From: Sam Vilain <sam@vilain.net>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andrey Savochkin <saw@swsoft.com>,
dlezcano@fr.ibm.com, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, serue@us.ibm.com, haveblue@us.ibm.com,
clg@fr.ibm.com, Andrew Morton <akpm@osdl.org>,
dev@sw.ru, herbert@13thfloor.at, devel@openvz.org,
viro@ftp.linux.org.uk, Alexey Kuznetsov <alexey@sw.ru>,
Mark Huang <mlhuang@CS.Princeton.EDU>
Subject: Re: Network namespaces a path to mergable code.
Date: Wed, 28 Jun 2006 18:19:38 +1200 [thread overview]
Message-ID: <44A21F7A.5030807@vilain.net> (raw)
In-Reply-To: <m1ac7xkifn.fsf@ebiederm.dsl.xmission.com>
Eric W. Biederman wrote:
> In general it is possible to get file descriptors opened by someone
> else because unix domain sockets allow file descriptor passing. Similarly
> I think there are cases in both unshare and fork that allows you to sockets
> open before you entered a namespace.
>
This is an interesting point; it is known to be possible to do this on a
traditional system, because with a Unix Domain socket, the other end is
always in the same Unix Domain.
However what we're doing is saying that, well, the other end of the
socket might not be in the same Unix Domain. In fact, we've already
smashed to pieces this monolithic concept of a Unix Domain, to the point
where the other end might be in a different network domain, but is in
the same filesystem domain, for instance. Does it get to pass file
descriptors through?
We would appear to be stretching the definition of "Unix Domain"
somewhat if we allow these sockets to exist between network namespaces.
Maybe it doesn't matter; this is just a VFS namespace feature/caveat.
Sam.
next prev parent reply other threads:[~2006-06-28 6:19 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-26 9:49 [patch 1/4] Network namespaces: cleanup of dev_base list use Andrey Savochkin
2006-06-26 9:52 ` [patch 2/4] " Andrey Savochkin
2006-06-26 9:54 ` [patch 3/4] Network namespaces: IPv4 FIB/routing in namespaces Andrey Savochkin
2006-06-26 9:55 ` [patch 4/4] Network namespaces: playing and debugging Andrey Savochkin
2006-06-26 15:04 ` Daniel Lezcano
2006-06-26 15:43 ` Andrey Savochkin
2006-06-26 17:29 ` Daniel Lezcano
2006-06-26 19:34 ` Andrey Savochkin
2006-06-26 14:56 ` [patch 3/4] Network namespaces: IPv4 FIB/routing in namespaces Daniel Lezcano
2006-06-26 15:46 ` Andrey Savochkin
2006-06-26 15:57 ` Daniel Lezcano
2006-06-26 19:39 ` Andrey Savochkin
2006-06-26 20:05 ` Herbert Poetzl
2006-06-27 9:25 ` Andrey Savochkin
2006-06-28 13:51 ` Daniel Lezcano
2006-06-28 14:19 ` Herbert Poetzl
2006-06-28 14:30 ` Andrey Savochkin
2006-06-28 14:34 ` Kirill Korotaev
2006-06-28 16:56 ` Daniel Lezcano
2006-06-28 17:10 ` Ben Greear
2006-06-28 15:05 ` Eric W. Biederman
2006-06-26 15:13 ` [RFC][patch 1/4] Network namespaces: cleanup of dev_base list use Eric W. Biederman
2006-06-26 15:42 ` [patch " Andrey Savochkin
2006-06-26 16:26 ` Eric W. Biederman
2006-06-26 20:14 ` Andrey Savochkin
2006-06-26 21:02 ` Eric W. Biederman
2006-06-27 6:59 ` [RFC][patch " Kirill Korotaev
2006-06-27 11:13 ` Eric W. Biederman
2006-06-27 15:08 ` Kirill Korotaev
2006-06-27 15:26 ` Serge E. Hallyn
2006-06-27 16:54 ` Eric W. Biederman
2006-06-27 17:20 ` [RFC] Network namespaces a path to mergable code Eric W. Biederman
2006-06-27 17:58 ` Andrey Savochkin
2006-06-27 22:20 ` Sam Vilain
2006-06-28 4:33 ` Eric W. Biederman
2006-06-28 5:59 ` Abdallah Chatila
2006-06-28 6:19 ` Sam Vilain [this message]
2006-06-28 6:55 ` Eric W. Biederman
2006-06-28 9:54 ` Cedric Le Goater
2006-06-28 14:03 ` Eric W. Biederman
2006-06-28 14:15 ` Serge E. Hallyn
2006-06-28 14:56 ` Eric W. Biederman
2006-06-28 4:20 ` Eric W. Biederman
2006-06-28 11:06 ` Andrey Savochkin
2006-06-28 16:51 ` Eric W. Biederman
2006-06-28 17:22 ` Andrey Savochkin
2006-06-28 17:40 ` Herbert Poetzl
2006-06-28 17:50 ` Eric W. Biederman
2006-06-28 18:11 ` Eric W. Biederman
2006-06-28 18:14 ` Eric W. Biederman
2006-06-28 18:51 ` Andrey Savochkin
2006-06-28 21:53 ` Daniel Lezcano
2006-06-28 22:54 ` James Morris
2006-06-29 0:19 ` Eric W. Biederman
2006-06-29 0:25 ` Eric W. Biederman
2006-06-29 9:42 ` Daniel Lezcano
2006-06-28 10:20 ` [RFC] " Cedric Le Goater
2006-06-28 15:20 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44A21F7A.5030807@vilain.net \
--to=sam@vilain.net \
--cc=akpm@osdl.org \
--cc=alexey@sw.ru \
--cc=clg@fr.ibm.com \
--cc=dev@sw.ru \
--cc=devel@openvz.org \
--cc=dlezcano@fr.ibm.com \
--cc=ebiederm@xmission.com \
--cc=haveblue@us.ibm.com \
--cc=herbert@13thfloor.at \
--cc=linux-kernel@vger.kernel.org \
--cc=mlhuang@CS.Princeton.EDU \
--cc=netdev@vger.kernel.org \
--cc=saw@swsoft.com \
--cc=serue@us.ibm.com \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox