Re: [PATCH 0/7] Network namespace manipulation with file descriptors

linux-arch.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Alex Bligh <alex@alex.org.uk>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-arch@vger.kernel.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Linux Containers <containers@lists.osdl.org>,
	linux-fsdevel@vger.kernel.org, Alex Bligh <alex@alex.org.uk>
Subject: Re: [PATCH 0/7] Network namespace manipulation with file descriptors
Date: Sun, 08 May 2011 13:31:01 +0100	[thread overview]
Message-ID: <974CF8842C14240ADB10AD9C@nimrod.local> (raw)
In-Reply-To: <m1fwoqoapn.fsf@fess.ebiederm.org>

Eric,

--On 7 May 2011 07:18:44 -0700 "Eric W. Biederman" <ebiederm@xmission.com> 
wrote:

> You are essentially describing my setns system call.

Great - thanks.

>> As a secondary issue, ever without your patch, it would be really
>> useful to be able to read from userspace the current network namespace.
>> (i.e. the pid concerned, or 1 if not unshared). I would like to
>> simply modify a routing daemon's init script so it doesn't start
>> if in the host, e.g. at the top:
>>  [ `cat /proc/.../networknamespace` eq 1 ] && exit 0
>
> You can read the processes network namespace by opening
> /proc/<pid>/ns/net.  Unfortunately comparing the network
> namespaces for identity is another matter.  You will probably
> be better off simply forcing the routing daemon to start
> in the desired network namespace in it's initscript.

It's solely a minor convenience issue. The network namespace is
unshared by the filing system namespace isn't. So there's an
/etc/init.d/bird, which I would like to remain there so I
can call it from the network namespace concerned (which
doesn't exist at boot time). But I'd also like it not to run
at boot time. So it would be useful to me if the script could
check whether it is running in the default namespace and
refuse to launch if so.

I note the /proc/ file you mention is not present in the main tree at
the moment.

> For purposes of clarity please have a look at my work in
> progress patch for iproute2.  This demonstrates how I expect
> userspace to work in a multi-network namespace world.

Will do

-- 
Alex Bligh

next prev parent reply	other threads:[~2011-05-08 12:31 UTC|newest]

Thread overview: 74+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-07  2:23 [PATCH 0/7] Network namespace manipulation with file descriptors Eric W. Biederman
2011-05-07  2:24 ` [PATCH 1/7] ns: proc files for namespace naming policy Eric W. Biederman
     [not found]   ` <1304735101-1824-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2011-05-07  2:24     ` [PATCH 2/7] ns: Introduce the setns syscall Eric W. Biederman
2011-05-07  2:24       ` Eric W. Biederman
     [not found]       ` <1304735101-1824-2-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2011-05-07  8:01         ` Rémi Denis-Courmont
2011-05-07  8:01           ` Rémi Denis-Courmont
2011-05-07 13:57           ` Eric W. Biederman
2011-05-07 13:57             ` Eric W. Biederman
2011-05-07 22:39       ` Daniel Lezcano
2011-05-08  3:51       ` Matt Helsley
2011-05-11 19:21       ` Nathan Lynch
2011-05-11 19:21         ` Nathan Lynch
2011-05-11 20:33         ` Eric W. Biederman
2011-05-11 20:33           ` Eric W. Biederman
2011-05-07  2:25     ` [PATCH 6/7] net: Allow setting the network namespace by fd Eric W. Biederman
2011-05-07  2:25       ` Eric W. Biederman
2011-05-07 22:46       ` Daniel Lezcano
2011-05-07 22:46         ` Daniel Lezcano
2011-05-07  2:24   ` [PATCH 3/7] ns proc: Add support for the network namespace Eric W. Biederman
2011-05-07  2:24     ` Eric W. Biederman
2011-05-07 22:41     ` Daniel Lezcano
2011-05-11 19:21     ` Nathan Lynch
2011-05-11 21:34       ` Eric W. Biederman
2011-05-11 21:42         ` Nathan Lynch
2011-05-07  2:24   ` [PATCH 4/7] ns proc: Add support for the uts namespace Eric W. Biederman
2011-05-07  2:24     ` Eric W. Biederman
2011-05-07 22:42     ` Daniel Lezcano
2011-05-07  2:24   ` [PATCH 5/7] ns proc: Add support for the ipc namespace Eric W. Biederman
2011-05-07  2:24     ` Eric W. Biederman
2011-05-07 22:44     ` Daniel Lezcano
2011-05-07  2:25   ` [PATCH 7/7] ns: Wire up the setns system call Eric W. Biederman
2011-05-07  2:25     ` Eric W. Biederman
2011-05-07  8:27     ` Geert Uytterhoeven
2011-05-07 14:09       ` Eric W. Biederman
2011-05-07 14:09         ` Eric W. Biederman
2011-05-07 18:22         ` Geert Uytterhoeven
2011-05-07 18:22           ` Geert Uytterhoeven
2011-05-07 13:59     ` Mike Frysinger
2011-05-07 20:06     ` James Bottomley
2011-05-07 20:06       ` James Bottomley
2011-05-08  2:19       ` Eric W. Biederman
2011-05-08  4:02         ` James Bottomley
2011-05-08  4:02           ` James Bottomley
2011-05-07 22:37   ` [PATCH 1/7] ns: proc files for namespace naming policy Daniel Lezcano
2011-05-11 19:20   ` Nathan Lynch
2011-05-11 22:52     ` Eric W. Biederman
2011-05-11 22:52       ` Eric W. Biederman
     [not found] ` <m1tyd7p7tq.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-05-07  6:58   ` [PATCH 0/7] Network namespace manipulation with file descriptors Alex Bligh
2011-05-07  6:58     ` Alex Bligh
2011-05-07 14:18     ` Eric W. Biederman
2011-05-07 14:18       ` Eric W. Biederman
2011-05-08 12:31       ` Alex Bligh [this message]
2011-05-08 12:31         ` Alex Bligh
     [not found]       ` <m1fwoqoapn.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-05-17 11:11         ` David Lamparter
2011-05-17 11:11           ` David Lamparter
2011-05-17 14:33           ` Eric W. Biederman
2011-05-17 15:35             ` David Lamparter
2011-05-17 15:35               ` David Lamparter
2011-05-22  4:19               ` Renato Westphal
2011-05-22  4:19                 ` Renato Westphal
2011-05-09 19:04 ` David Miller
2011-05-09 19:59   ` Eric W. Biederman
2011-05-09 19:59     ` Eric W. Biederman
2011-05-09 20:40     ` David Miller
2011-05-09 20:54       ` Eric W. Biederman
2011-05-09 20:55         ` David Miller
2011-05-10 21:56       ` Luck, Tony
2011-05-10 23:02 ` Eric W. Biederman
2011-05-10 23:02   ` Eric W. Biederman
2011-05-18 12:43 ` Identifying network namespaces (was: Network namespace manipulation with file descriptors) David Lamparter
2011-05-18 13:03   ` Alexey Dobriyan
     [not found]     ` <BANLkTikmrC86hk=W84UBwhJLe_uGAN4w9w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-05-18 13:33       ` David Lamparter
2011-05-18 13:33         ` David Lamparter
2011-05-18 14:13         ` Alexey Dobriyan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=974CF8842C14240ADB10AD9C@nimrod.local \
    --to=alex@alex.org.uk \
    --cc=containers@lists.osdl.org \
    --cc=ebiederm@xmission.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).