From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nicolas Dichtel Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns Date: Wed, 24 Sep 2014 18:31:51 +0200 Message-ID: <5422F1F7.8010308@6wind.com> References: <1411478430-4989-1-git-send-email-nicolas.dichtel@6wind.com> <54228D87.3070309@6wind.com> Reply-To: nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; Format="flowed" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Cong Wang Cc: netdev , containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Andy Lutomirski , Stephen Hemminger , "Eric W. Biederman" , linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Andrew Morton , David Miller List-Id: containers.vger.kernel.org TGUgMjQvMDkvMjAxNCAxODoxNSwgQ29uZyBXYW5nIGEgw6ljcml0IDoKPiBPbiBXZWQsIFNlcCAy NCwgMjAxNCBhdCA5OjAxIEFNLCBDb25nIFdhbmcgPGN3YW5nQHR3b3BlbnNvdXJjZS5jb20+IHdy b3RlOgo+Pgo+PiBBbmQgY2xlYXJseSB5b3UgbWlzc2VkIG15IHF1ZXN0aW9uIGFib3ZlOiBob3cg ZG8geW91IGdldCBuZXRucyBpZAo+PiB3aXRob3V0IHNoYXJpbmcgL3Zhci9ydW4vbmV0bnMvID8K Pgo+IE9LLCBJIGZvdW5kIGl0Ogo+Cj4+IElkcyBhcmUgc3RvcmVkIGluIHRoZSBwYXJlbnQgdXNl ciBuYW1lc3BhY2UuIFRoZXNlIGlkcyBhcmUgdmFsaWQgb25seSBpbnNpZGUKPj4gdGhpcyB1c2Vy IG5hbWVzcGFjZS4gVGhlIHVzZXIgY2FuIHJldHJpZXZlIHRoZXNlIGlkcyB2aWEgYSBuZXcgbmV0 bGluayBtZXNzYWdlcywKPj4gYnV0IG9ubHkgaWYgcGVlciBuZXRucyBhcmUgaW4gdGhlIHNhbWUg dXNlciBuYW1lc3BhY2UuCj4KPiBTbyB5b3VyIGV4YW1wbGUgaXMgY29uZnVzaW5nLCBwZXJoYXBz IHlvdSBuZWVkIHNvbWUgb3RoZXIgd2F5IHRvIHNob3cgdGhlIElEJ3MKPiBpbnN0ZWFkIG9mIGJp bmRpbmcgdG8gaXAgbmV0bnMgb3V0cHV0IHdoaWNoIGlzIGJhc2ljYWxseSBscwo+IC92YXIvcnVu L25ldG5zLy4gV2UgZG9uJ3QKPiB3YW50IGFuIGlubmVyIG5ldG5zIGtub3cgYW55dGhpbmcgb3V0 c2lkZSwgSU9XLCB3ZSBkb24ndCBzaGFyZSAvdmFyL3J1bi9uZXRucy8uCkhtbSwgbm90IHN1cmUg dG8gdW5kZXJzdGFuZCB5b3UuIE15IHVzZWNhc2Ugc2hhcmVzIC92YXIvcnVuL25ldG5zLCBiZWNh dXNlCnRoZXJlIGlzIG9ubHkgb25lIHVzZXIgbnMgYW5kIG9uZSBtb3VudCBucy4KCj4gSSB0aGlu ayBpbiB0aGlzIGNhc2UgeW91ciBJRCdzIGFyZSBzdGlsbCBhdmFpbGFibGUsIGJ1dCBhcmVuJ3Qg eW91Cj4gcHJvdmlkaW5nIGEgbmV3IHdheQo+IGZvciB0aGUgaW5uZXIgbmV0bnMgZGV2aWNlIHRv IGVzY2FwZSB3aGljaCB3ZSBhcmUgdHJ5aW5nIHRvIGF2b2lkPwpJdCdzIHdoeSB0aGUgaWRzIGRl cGVuZCBvbiB1c2VyIG5zLiBPbmx5IGlmIHVzZXIgbnMgYXJlIHRoZSBzYW1lIHdlIGFsbG93IHRv CmdldCBhbiBpZCBmb3IgYSBwZWVyIG5ldG5zLgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwpDb250YWluZXJzIG1haWxpbmcgbGlzdApDb250YWluZXJzQGxp c3RzLmxpbnV4LWZvdW5kYXRpb24ub3JnCmh0dHBzOi8vbGlzdHMubGludXhmb3VuZGF0aW9uLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL2NvbnRhaW5lcnM= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752889AbaIXQb4 (ORCPT ); Wed, 24 Sep 2014 12:31:56 -0400 Received: from mail-wg0-f48.google.com ([74.125.82.48]:48403 "EHLO mail-wg0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751577AbaIXQby (ORCPT ); Wed, 24 Sep 2014 12:31:54 -0400 Message-ID: <5422F1F7.8010308@6wind.com> Date: Wed, 24 Sep 2014 18:31:51 +0200 From: Nicolas Dichtel Reply-To: nicolas.dichtel@6wind.com Organization: 6WIND User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 MIME-Version: 1.0 To: Cong Wang CC: netdev , containers@lists.linux-foundation.org, "linux-kernel@vger.kernel.org" , linux-api@vger.kernel.org, David Miller , "Eric W. Biederman" , Stephen Hemminger , Andrew Morton , Andy Lutomirski Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns References: <1411478430-4989-1-git-send-email-nicolas.dichtel@6wind.com> <54228D87.3070309@6wind.com> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 24/09/2014 18:15, Cong Wang a écrit : > On Wed, Sep 24, 2014 at 9:01 AM, Cong Wang wrote: >> >> And clearly you missed my question above: how do you get netns id >> without sharing /var/run/netns/ ? > > OK, I found it: > >> Ids are stored in the parent user namespace. These ids are valid only inside >> this user namespace. The user can retrieve these ids via a new netlink messages, >> but only if peer netns are in the same user namespace. > > So your example is confusing, perhaps you need some other way to show the ID's > instead of binding to ip netns output which is basically ls > /var/run/netns/. We don't > want an inner netns know anything outside, IOW, we don't share /var/run/netns/. Hmm, not sure to understand you. My usecase shares /var/run/netns, because there is only one user ns and one mount ns. > I think in this case your ID's are still available, but aren't you > providing a new way > for the inner netns device to escape which we are trying to avoid? It's why the ids depend on user ns. Only if user ns are the same we allow to get an id for a peer netns.