From mboxrd@z Thu Jan 1 00:00:00 1970 From: Oren Laadan Subject: Re: [PATCH RFC] refuse c/r with nested network namespaces Date: Tue, 22 Dec 2009 19:48:47 -0500 Message-ID: <4B3168EF.8020100@cs.columbia.edu> References: <20091215215854.GA26783@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20091215215854.GA26783-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Serge E. Hallyn" Cc: Linux Containers List-Id: containers.vger.kernel.org For v19-rc3. Serge E. Hallyn wrote: > ...because we can't restore network devices in private > namespaces anyway. This leaves userspace to set up > network devices however it wants at restart, and leaves > it free to restart the application either in the global > or a private (configured) network namespace. > > Signed-off-by: Serge E. Hallyn > --- > kernel/nsproxy.c | 7 +++++++ > 1 files changed, 7 insertions(+), 0 deletions(-) > > diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c > index c91b725..851777a 100644 > --- a/kernel/nsproxy.c > +++ b/kernel/nsproxy.c > @@ -291,6 +291,13 @@ static int do_checkpoint_ns(struct ckpt_ctx *ctx, struct nsproxy *nsproxy) > > /* TODO: Write other namespaces here */ > > + /* We do not support >1 private netns */ > + ret = -EINVAL; > + if (nsproxy->net_ns != ctx->root_nsproxy->net_ns) { > + ckpt_err(ctx, ret, "%(T)Nested net_ns unsupported\n"); > + goto out; > + } > + > ret = ckpt_write_obj(ctx, &h->h); > out: > ckpt_hdr_put(ctx, h);