From: ebiederm@xmission.com (Eric W. Biederman)
To: "Rémi Denis-Courmont" <remi@remlab.net>
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
jamal <hadi@cyberus.ca>, Daniel Lezcano <daniel.lezcano@free.fr>,
Linux Containers <containers@lists.osdl.org>,
Renato Westphal <renatowestphal@gmail.com>
Subject: Re: [PATCH 2/7] ns: Introduce the setns syscall
Date: Sat, 07 May 2011 06:57:06 -0700 [thread overview]
Message-ID: <m1bozepqa5.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <201105071101.10950.remi@remlab.net> ("Rémi Denis-Courmont"'s message of "Sat, 7 May 2011 11:01:08 +0300")
"Rémi Denis-Courmont" <remi@remlab.net> writes:
> Le samedi 7 mai 2011 05:24:56 Eric W. Biederman, vous avez écrit :
>> Pieces of this puzzle can also be solved by instead of
>> coming up with a general purpose system call coming up
>> with targed system calls perhaps socketat that solve
>> a subset of the larger problem. Overall that appears
>> to be more work for less reward.
>
> socketat() is still required for multithreaded namespace-aware userspace, I
> believe.
The network namespace is a per task property so there are no problems
with multithreaded network namespace aware userspace applications. The
implementation of a userspace socketat will still need to disable signal
handling around the network namespace switch to be signal safe. Which
means that ultimately a kernel version of socketat may be desirable,
for performance reasons but I know of know correctness reasons to need
it.
For the time being I have simply removed socketat from what I plan to
merge because it is not strictly needed, I don't yet have a test case
for socketat, and I don't have as much time to work on this as I
would like.
There is one bug a multi-threaded network namespace aware user space
application might run into, and that is /proc/net is a symlink to
/proc/self. Which means that if you open /proc/net/foo from a task with
a different network namespace than your the task whose tid equals your
tgid, the /proc/net will return the wrong file. Still you can
avoid even that silliness by opening /proc/<tid>/net.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: "Rémi Denis-Courmont" <remi@remlab.net>
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
jamal <hadi@cyberus.ca>, Daniel Lezcano <daniel.lezcano@free.fr>,
Linux Containers <containers@lists.osdl.org>,
Renato Westphal <renatowestphal@gmail.com>
Subject: Re: [PATCH 2/7] ns: Introduce the setns syscall
Date: Sat, 07 May 2011 06:57:06 -0700 [thread overview]
Message-ID: <m1bozepqa5.fsf@fess.ebiederm.org> (raw)
Message-ID: <20110507135706.HNBv0wrPc8e3cq6RjumS2kP1kX-P_IPGmVBBOWedjVY@z> (raw)
In-Reply-To: <201105071101.10950.remi@remlab.net> ("Rémi Denis-Courmont"'s message of "Sat, 7 May 2011 11:01:08 +0300")
"Rémi Denis-Courmont" <remi@remlab.net> writes:
> Le samedi 7 mai 2011 05:24:56 Eric W. Biederman, vous avez écrit :
>> Pieces of this puzzle can also be solved by instead of
>> coming up with a general purpose system call coming up
>> with targed system calls perhaps socketat that solve
>> a subset of the larger problem. Overall that appears
>> to be more work for less reward.
>
> socketat() is still required for multithreaded namespace-aware userspace, I
> believe.
The network namespace is a per task property so there are no problems
with multithreaded network namespace aware userspace applications. The
implementation of a userspace socketat will still need to disable signal
handling around the network namespace switch to be signal safe. Which
means that ultimately a kernel version of socketat may be desirable,
for performance reasons but I know of know correctness reasons to need
it.
For the time being I have simply removed socketat from what I plan to
merge because it is not strictly needed, I don't yet have a test case
for socketat, and I don't have as much time to work on this as I
would like.
There is one bug a multi-threaded network namespace aware user space
application might run into, and that is /proc/net is a symlink to
/proc/self. Which means that if you open /proc/net/foo from a task with
a different network namespace than your the task whose tid equals your
tgid, the /proc/net will return the wrong file. Still you can
avoid even that silliness by opening /proc/<tid>/net.
Eric
next prev parent reply other threads:[~2011-05-07 13:57 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-07 2:23 [PATCH 0/7] Network namespace manipulation with file descriptors Eric W. Biederman
2011-05-07 2:23 ` Eric W. Biederman
2011-05-07 2:24 ` [PATCH 1/7] ns: proc files for namespace naming policy Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
[not found] ` <1304735101-1824-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2011-05-07 2:24 ` [PATCH 2/7] ns: Introduce the setns syscall Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
[not found] ` <1304735101-1824-2-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2011-05-07 8:01 ` Rémi Denis-Courmont
2011-05-07 8:01 ` Rémi Denis-Courmont
2011-05-07 13:57 ` Eric W. Biederman [this message]
2011-05-07 13:57 ` Eric W. Biederman
2011-05-07 22:39 ` Daniel Lezcano
2011-05-08 3:51 ` Matt Helsley
2011-05-11 19:21 ` Nathan Lynch
2011-05-11 20:33 ` Eric W. Biederman
2011-05-07 2:25 ` [PATCH 6/7] net: Allow setting the network namespace by fd Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 22:46 ` Daniel Lezcano
2011-05-07 2:24 ` [PATCH 3/7] ns proc: Add support for the network namespace Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 22:41 ` Daniel Lezcano
2011-05-11 19:21 ` Nathan Lynch
2011-05-11 21:34 ` Eric W. Biederman
2011-05-11 21:42 ` Nathan Lynch
2011-05-07 2:24 ` [PATCH 4/7] ns proc: Add support for the uts namespace Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 22:42 ` Daniel Lezcano
2011-05-07 2:24 ` [PATCH 5/7] ns proc: Add support for the ipc namespace Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 22:44 ` Daniel Lezcano
2011-05-07 2:25 ` [PATCH 7/7] ns: Wire up the setns system call Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 8:27 ` Geert Uytterhoeven
2011-05-07 14:09 ` Eric W. Biederman
2011-05-07 14:09 ` Eric W. Biederman
2011-05-07 14:09 ` Eric W. Biederman
2011-05-07 18:22 ` Geert Uytterhoeven
2011-05-07 13:59 ` Mike Frysinger
2011-05-07 20:06 ` James Bottomley
2011-05-08 2:19 ` Eric W. Biederman
2011-05-08 4:02 ` James Bottomley
2011-05-07 22:37 ` [PATCH 1/7] ns: proc files for namespace naming policy Daniel Lezcano
2011-05-11 19:20 ` Nathan Lynch
2011-05-11 22:52 ` Eric W. Biederman
[not found] ` <m1tyd7p7tq.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-05-07 6:58 ` [PATCH 0/7] Network namespace manipulation with file descriptors Alex Bligh
2011-05-07 6:58 ` Alex Bligh
2011-05-07 14:18 ` Eric W. Biederman
2011-05-07 14:18 ` Eric W. Biederman
2011-05-08 12:31 ` Alex Bligh
[not found] ` <m1fwoqoapn.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-05-17 11:11 ` David Lamparter
2011-05-17 11:11 ` David Lamparter
2011-05-17 14:33 ` Eric W. Biederman
2011-05-17 15:35 ` David Lamparter
2011-05-22 4:19 ` Renato Westphal
2011-05-09 19:04 ` David Miller
2011-05-09 19:59 ` Eric W. Biederman
2011-05-09 20:40 ` David Miller
2011-05-09 20:54 ` Eric W. Biederman
2011-05-09 20:55 ` David Miller
2011-05-10 21:56 ` Luck, Tony
2011-05-10 23:02 ` Eric W. Biederman
2011-05-10 23:02 ` Eric W. Biederman
2011-05-18 12:43 ` Identifying network namespaces (was: Network namespace manipulation with file descriptors) David Lamparter
2011-05-18 13:03 ` Alexey Dobriyan
[not found] ` <BANLkTikmrC86hk=W84UBwhJLe_uGAN4w9w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-05-18 13:33 ` David Lamparter
2011-05-18 13:33 ` David Lamparter
2011-05-18 14:13 ` Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1bozepqa5.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=containers@lists.osdl.org \
--cc=daniel.lezcano@free.fr \
--cc=hadi@cyberus.ca \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=remi@remlab.net \
--cc=renatowestphal@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.