[PATCH RFC] refuse c/r with nested network namespaces

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH RFC] refuse c/r with nested network namespaces
@ 2009-12-15 21:58 Serge E. Hallyn
       [not found] ` <20091215215854.GA26783-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Serge E. Hallyn @ 2009-12-15 21:58 UTC (permalink / raw)
  To: Oren Laadan; +Cc: Linux Containers

...because we can't restore network devices in private
namespaces anyway.  This leaves userspace to set up
network devices however it wants at restart, and leaves
it free to restart the application either in the global
or a private (configured) network namespace.

Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
 kernel/nsproxy.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index c91b725..851777a 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -291,6 +291,13 @@ static int do_checkpoint_ns(struct ckpt_ctx *ctx, struct nsproxy *nsproxy)
 
 	/* TODO: Write other namespaces here */
 
+	/* We do not support >1 private netns */
+	ret = -EINVAL;
+	if (nsproxy->net_ns != ctx->root_nsproxy->net_ns) {
+		ckpt_err(ctx, ret, "%(T)Nested net_ns unsupported\n");
+		goto out;
+	}
+
 	ret = ckpt_write_obj(ctx, &h->h);
  out:
 	ckpt_hdr_put(ctx, h);
-- 
1.6.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH RFC] refuse c/r with nested network namespaces
       [not found] ` <20091215215854.GA26783-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
@ 2009-12-23  0:48   ` Oren Laadan
  0 siblings, 0 replies; 2+ messages in thread
From: Oren Laadan @ 2009-12-23  0:48 UTC (permalink / raw)
  To: Serge E. Hallyn; +Cc: Linux Containers


For v19-rc3.

Serge E. Hallyn wrote:
> ...because we can't restore network devices in private
> namespaces anyway.  This leaves userspace to set up
> network devices however it wants at restart, and leaves
> it free to restart the application either in the global
> or a private (configured) network namespace.
> 
> Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
> ---
>  kernel/nsproxy.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index c91b725..851777a 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -291,6 +291,13 @@ static int do_checkpoint_ns(struct ckpt_ctx *ctx, struct nsproxy *nsproxy)
>  
>  	/* TODO: Write other namespaces here */
>  
> +	/* We do not support >1 private netns */
> +	ret = -EINVAL;
> +	if (nsproxy->net_ns != ctx->root_nsproxy->net_ns) {
> +		ckpt_err(ctx, ret, "%(T)Nested net_ns unsupported\n");
> +		goto out;
> +	}
> +
>  	ret = ckpt_write_obj(ctx, &h->h);
>   out:
>  	ckpt_hdr_put(ctx, h);

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-12-23  0:48 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-12-15 21:58 [PATCH RFC] refuse c/r with nested network namespaces Serge E. Hallyn
     [not found] ` <20091215215854.GA26783-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-12-23  0:48   ` Oren Laadan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.