lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 06 May 2011 19:23:29 -0700
From: (Eric W. Biederman)
To:	<>
Cc:	<>, <>,
	<>, jamal <>,
	Daniel Lezcano <>,
	Linux Containers <>,
	Renato Westphal <>
Subject: [PATCH 0/7] Network namespace manipulation with file descriptors

Today there are something things you can use namespaces to implement but
the userspace code is unnecessarily complex and fragile because of
limitations of the kernel interfaces.

This patchset addresses the user interface limitations by introducing
proc files you can open to get file descriptors that keep alive and
refer to your a tasks namespaces.  Those file descriptors can be passed
to the new setns system call or the NET_NS_FD argument in netlink

This patchset is sufficient to implement linux support for named network
namespaces in iproute allowing vpns to be isolated in a network
namespace where you don't have to worry about them conflicting with the
rest of your network.

This patchset is almost sufficient to remove the need for a daemon in a
container to allow you to log in.  Unfortunately a few of the namespaces
are not ready to merge yet so I have left them out.

Arch maintainers could you look over patch 7 and verify I have wired
up this new system call correctly.

These changes are also available at:

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists