lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <27868681bf2049a69a8d9a5f42015dc5@AcuMS.aculab.com>
Date: Fri, 29 Sep 2023 21:23:21 +0000
From: David Laight <David.Laight@...LAB.COM>
To: "'nicolas.dichtel@...nd.com'" <nicolas.dichtel@...nd.com>, "Christian
 Brauner" <brauner@...nel.org>
CC: Toke Høiland-Jørgensen <toke@...hat.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>, "bpf@...r.kernel.org"
	<bpf@...r.kernel.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, "David
 Ahern" <dsahern@...nel.org>
Subject: RE: Persisting mounts between 'ip netns' invocations

From: Nicolas Dichtel
> Sent: 29 September 2023 10:46
> 
> Le 29/09/2023 à 11:25, Christian Brauner a écrit :
> >> I fear that creating a new mount ns for each net ns will introduce more problems.
> >
> > Not sure if we're talking past each other but that is what's happening
> > now. Each new ip netns exec invocation will allocate a _new_ mount
> > namespace. In other words, if you have 300 ip netns exec commands
> > running then there will be 300 individual mount namespaces active.
> >
> > What I tried to say is that ip netns exec could be changed to
> > _optionally_ allocate a prepared mount namespace that is shared between
> > ip netns exec commands. And yeah, that would need to be a new command
> > line addition to ip netns exec.
> 
> Ok, you talked about changing 'ip netns exec', not adding an option, thus I
> thought that you suggested adding this unconditionally ;-)
> 
> I was asking myself how to propagate mount points between the parent and 'ip
> netns exec' (both way), but this may be another use case than Toke's use case.

I had a different problem.
I have a system with two network namespaces (to separate public and
private network data) and some programs that really want to read
the '/sys/class/net' nodes in both namespaces - so I'd like to
have the 'namespace' copy mounted at the same time on a different
mount point.
But I'm not at all sure that is possible.
(It is possible to pass an open directory fd through 'ip netns exec'
but that is all a bit cludgy.)

Clearing all the mounts also 'lost' the root of a chroot (if not
an actual mount point) causing 'pwd -P' (etc) to generate the full
path instead of the chroot-relative one.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ