lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 1 Jun 2017 01:13:52 +0200
From:   Harald Welte <laforge@...monks.org>
To:     Cong Wang <xiyou.wangcong@...il.com>
Cc:     Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: loosing netdevices with namespaces and unshare?

Hi Cong,

On Wed, May 31, 2017 at 03:40:33PM -0700, Cong Wang wrote:
> But you have other choices than using the physical interface
> directly in non-root ns, for example, creating a virtual pair and
> connect it with the physical one with a bridge. There are various
> ways to achieve this.

Yes, but then those "workarounds" expose the given physical device to
the root namespace, which is exactly what I try to avoid here.  The
interface has no purpose outside of the specific target namespace, and
under no circumstances should the various applications on a normal Linux
system (whether it's network manager or whatever else) start to use the
device.  The same also applies to the kernel itself.  It is not
desirable to have the "root netns" start to do things like ipv6
stateless autoconfiguration, etc.

I of course know that all of those things can be individually disabled.

I just think having a physical netdev inside "single application"
namespaces is more complicated than it could be.

However, I have sufficiently made my argument clear, and I understand
that you don't share my concern.  This is perfectly fine. We agree to
disagree :)

I simply have to find the least intrusive work-around to my liking for
the intentional but so far undocumented behavior of netdevices vanishing
into thin air.  I'll manage.

-- 
- Harald Welte <laforge@...monks.org>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ