| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Nov 2017 14:45:04 -0800 From: Chris Leech <cleech@...hat.com> To: netdev@...r.kernel.org, containers@...ts.linux-foundation.org Subject: [PATCH 0/9] use network namespace for iSCSI control interfaces Hello, I've posted these changes to allow iSCSI management within a container using a network namespace to the SCSI and Open-iSCSI lists, but seeing as it's not really SCSI/block related I'm casting a wider net looking for reviews. These patches apply network namespace to the iSCSI netlink family and sysfs objects from the iSCSI transport class. Thank you, Chris Leech --- This series of changes makes the iSCSI netlink and sysfs control interfaces filtered by network namespace. This is required to run iscsid in any network namespace other than the initial default one. Currently the netlink communication will fail if iscsid is started in a non-default network namespace, as there is no kernel side socket. After fixing that, the rest of these changes are to filter visibility of the iSCSI transport objects by netns. This allows for multiple iscsid instances to be run, one per netns, each controlling it's own set of iSCSI sessions. The iSCSI transport objects are filtered, but not the SCSI or block layer devices. So while iSCSI hosts and sessions become limited to a network namespace, any attached devices remain visible system wide. This currently only supports iscsi_tcp running in a new namespace, as it creates a virtual host per session. Support could be added later to allow assignment of iSCSI HBAs to network namespace, much as is done for network interfaces. Chris Leech (9): iscsi: create per-net iscsi netlink kernel sockets iscsi: associate endpoints with a host iscsi: sysfs filtering by network namespace iscsi: make all iSCSI netlink multicast namespace aware iscsi: set netns for iscsi_tcp hosts iscsi: check net namespace for all iscsi lookups iscsi: convert flashnode devices from bus to class iscsi: rename iscsi_bus_flash_* to iscsi_flash_* iscsi: filter flashnode sysfs by net namespace drivers/infiniband/ulp/iser/iscsi_iser.c | 7 +- drivers/scsi/be2iscsi/be_iscsi.c | 6 +- drivers/scsi/bnx2i/bnx2i_iscsi.c | 6 +- drivers/scsi/cxgbi/libcxgbi.c | 6 +- drivers/scsi/iscsi_tcp.c | 7 + drivers/scsi/qedi/qedi_iscsi.c | 6 +- drivers/scsi/qla4xxx/ql4_os.c | 62 +-- drivers/scsi/scsi_transport_iscsi.c | 625 ++++++++++++++++++++++--------- include/scsi/scsi_transport_iscsi.h | 63 ++-- 9 files changed, 538 insertions(+), 250 deletions(-) -- 2.9.5
Powered by blists - more mailing lists