Re: [PATCH 17/16] net: Disable netfilter sockopts when not in the initial network namespace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Pavel Emelyanov <xemul@xxxxxxxxxx>
Subject: Re: [PATCH 17/16] net: Disable netfilter sockopts when not in the initial network namespace
From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Date: Mon, 10 Sep 2007 09:27:54 -0600
Cc: Linux Containers <containers@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, David Miller <davem@xxxxxxxxxxxxx>
In-reply-to: <46E54B96.8060105@xxxxxxxxxx> (Pavel Emelyanov's message of "Mon, 10 Sep 2007 17:50:14 +0400")
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Pavel Emelyanov <xemul@xxxxxxxxxx> writes:

> Eric W. Biederman wrote:
>> Until we support multiple network namespaces with netfilter only allow
>> netfilter configuration in the initial network namespace.
>
> PATCH 17/16? :)

Exactly!

If my target was the core of the networking stack I figured I better
include the change that keeps netfilter commands isolated to the
initial network namespace, and in my review of completeness I had
missed that in my first pass through my patches.

Eric

_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers

References:
- [PATCH 00/16] core network namespace support
  - From: Eric W. Biederman
- [PATCH 01/16] appletalk: In notifier handlers convert the void pointer to a netdevice
  - From: Eric W. Biederman
- [PATCH 02/16] net: Don't implement dev_ifname32 inline
  - From: Eric W. Biederman
- [PATCH 03/16] net: Basic network namespace infrastructure.
  - From: Eric W. Biederman
- [PATCH 04/16] net: Add a network namespace parameter to tasks
  - From: Eric W. Biederman
- [PATCH 05/16] net: Add a network namespace tag to struct net_device
  - From: Eric W. Biederman
- [PATCH 07/16] net: Make /proc/net per network namespace
  - From: Eric W. Biederman
- [PATCH 08/16] net: Make socket creation namespace safe.
  - From: Eric W. Biederman
- [PATCH 09/16] net: Initialize the network namespace of network devices.
  - From: Eric W. Biederman
- [PATCH 10/16] net: Make packet reception network namespace safe
  - From: Eric W. Biederman
- [PATCH 11/16] net: Make device event notification network namespace safe
  - From: Eric W. Biederman
- [PATCH 12/16] net: Support multiple network namespaces with netlink
  - From: Eric W. Biederman
- [PATCH 13/16] net: Make the device list and device lookups per namespace.
  - From: Eric W. Biederman
- [PATCH 14/16] net: Factor out __dev_alloc_name from dev_alloc_name
  - From: Eric W. Biederman
- [PATCH 15/16] net: Implement network device movement between namespaces
  - From: Eric W. Biederman
- [PATCH 16/16] net: netlink support for moving devices between network namespaces.
  - From: Eric W. Biederman
- [PATCH 17/16] net: Disable netfilter sockopts when not in the initial network namespace
  - From: Eric W. Biederman
- Re: [PATCH 17/16] net: Disable netfilter sockopts when not in the initial network namespace
  - From: Pavel Emelyanov

Prev by Date: Re: [PATCH 12/16] net: Support multiple network namespaces with netlink
Next by Date: Re: [PATCH 03/16] net: Basic network namespace infrastructure.
Previous by thread: Re: [PATCH 17/16] net: Disable netfilter sockopts when not in the initial network namespace
Next by thread: Re: [PATCH 17/16] net: Disable netfilter sockopts when not in the initial network namespace
Index(es):
- Date
- Thread

[Index of Archives] [Cgroups] [Netdev] [Linux Wireless] [Kernel Newbies] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Samba]