lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 14 Dec 2012 08:50:33 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	nicolas.dichtel@...nd.com
Cc:	netdev@...r.kernel.org, davem@...emloft.net, aatteka@...ira.com
Subject: Re: [RFC PATCH net-next 0/5] Ease netns management for userland

Nicolas Dichtel <nicolas.dichtel@...nd.com> writes:

> Le 13/12/2012 20:08, Eric W. Biederman a écrit :

>> No.  The difficulty monitoring which network namespaces are being used
>> is an unintended side effect.
> Why is netlink a bad idea? Having a way to know all existing netns is a start
> point to monitor netns, isn't it?

In the same way that having a neighbour table that contains all existing
ip address to mac addresses mappings is a starting point to monitor all
existing hosts.

All does not scale.

All removes a lot of perfectly valid use cases like checkpoint-restart,
and nesting containers.

All as different from what is already implemented requires implementing
yet another namespace to put the names of all into it.  We have enough
namespaces now thank you very much.

An unfiltered global list is about as interesting to use as putting
all files in /.  Sure you know which directory you put your file in but
which file is it?

What has already been implemented should be roughly as good for
monitoring as what is available with lsof.

And of course there is the fact that a global list of anything that is
the same from every perspective violates the principle of relativity,
and is in contradiction with the phsical reality in which we exist.

So there is no way that having a global all inclusive list of network
namespaces makes the least lick of sense and I really don't want to
think about it.

Eric
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ