From: ebiederm@xmission.com (Eric W. Biederman)
To: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
linux-fsdevel@vger.kernel.org, jamal <hadi@cyberus.ca>,
Daniel Lezcano <daniel.lezcano@free.fr>,
Linux Containers <containers@lists.osdl.org>,
Renato Westphal <renatowestphal@gmail.com>
Subject: [PATCH 0/7] Network namespace manipulation with file descriptors
Date: Fri, 06 May 2011 19:23:29 -0700 [thread overview]
Message-ID: <m1tyd7p7tq.fsf@fess.ebiederm.org> (raw)
Today there are something things you can use namespaces to implement but
the userspace code is unnecessarily complex and fragile because of
limitations of the kernel interfaces.
This patchset addresses the user interface limitations by introducing
proc files you can open to get file descriptors that keep alive and
refer to your a tasks namespaces. Those file descriptors can be passed
to the new setns system call or the NET_NS_FD argument in netlink
messages.
This patchset is sufficient to implement linux support for named network
namespaces in iproute allowing vpns to be isolated in a network
namespace where you don't have to worry about them conflicting with the
rest of your network.
This patchset is almost sufficient to remove the need for a daemon in a
container to allow you to log in. Unfortunately a few of the namespaces
are not ready to merge yet so I have left them out.
Arch maintainers could you look over patch 7 and verify I have wired
up this new system call correctly.
These changes are also available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd.git
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: <linux-arch@vger.kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <netdev@vger.kernel.org>,
<linux-fsdevel@vger.kernel.org>, jamal <hadi@cyberus.ca>,
Daniel Lezcano <daniel.lezcano@free.fr>,
Linux Containers <containers@lists.osdl.org>,
Renato Westphal <renatowestphal@gmail.com>
Subject: [PATCH 0/7] Network namespace manipulation with file descriptors
Date: Fri, 06 May 2011 19:23:29 -0700 [thread overview]
Message-ID: <m1tyd7p7tq.fsf@fess.ebiederm.org> (raw)
Today there are something things you can use namespaces to implement but
the userspace code is unnecessarily complex and fragile because of
limitations of the kernel interfaces.
This patchset addresses the user interface limitations by introducing
proc files you can open to get file descriptors that keep alive and
refer to your a tasks namespaces. Those file descriptors can be passed
to the new setns system call or the NET_NS_FD argument in netlink
messages.
This patchset is sufficient to implement linux support for named network
namespaces in iproute allowing vpns to be isolated in a network
namespace where you don't have to worry about them conflicting with the
rest of your network.
This patchset is almost sufficient to remove the need for a daemon in a
container to allow you to log in. Unfortunately a few of the namespaces
are not ready to merge yet so I have left them out.
Arch maintainers could you look over patch 7 and verify I have wired
up this new system call correctly.
These changes are also available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd.git
next reply other threads:[~2011-05-07 2:23 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-07 2:23 Eric W. Biederman [this message]
2011-05-07 2:23 ` [PATCH 0/7] Network namespace manipulation with file descriptors Eric W. Biederman
2011-05-07 2:24 ` [PATCH 1/7] ns: proc files for namespace naming policy Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
[not found] ` <1304735101-1824-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2011-05-07 2:24 ` [PATCH 2/7] ns: Introduce the setns syscall Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
[not found] ` <1304735101-1824-2-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2011-05-07 8:01 ` Rémi Denis-Courmont
2011-05-07 8:01 ` Rémi Denis-Courmont
2011-05-07 13:57 ` Eric W. Biederman
2011-05-07 13:57 ` Eric W. Biederman
2011-05-07 22:39 ` Daniel Lezcano
2011-05-08 3:51 ` Matt Helsley
2011-05-11 19:21 ` Nathan Lynch
2011-05-11 20:33 ` Eric W. Biederman
2011-05-07 2:25 ` [PATCH 6/7] net: Allow setting the network namespace by fd Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 22:46 ` Daniel Lezcano
2011-05-07 2:24 ` [PATCH 3/7] ns proc: Add support for the network namespace Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 22:41 ` Daniel Lezcano
2011-05-11 19:21 ` Nathan Lynch
2011-05-11 21:34 ` Eric W. Biederman
2011-05-11 21:42 ` Nathan Lynch
2011-05-07 2:24 ` [PATCH 4/7] ns proc: Add support for the uts namespace Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 22:42 ` Daniel Lezcano
2011-05-07 2:24 ` [PATCH 5/7] ns proc: Add support for the ipc namespace Eric W. Biederman
2011-05-07 2:24 ` Eric W. Biederman
2011-05-07 22:44 ` Daniel Lezcano
2011-05-07 2:25 ` [PATCH 7/7] ns: Wire up the setns system call Eric W. Biederman
2011-05-07 2:25 ` Eric W. Biederman
2011-05-07 8:27 ` Geert Uytterhoeven
2011-05-07 14:09 ` Eric W. Biederman
2011-05-07 14:09 ` Eric W. Biederman
2011-05-07 14:09 ` Eric W. Biederman
2011-05-07 18:22 ` Geert Uytterhoeven
2011-05-07 13:59 ` Mike Frysinger
2011-05-07 20:06 ` James Bottomley
2011-05-08 2:19 ` Eric W. Biederman
2011-05-08 4:02 ` James Bottomley
2011-05-07 22:37 ` [PATCH 1/7] ns: proc files for namespace naming policy Daniel Lezcano
2011-05-11 19:20 ` Nathan Lynch
2011-05-11 22:52 ` Eric W. Biederman
[not found] ` <m1tyd7p7tq.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-05-07 6:58 ` [PATCH 0/7] Network namespace manipulation with file descriptors Alex Bligh
2011-05-07 6:58 ` Alex Bligh
2011-05-07 14:18 ` Eric W. Biederman
2011-05-07 14:18 ` Eric W. Biederman
2011-05-08 12:31 ` Alex Bligh
[not found] ` <m1fwoqoapn.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-05-17 11:11 ` David Lamparter
2011-05-17 11:11 ` David Lamparter
2011-05-17 14:33 ` Eric W. Biederman
2011-05-17 15:35 ` David Lamparter
2011-05-22 4:19 ` Renato Westphal
2011-05-09 19:04 ` David Miller
2011-05-09 19:59 ` Eric W. Biederman
2011-05-09 20:40 ` David Miller
2011-05-09 20:54 ` Eric W. Biederman
2011-05-09 20:55 ` David Miller
2011-05-10 21:56 ` Luck, Tony
2011-05-10 23:02 ` Eric W. Biederman
2011-05-10 23:02 ` Eric W. Biederman
2011-05-18 12:43 ` Identifying network namespaces (was: Network namespace manipulation with file descriptors) David Lamparter
2011-05-18 13:03 ` Alexey Dobriyan
[not found] ` <BANLkTikmrC86hk=W84UBwhJLe_uGAN4w9w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-05-18 13:33 ` David Lamparter
2011-05-18 13:33 ` David Lamparter
2011-05-18 14:13 ` Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1tyd7p7tq.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=containers@lists.osdl.org \
--cc=daniel.lezcano@free.fr \
--cc=hadi@cyberus.ca \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=renatowestphal@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.