Hi, The socketat() option is fine but only solves half of the problem. I also need to be able to change the default namespace of a process to join an existing network namespace. My use case is the following (embedded router): I have two separate networks, one with internet access running standard applications and routing LAN traffic, one with access to the operator network only and running dedicated applications such as software upgrade or telephony software. These two networks have to be totally separate and I need the ability to run applications and open sockets in any of these networks or even both. With the current proposal, I could have init or some additional daemon create the two namespaces and ask it to fork and exec the applications I want to run so that it can give the open socket to its child. However this solution is not very practical nor elegant compared to the chvrf approach. The fs solution proposed by Eric to name, create, and remove network namespaces is fine. IMHO using the filesystem to create sockets would be a bad option as the filename would need to be parsed for every protocol etc.. So combining the filesystem idea with the socketat() syscall is a good way of solving both issues. In this case, each namespace would be represented with a single file and we could also give the fd obtained by opening this file as the socketat() argument. I also prefer extending socket() as was suggested previously rather than adding a new syscall, but this is up to the syscall API maintainers to decide. regards, Vivien. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
