From mboxrd@z Thu Jan 1 00:00:00 1970 From: jamal Subject: Re: RFC: netfilter: nf_conntrack: add support for "conntrack zones" Date: Tue, 23 Feb 2010 18:09:41 -0500 Message-ID: <1266966581.3973.675.camel@bigi> References: <4B4F24AC.70105@trash.net> <1263481549.23480.24.camel@bigi> <4B4F3A50.1050400@trash.net> <1263490403.23480.109.camel@bigi> <4B50403A.6010507@trash.net> <1263568754.23480.142.camel@bigi> <1266875729.3673.12.camel@bigi> <1266931623.3973.643.camel@bigi> <1266934817.3973.654.camel@bigi> Reply-To: hadi@cyberus.ca Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: Daniel Lezcano , Patrick McHardy , Linux Netdev List , containers@lists.linux-foundation.org, Netfilter Development Mailinglist , Ben Greear To: "Eric W. Biederman" Return-path: Received: from mail-px0-f191.google.com ([209.85.216.191]:35160 "EHLO mail-px0-f191.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753249Ab0BWXJr (ORCPT ); Tue, 23 Feb 2010 18:09:47 -0500 In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: On Tue, 2010-02-23 at 12:00 -0800, Eric W. Biederman wrote: > That point of the mount to hold a persistent reference to the > namespace without using a process. > > The point of the of the to be written set_ns call is to change > the default network namespace of the process such that all future > open/bind/socket calls happen in the referenced network namespace. Ok, i like it ;-> Patches RSN? Let me if you want someone to test.. > The are a few stray places like sysfs where it is the mount point > not current->nsproxy->net_ns that will determine what we see. Is sysfs considered "usable enough" for namespaces? > Attributes of the specific namespace? Well, example what is being un/shared etc. cheers, jamal