.dichtel@xxxxxxxxx> wrote:
I think in this case your ID's are still available, but aren't you
providing a new way
for the inner netns device to escape which we are trying to avoid?
It's why the ids depend on user ns. Only if user ns are the same we allow
to
get an id for a peer netns.
Too late, userns is relatively new, relying on it breaks our existing
assumption.
I don't get your point. netns has been added in kernel after user ns:
acce292c82d4 user namespace: add the framework => 2.6.23
5f256becd868 [NET]: Basic network namespace infrastructure. => 2.6.24
Was it complete on 2.6.x? I doubt...
https://lkml.org/lkml/2014/8/20/826
As at Linux 3.8, most relevant subsystems supported user namesâ
paces, but a number of filesystems did not have the infrastrucâ
ture needed to map user and group IDs between user namespaces.
Linux 3.9 added the required infrastructure support for many of
the remaining unsupported filesystems (Plan 9 (9P), Andrew File
System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2). Linux 3.11
added support the last of the unsupported major filesystems, XFS.
In the kernel, each netns is linked with a user ns.
Are you saying every time we create a netns we have a new userns?
This doesn't make sense for me.
No. I mean that each netns depends on a userns.
See include/net/net_namespace.h:
struct net {
[snip]
struct user_namespace *user_ns; /* Owning user namespace */
[snip]
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/