From: Cedric Le Goater <clg@fr.ibm.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Sam Vilain <sam@vilain.net>, Andrey Savochkin <saw@swsoft.com>,
dlezcano@fr.ibm.com, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, serue@us.ibm.com, haveblue@us.ibm.com,
Andrew Morton <akpm@osdl.org>,
dev@sw.ru, herbert@13thfloor.at, devel@openvz.org,
viro@ftp.linux.org.uk, Alexey Kuznetsov <alexey@sw.ru>,
Mark Huang <mlhuang@CS.Princeton.EDU>
Subject: Re: Network namespaces a path to mergable code.
Date: Wed, 28 Jun 2006 11:54:58 +0200 [thread overview]
Message-ID: <44A251F2.70707@fr.ibm.com> (raw)
In-Reply-To: <m1r719ixb6.fsf@ebiederm.dsl.xmission.com>
Eric W. Biederman wrote:
> Despite what it might look like unix domain sockets do not live in the
> filesystem. They store a cookie in the filesystem that roughly
> corresponds to the port number of an AF_INET socket. When you open a
> socket the lookup is done by the cookie retrieved from the filesystem.
unix domain socket lookup uses a path_lookup for sockets in the filesystem
namespace and a find_by_name for socket in the abstract namespace.
> So except for their cookies unix domain sockets are always in the
> network stack.
what is that cookie ? the file dentry and mnt ref ?
so, ok, the resulting struct sock is part of the network namespace but
there is a bridge with the filesystem namespace which does not prevent
other namespaces to do a lookup. the lookup routine needs to be changed,
this is any way necessary for the abstract namespace.
I think we're reaching the limits of namespaces. It would be much easier
with a container id in each kernel object we want to isolate.
C.
next prev parent reply other threads:[~2006-06-28 9:55 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-26 9:49 [patch 1/4] Network namespaces: cleanup of dev_base list use Andrey Savochkin
2006-06-26 9:52 ` [patch 2/4] " Andrey Savochkin
2006-06-26 9:54 ` [patch 3/4] Network namespaces: IPv4 FIB/routing in namespaces Andrey Savochkin
2006-06-26 9:55 ` [patch 4/4] Network namespaces: playing and debugging Andrey Savochkin
2006-06-26 15:04 ` Daniel Lezcano
2006-06-26 15:43 ` Andrey Savochkin
2006-06-26 17:29 ` Daniel Lezcano
2006-06-26 19:34 ` Andrey Savochkin
2006-06-26 14:56 ` [patch 3/4] Network namespaces: IPv4 FIB/routing in namespaces Daniel Lezcano
2006-06-26 15:46 ` Andrey Savochkin
2006-06-26 15:57 ` Daniel Lezcano
2006-06-26 19:39 ` Andrey Savochkin
2006-06-26 20:05 ` Herbert Poetzl
2006-06-27 9:25 ` Andrey Savochkin
2006-06-28 13:51 ` Daniel Lezcano
2006-06-28 14:19 ` Herbert Poetzl
2006-06-28 14:30 ` Andrey Savochkin
2006-06-28 14:34 ` Kirill Korotaev
2006-06-28 16:56 ` Daniel Lezcano
2006-06-28 17:10 ` Ben Greear
2006-06-28 15:05 ` Eric W. Biederman
2006-06-26 15:13 ` [RFC][patch 1/4] Network namespaces: cleanup of dev_base list use Eric W. Biederman
2006-06-26 15:42 ` [patch " Andrey Savochkin
2006-06-26 16:26 ` Eric W. Biederman
2006-06-26 20:14 ` Andrey Savochkin
2006-06-26 21:02 ` Eric W. Biederman
2006-06-27 6:59 ` [RFC][patch " Kirill Korotaev
2006-06-27 11:13 ` Eric W. Biederman
2006-06-27 15:08 ` Kirill Korotaev
2006-06-27 15:26 ` Serge E. Hallyn
2006-06-27 16:54 ` Eric W. Biederman
2006-06-27 17:20 ` [RFC] Network namespaces a path to mergable code Eric W. Biederman
2006-06-27 17:58 ` Andrey Savochkin
2006-06-27 22:20 ` Sam Vilain
2006-06-28 4:33 ` Eric W. Biederman
2006-06-28 5:59 ` Abdallah Chatila
2006-06-28 6:19 ` Sam Vilain
2006-06-28 6:55 ` Eric W. Biederman
2006-06-28 9:54 ` Cedric Le Goater [this message]
2006-06-28 14:03 ` Eric W. Biederman
2006-06-28 14:15 ` Serge E. Hallyn
2006-06-28 14:56 ` Eric W. Biederman
2006-06-28 4:20 ` Eric W. Biederman
2006-06-28 11:06 ` Andrey Savochkin
2006-06-28 16:51 ` Eric W. Biederman
2006-06-28 17:22 ` Andrey Savochkin
2006-06-28 17:40 ` Herbert Poetzl
2006-06-28 17:50 ` Eric W. Biederman
2006-06-28 18:11 ` Eric W. Biederman
2006-06-28 18:14 ` Eric W. Biederman
2006-06-28 18:51 ` Andrey Savochkin
2006-06-28 21:53 ` Daniel Lezcano
2006-06-28 22:54 ` James Morris
2006-06-29 0:19 ` Eric W. Biederman
2006-06-29 0:25 ` Eric W. Biederman
2006-06-29 9:42 ` Daniel Lezcano
2006-06-28 10:20 ` [RFC] " Cedric Le Goater
2006-06-28 15:20 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44A251F2.70707@fr.ibm.com \
--to=clg@fr.ibm.com \
--cc=akpm@osdl.org \
--cc=alexey@sw.ru \
--cc=dev@sw.ru \
--cc=devel@openvz.org \
--cc=dlezcano@fr.ibm.com \
--cc=ebiederm@xmission.com \
--cc=haveblue@us.ibm.com \
--cc=herbert@13thfloor.at \
--cc=linux-kernel@vger.kernel.org \
--cc=mlhuang@CS.Princeton.EDU \
--cc=netdev@vger.kernel.org \
--cc=sam@vilain.net \
--cc=saw@swsoft.com \
--cc=serue@us.ibm.com \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.