| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Nov 2020 09:39:41 -0800
From: Mahesh Bandewar (महेश बंडेवार)
<maheshb@...gle.com>
To: nicolas.dichtel@...nd.com
Cc: David Ahern <dsahern@...il.com>, Ido Schimmel <idosch@...sch.org>,
Jakub Kicinski <kuba@...nel.org>,
Jian Yang <jianyang.kernel@...il.com>,
David Miller <davem@...emloft.net>,
linux-netdev <netdev@...r.kernel.org>,
Jian Yang <jianyang@...gle.com>,
Eric Dumazet <edumazet@...gle.com>
Subject: Re: [PATCH net-next] net-loopback: allow lo dev initial state to be controlled
On Wed, Nov 18, 2020 at 8:58 AM Nicolas Dichtel
<nicolas.dichtel@...nd.com> wrote:
>
> Le 18/11/2020 à 02:12, David Ahern a écrit :
> [snip]
> > If there is no harm in just creating lo in the up state, why not just do
> > it vs relying on a sysctl? It only affects 'local' networking so no real
> > impact to containers that do not do networking (ie., packets can't
> > escape). Linux has a lot of sysctl options; is this one really needed?
> >
I started with that approach but then I was informed about these
containers that disable networking all together including loopback.
Also bringing up by default would break backward compatibility hence
resorted to sysctl.
> +1
>
> And thus, it will benefit to everybody.
Well, it benefits everyone who uses networking (most of us) inside
netns but would create problems for workloads that create netns to
disable networking. One can always disable it after creating the netns
but that would mean change in the workflow and it could be viewed as
regression.
Powered by blists - more mailing lists