[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160723211414.GA25371@odin.tremily.us>
Date: Sat, 23 Jul 2016 14:14:14 -0700
From: "W. Trevor King" <wking@...mily.us>
To: Andrey Vagin <avagin@...nvz.org>
Cc: linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
containers@...ts.linux-foundation.org, criu@...nvz.org,
linux-fsdevel@...r.kernel.org,
"Eric W. Biederman" <ebiederm@...ssion.com>,
James Bottomley <James.Bottomley@...senPartnership.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Serge Hallyn <serge.hallyn@...onical.com>
Subject: Re: [PATCH 0/5 RFC] Add an interface to discover relationships
between namespaces
On Thu, Jul 14, 2016 at 11:20:14AM -0700, Andrey Vagin wrote:
> Pid and user namepaces are hierarchical. There is no way to discover
> parent-child relationships too.
It bothers me that network namespaces are not hierarchical too ;).
namespaces(7) and clone(2) both have:
When a network namespace is freed (i.e., when the last process in
the namespace terminates), its physical network devices are moved
back to the initial network namespace (not to the parent of the
process).
So the initial network namespace (the head of net_namespace_list?) is
special [1]. To understand how physical network devices will be
handled, it seems like we want to treat network devices as a depth-1
tree, with all non-initial net namespaces as children of the initial
net namespace. Can we extend this series' NS_GET_PARENT to return:
* EPERM for an unprivileged caller (like this series currently does
for PID namespaces),
* ENOENT when called on net_namespace_list, and
* net_namespace_list when called on any other net namespace.
If that sounds reasonable, I'm happy to stumble my way through a patch
;).
And one benefit of the net_namespace_list approach is that it will be
really easy to walk children if we ever add a parent → children lookup
service to mirror this series' child → parent service.
Cheers,
Trevor
[1]: The commit message for 2b035b39 (net: Batch network namespace
destruction, 2009-11-29) opens with:
It is fairly common to kill several network namespaces at once.
Either because they are nested one inside the other or…
which I'm having trouble understanding if network namespaces aren't
hierarchical (and they don't seem to be, except for the initial
network namespace being special). Maybe nested network namespaces
were on the table at one point but never materialized?
net->list looks like a reference to that namespace's entry in
net_namespace_list, and I didn't see anything else that looked like
a reference to a parent or list of children.
--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists