From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net-next] tcp: Namespace-ify
 sysctl_tcp_default_congestion_control
Date: Tue, 14 Nov 2017 21:57:07 +0900 (KST)
Message-ID: <20171114.215707.1588014083788893077.davem@davemloft.net>
References: <20171110012637.2454-1-sthemmin@microsoft.com>
        <20171113.102700.2072956247690538502.davem@davemloft.net>
        <20171113073738.6b405d77@xeon-e3>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: edumazet@google.com, netdev@vger.kernel.org, sthemmin@microsoft.com
To: stephen@networkplumber.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([184.105.139.130]:40300 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753776AbdKNM5K (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 14 Nov 2017 07:57:10 -0500
In-Reply-To: <20171113073738.6b405d77@xeon-e3>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 13 Nov 2017 07:37:38 -0800

> The restriction came from earlier discussion with Kees and Eric.
> The security folks are paranoid about containers allowing loading
> of modules. Probably CAP_SYS_MODULE is enough to control this already.

People running tests in namespaces that want to choose a congestion
control algorithm are going to break if you add a new restriction.