Re: [PATCH RFC] refuse c/r with nested network namespaces

Oren Laadan <orenl@xxxxxxxxxxxxxxx> · Tue, 22 Dec 2009 19:48:47 -0500



For v19-rc3.

Serge E. Hallyn wrote:
> ...because we can't restore network devices in private
> namespaces anyway.  This leaves userspace to set up
> network devices however it wants at restart, and leaves
> it free to restart the application either in the global
> or a private (configured) network namespace.
> 
> Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
> ---
>  kernel/nsproxy.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index c91b725..851777a 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -291,6 +291,13 @@ static int do_checkpoint_ns(struct ckpt_ctx *ctx, struct nsproxy *nsproxy)
>  
>  	/* TODO: Write other namespaces here */
>  
> +	/* We do not support >1 private netns */
> +	ret = -EINVAL;
> +	if (nsproxy->net_ns != ctx->root_nsproxy->net_ns) {
> +		ckpt_err(ctx, ret, "%(T)Nested net_ns unsupported\n");
> +		goto out;
> +	}
> +
>  	ret = ckpt_write_obj(ctx, &h->h);
>   out:
>  	ckpt_hdr_put(ctx, h);
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers