From: Stephen Hemminger <stephen@networkplumber.org>
To: Jay Vosburgh <jay.vosburgh@canonical.com>
Cc: "Kaur\, Jasminder" <jasminder.kaur@hpe.com>,
vfalico@gmail.com, gospo@cumulusnetworks.com,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
vasundhara.gurunath@hpe.com, paulose.kuriakose.arackal@hpe.com
Subject: Re: [PATCH] bonding: Prevent deletion of a bond, or the last slave from a bond, with active usage.
Date: Thu, 8 Sep 2016 17:57:15 -0700 [thread overview]
Message-ID: <20160908175715.2c55e66c@xeon-e3> (raw)
In-Reply-To: <4691.1473174539@famine>
On Tue, 06 Sep 2016 08:08:59 -0700
Jay Vosburgh <jay.vosburgh@canonical.com> wrote:
> Kaur, Jasminder <jasminder.kaur@hpe.com> wrote:
>
> >From: "Kaur, Jasminder" <jasminder.kaur@hpe.com>
> >
> >If a bond is in use such as with IP address configured, removing it
> >can result in application disruptions. If bond is used for cluster
> >communication or network file system interfaces, removing it can cause
> >system down time.
> >
> >An additional write option “?-” is added to sysfs bond interfaces as
> >below, in order to prevent accidental deletions while bond is in use.
> >In the absence of any usage, the below option proceeds with bond deletion.
> >“ echo "?-bondX" > /sys/class/net/bonding_masters “ .
> >If usage is detected such as an IP address configured, deletion is
> >prevented with appropriate message logged to syslog.
>
> The issue of interfaces being arbitrarily changed or deleted is
> not specific to bonding, and could affect any networking device
> (physical or virtual). Thus, if a facility such as this is to be
> provided, it should be generic, not specific to bonding.
>
> Separately, I'm not sure I see the value of such an option.
> Other than administrator error, I'm not sure when bonds (or other
> interfaces) would be randomly deleted. Are you seeing that happening?
>
> Also, this patch does not prevent other errors or malicious
> change, e.g., "ip link set bondX down" or "ip addr del 1.2.3.4/24" would
> still cause the service disruption you're trying to avoid.
>
> And, lastly, what Jiri said: use netlink for new bonding
> functionality, not sysfs.
>
> -J
>
> >In the absence of any usage, the below option proceeds with deletion of
> >slaves from a bond.
> >“ echo "?-enoX" > /sys/class/net/bondX/bonding/slaves “ .
> >If usage is detected such as an IP address configured on bond, deletion
> >is prevented if the last slave is being removed from bond.
> >An appropriate message is logged to syslog.
> >
> >Signed-off-by: Jasminder Kaur <jasminder.kaur@hpe.com>
I agree with Jay. Unless the kernel would crash there is no reason to prevent
a user with sufficient permissions from deleting a device.
prev parent reply other threads:[~2016-09-09 0:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-06 9:34 [PATCH] bonding: Prevent deletion of a bond, or the last slave from a bond, with active usage Kaur, Jasminder
2016-09-06 14:59 ` Jiri Pirko
2016-09-06 15:08 ` Jay Vosburgh
[not found] ` <AT5PR84MB01151743CF3182FAFC91D7F98AFB0@AT5PR84MB0115.NAMPRD84.PROD.OUTLOOK.COM>
2016-09-08 15:17 ` Jiri Pirko
[not found] ` <AT5PR84MB011502FB43B95AF91ADF6F0E8AFB0@AT5PR84MB0115.NAMPRD84.PROD.OUTLOOK.COM>
2016-09-09 6:38 ` Jiri Pirko
2016-09-09 0:57 ` Stephen Hemminger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160908175715.2c55e66c@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=gospo@cumulusnetworks.com \
--cc=jasminder.kaur@hpe.com \
--cc=jay.vosburgh@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paulose.kuriakose.arackal@hpe.com \
--cc=vasundhara.gurunath@hpe.com \
--cc=vfalico@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).