From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nicolas Dichtel Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns Date: Thu, 25 Sep 2014 10:53:28 +0200 Message-ID: <5423D808.7050800@6wind.com> References: <1411478430-4989-1-git-send-email-nicolas.dichtel@6wind.com> <54228D87.3070309@6wind.com> <5422F1F7.8010308@6wind.com> Reply-To: nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; Format="flowed" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Cong Wang Cc: netdev , containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Andy Lutomirski , Stephen Hemminger , "Eric W. Biederman" , linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Andrew Morton , David Miller List-Id: containers.vger.kernel.org TGUgMjQvMDkvMjAxNCAxODo0OCwgQ29uZyBXYW5nIGEgw6ljcml0IDoKPiBPbiBXZWQsIFNlcCAy NCwgMjAxNCBhdCA5OjMxIEFNLCBOaWNvbGFzIERpY2h0ZWwKPiA8bmljb2xhcy5kaWNodGVsQDZ3 aW5kLmNvbT4gd3JvdGU6Cj4+PiBJIHRoaW5rIGluIHRoaXMgY2FzZSB5b3VyIElEJ3MgYXJlIHN0 aWxsIGF2YWlsYWJsZSwgYnV0IGFyZW4ndCB5b3UKPj4+IHByb3ZpZGluZyBhIG5ldyB3YXkKPj4+ IGZvciB0aGUgaW5uZXIgbmV0bnMgZGV2aWNlIHRvIGVzY2FwZSB3aGljaCB3ZSBhcmUgdHJ5aW5n IHRvIGF2b2lkPwo+Pgo+PiBJdCdzIHdoeSB0aGUgaWRzIGRlcGVuZCBvbiB1c2VyIG5zLiBPbmx5 IGlmIHVzZXIgbnMgYXJlIHRoZSBzYW1lIHdlIGFsbG93IHRvCj4+IGdldCBhbiBpZCBmb3IgYSBw ZWVyIG5ldG5zLgo+Cj4gVG9vIGxhdGUsIHVzZXJucyBpcyByZWxhdGl2ZWx5IG5ldywgcmVseWlu ZyBvbiBpdCBicmVha3Mgb3VyIGV4aXN0aW5nCj4gYXNzdW1wdGlvbi4KPgpJIGRvbid0IGdldCB5 b3VyIHBvaW50LiBuZXRucyBoYXMgYmVlbiBhZGRlZCBpbiBrZXJuZWwgYWZ0ZXIgdXNlciBuczoK YWNjZTI5MmM4MmQ0IHVzZXIgbmFtZXNwYWNlOiBhZGQgdGhlIGZyYW1ld29yayA9PiAyLjYuMjMK NWYyNTZiZWNkODY4IFtORVRdOiBCYXNpYyBuZXR3b3JrIG5hbWVzcGFjZSBpbmZyYXN0cnVjdHVy ZS4gPT4gMi42LjI0CgpJbiB0aGUga2VybmVsLCBlYWNoIG5ldG5zIGlzIGxpbmtlZCB3aXRoIGEg dXNlciBucy4KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18K Q29udGFpbmVycyBtYWlsaW5nIGxpc3QKQ29udGFpbmVyc0BsaXN0cy5saW51eC1mb3VuZGF0aW9u Lm9yZwpodHRwczovL2xpc3RzLmxpbnV4Zm91bmRhdGlvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9j b250YWluZXJz From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752444AbaIYIxf (ORCPT ); Thu, 25 Sep 2014 04:53:35 -0400 Received: from mail-wg0-f47.google.com ([74.125.82.47]:56025 "EHLO mail-wg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752089AbaIYIxb (ORCPT ); Thu, 25 Sep 2014 04:53:31 -0400 Message-ID: <5423D808.7050800@6wind.com> Date: Thu, 25 Sep 2014 10:53:28 +0200 From: Nicolas Dichtel Reply-To: nicolas.dichtel@6wind.com Organization: 6WIND User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 MIME-Version: 1.0 To: Cong Wang CC: netdev , containers@lists.linux-foundation.org, "linux-kernel@vger.kernel.org" , linux-api@vger.kernel.org, David Miller , "Eric W. Biederman" , Stephen Hemminger , Andrew Morton , Andy Lutomirski Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns References: <1411478430-4989-1-git-send-email-nicolas.dichtel@6wind.com> <54228D87.3070309@6wind.com> <5422F1F7.8010308@6wind.com> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 24/09/2014 18:48, Cong Wang a écrit : > On Wed, Sep 24, 2014 at 9:31 AM, Nicolas Dichtel > wrote: >>> I think in this case your ID's are still available, but aren't you >>> providing a new way >>> for the inner netns device to escape which we are trying to avoid? >> >> It's why the ids depend on user ns. Only if user ns are the same we allow to >> get an id for a peer netns. > > Too late, userns is relatively new, relying on it breaks our existing > assumption. > I don't get your point. netns has been added in kernel after user ns: acce292c82d4 user namespace: add the framework => 2.6.23 5f256becd868 [NET]: Basic network namespace infrastructure. => 2.6.24 In the kernel, each netns is linked with a user ns.