From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Lezcano Subject: Re: VRF-like use of Network Namespaces Date: Tue, 08 Jun 2010 23:06:13 +0200 Message-ID: <4C0EB0C5.8070904@free.fr> References: <4C0E6466.3030100@free.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Mathieu Peresse Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: containers.vger.kernel.org On 06/08/2010 07:12 PM, Mathieu Peresse wrote: > Looks good, thanks ! Has anyone worked to make 'ip' use these facilities ? > > If I understand correctly, from a network resource configuration > perspective: > > - Creating a persisting namespace ('VRF') is equivalent to: create a > namespace (using clone()), which creates a proc entry for that namespace, > and then bind mount the file so that it stays open. > From the same process, unshare (using unshare()), open /proc/self/ns/net, store the fd, unshare again, open /proc/self/ns/net, store the fd, ... A single process handles by this way several network namespaces. To switch from one namespace to another, just use the setns syscall. Well this is one example to use it, AFAIK you are looking for this very specific usage no ? Thanks -- Daniel