lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 4 Jan 2016 12:58:36 -0500
From:	Tejun Heo <tj@...nel.org>
To:	David Ahern <dsa@...ulusnetworks.com>
Cc:	netdev@...r.kernel.org, cgroups@...r.kernel.org,
	shm@...ulusnetworks.com, roopa@...ulusnetworks.com
Subject: Re: [RFC PATCH net-next] net: Add l3mdev cgroup

Hello, David.

On Mon, Jan 04, 2016 at 08:32:16AM -0800, David Ahern wrote:
> Add cgroup to assoicate tasks with L3 networking domains. AF_INET{6}
> sockets opened by tasks associated with an l3mdev cgroup are bound to
> the associated master device when the socket is created. This allows a
> user to run a command (and its children) within an L3 networking context.
> 
> The master-device for an l3mdev cgroup must be an L3 master device
> (e.g., VRF), and it must be set before attaching tasks to the cgroup. Once
> set the master-device can not change. Nested l3mdev cgroups are not
> supported. The root (aka default) l3mdev cgroup can not be bound to a
> master device.
> 
> Example:
>     ip link add vrf-red type vrf table vrf-red
>     ip link set dev vrf-red up
>     ip link set dev eth1 master vrf-red
> 
>     cgcreate -g l3mdev:vrf-red
>     cgset -r l3mdev.master-device=vrf-red vrf-red
>     cgexec -g l3mdev:vrf-red bash

Please don't create any new controller whose sole purpose is
identifying group membership.  Please take a look at how libxt_cgroup
handles identification w/o creating a new controller.

 http://lkml.kernel.org/g/1449527935-27056-1-git-send-email-tj@kernel.org

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ