From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: Net containers config and usage Date: Wed, 14 Jan 2009 13:26:34 -0600 Message-ID: <20090114192633.GA8572@us.ibm.com> References: <20090113005436.GA26167@versecorp.net> <496C4EB0.30203@free.fr> <20090113142925.GA11767@us.ibm.com> <20090113191837.GA29900@versecorp.net> <496CF11A.7090908@free.fr> <20090113214747.GA23742@versecorp.net> <1231887220.6398.73.camel@groeck-laptop> <496DA755.1040001@free.fr> <20090114172739.GA13581@versecorp.net> <496E23DA.9080402@free.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <496E23DA.9080402-GANU6spQydw@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Daniel Lezcano Cc: "containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org" , "Eric W. Biederman" List-Id: containers.vger.kernel.org Quoting Daniel Lezcano (daniel.lezcano-GANU6spQydw@public.gmane.org): > chris-SqNQQPNds68nxqbYAscKCQ@public.gmane.org wrote: > > On Wed, Jan 14, 2009 at 09:50:29AM +0100, Daniel Lezcano wrote: > > > >> Guenter Roeck wrote: > >> > >>> As far as I recall, if you have sysfs active and use the sysfs patch to > >>> let you configure both sysfs and network namespaces, you can only move > >>> virtual interfaces into a network namespace. > >>> > >>> Guenter > >>> > >>> > >> Ah ! yes, you are right :) > >> > >> The current upstream implementation allowing sysfs and netns to coexist > >> together has one restriction, the physical network devices can not be > >> moved if sysfs is enabled in the kernel. This is why Chris can not move > >> the physical network device with this version of the kernel. > >> This restriction will be set until the sysfs per namespace is fully > >> supported. > >> > >> This restriction does not exist with with the previous kernel version > >> with the sysfs per namespace patchset. > >> > >> -- Daniel > >> > >> > > > > Ah, great, thanks to all for your help on this. > > Do you have any rough estimate when the support for sysfs per namespace will > > > The sysfs per namespace has been rejected because of some design > problems related with the sysfs itself. > Perhaps Eric can tell more about that... Chris, in the meantime, is using the physical device an absolute necessity, or could you work around it for now using a veth tunnel? Even if Eric has been working on the sysfs locking rework quietly the last few months, i'd expect several months of back-and-forth trying to prove that the rework is correct... -serge