lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 20 Dec 2018 11:24:04 +0800
From:   Tonghao Zhang <xiangxia.m.yue@...il.com>
To:     David Miller <davem@...emloft.net>
Cc:     Cong Wang <xiyou.wangcong@...il.com>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net

On Wed, Dec 19, 2018 at 7:09 AM David Miller <davem@...emloft.net> wrote:
>
> From: Cong Wang <xiyou.wangcong@...il.com>
> Date: Sun, 16 Dec 2018 11:06:39 -0800
>
> > On Sun, Dec 16, 2018 at 8:24 AM <xiangxia.m.yue@...il.com> wrote:
> >>
> >> From: Tonghao Zhang <xiangxia.m.yue@...il.com>
> >>
> >> The devconf setting on the init_net will affect other
> >> namespace when them created. For example:
>  ...
> > This has been a known issue for a long time. There
> > were several attempts to fix this.
> >
> > The concern here is whether it breaks existing applications'
> > expectation with the change like yours. There was a proposal
> > introduces a new /proc file to control this behavior, I forget
> > why it is not accepted either. Please check netdev archives.
>
> Please see:
>
>         https://patchwork.ozlabs.org/patch/488675/
Thanks, Cong and David.
I review the patch [1]. The author didn't explain why we inherit the
old configuration.
In our case,  there are many container which running the different
application. We don't
know what configuration the user will set. We don't want the new
container inherit  our host configuration.
The reason is show as below:
* the host _init_net will be used as SDN network, such as vxlan, and
other complex overlay network.
* host network configuration should not affect container.
* the container and host network configuration are complete isolation.

So what's your advice?

1.  https://patchwork.ozlabs.org/patch/488675/

> I know why you couldn't find this.
>
> In order to speed up database queries, after some time we mark
> patchwork entires older than a certain date as "archived".  By
> default searches do not consider archived entries.
>
> So you have to click the "Yes" checkbox for Archived in the search
> dialogue.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ