Re: [PATCH RFC net-next v13 00/13] vsock: add namespace support to vhost-vsock and loopback

Next message: Jakub Kicinski: "Re: [PATCH v2 net-next 00/15] nbl driver for Nebulamatrix NICs"
Previous message: Danilo Krummrich: "Re: [PATCH v1 1/1] driver core: make bus_find_device_by_acpi_dev() stub prototype aligned"
Next in thread: Michael S. Tsirkin: "Re: [PATCH RFC net-next v13 00/13] vsock: add namespace support to vhost-vsock and loopback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Bobby Eshleman

Date: Fri Jan 09 2026 - 19:11:15 EST

On Tue, Dec 23, 2025 at 04:28:34PM -0800, Bobby Eshleman wrote:
> This series adds namespace support to vhost-vsock and loopback. It does
> not add namespaces to any of the other guest transports (virtio-vsock,
> hyperv, or vmci).
>
> The current revision supports two modes: local and global. Local
> mode is complete isolation of namespaces, while global mode is complete
> sharing between namespaces of CIDs (the original behavior).
>
> The mode is set using the parent namespace's
> /proc/sys/net/vsock/child_ns_mode and inherited when a new namespace is
> created. The mode of the current namespace can be queried by reading
> /proc/sys/net/vsock/ns_mode. The mode can not change after the namespace
> has been created.
>
> Modes are per-netns. This allows a system to configure namespaces
> independently (some may share CIDs, others are completely isolated).
> This also supports future possible mixed use cases, where there may be
> namespaces in global mode spinning up VMs while there are mixed mode
> namespaces that provide services to the VMs, but are not allowed to
> allocate from the global CID pool (this mode is not implemented in this
> series).

Stefano, would like me to resend this without the RFC tag, or should I
just leave as is for review? I don't have any planned changes at the
moment.

Best,
Bobby