Re: [patch 1/2][RFC] add socketat syscall

[Vivien Chappelier <vivien.chappelier-L+G57L1VLRbR7s880joybQ@public.gmane.org>]

Hi,

   The socketat() option is fine but only solves half of the problem. I 
also need to be able to change the default namespace of a process to 
join an existing network namespace.

   My use case is the following (embedded router): I have two separate 
networks, one with internet access running standard applications and 
routing LAN traffic, one with access to the operator network only and 
running dedicated applications such as software upgrade or telephony 
software. These two networks have to be totally separate and I need the 
ability to run applications and open sockets in any of these networks or 
even both. With the current proposal, I could have init or some 
additional daemon create the two namespaces and ask it to fork and exec 
the applications I want to run so that it can give the open socket to 
its child. However this solution is not very practical nor elegant 
compared to the chvrf approach.

   The fs solution proposed by Eric to name, create, and remove network 
namespaces is fine. IMHO using the filesystem to create sockets would be 
a bad option as the filename would need to be parsed for every protocol 
etc.. So combining the filesystem idea with the socketat() syscall is a 
good way of solving both issues. In this case, each namespace would be 
represented with a single file and we could also give the fd obtained by 
opening this file as the socketat() argument. I also prefer extending 
socket() as was suggested previously rather than adding a new syscall, 
but this is up to the syscall API maintainers to decide.

regards,
Vivien.