lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20081022152144.351965414@theryb.frec.bull.fr>
Date:	Wed, 22 Oct 2008 17:21:44 +0200
From:	Benjamin Thery <benjamin.thery@...l.net>
To:	netdev <netdev@...r.kernel.org>, Dave Miller <davem@...emloft.net>
Cc:	Eric Biederman <ebiederm@...ssion.com>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Al Viro <viro@....linux.org.uk>,
	Serge Hallyn <serue@...ibm.com>,
	Daniel Lezcano <dlezcano@...ibm.com>,
	linux-kernel@...r.kernel.org, Tejun Heo <htejun@...il.com>,
	Denis Lunev <den@...nvz.org>,
	Linux Containers <containers@...ts.linux-foundation.org>,
	Benjamin Thery <benjamin.thery@...l.net>
Subject: [PATCH 0/4][RFC] netns: sysfs: add a netns suffix to net device
 sysfs entries


Support for network namespaces in mainline is pretty complete for
some time now, but there is still this issue with sysfs that prevents 
more people to use it easily.

Reminder for those not aware of the netns/sysfs issue:

With network namespaces, the kernel must be able to support net devices
with the same name in different network namespaces: the most obvious 
example being the loopback device, which exists in every namespace. 
The remaining place where this doesn't work yet is sysfs.

In the last 12 months, Eric Biederman proposed different approaches
to support this and sent several patchsets to implement what he calls
"sysfs tagged directories". But unfortunately, there is still no 
agreement on the patchset and its implementation.

See last round of comments there: 
http://thread.gmane.org/gmane.linux.kernel/735612/focus=740050

So, currently testing network namespaces on a mainline kernel is a
pain and involves either to disable sysfs completely (argh) or to find
and manually apply Eric's latest patchset (was in gregkh's tree for a 
short time, but unfortunately it was dumped out a few a weeks ago).


This patchset explores an alternative suggested by Serge Hallyn
to  *temporarily*  fix this issue. It introduces the modifications 
needed to register in sysfs, the network devices belonging to child
network namespaces with a suffix appended to their name to avoid 
potential conflicts.

http://thread.gmane.org/gmane.linux.kernel/735612/focus=741757

Network devices from the initial network namespace are untouched.
Their representation in sysfs (/sys/class/net/, ...) is unchanged.

Network devices from sub-network namespaces appear in sysfs
with a name that looks like this: device_name@...ns_id
eg: lo@3, eth0@4e

See last patch of the series for the details.

Then, if needed in the child network namespace, we can filter 
/sys/class/net contents with, for example:

* mount -t tmpfs /sys/class/net 
* and  manually link the right devices from /sys/devices/virtual/net
  (ln -s ../../devices/virtual/net/lo@1 lo)

This is less elegant than Eric's approach, but is quite simple and 
doesn't touch sysfs core code.

This patch applies on top of net-next-2.6.

Benjamin

-- 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ