On 06/13/2010 11:59 AM, Eric W. Biederman wrote:
> Daniel Lezcano<daniel.lezcano@xxxxxxx> writes:
>
>
>> On 06/11/2010 04:47 PM, Mathieu Peresse wrote:
>>
>>> Hi,
>>>
>>> [this is related to the use of Eric Biederman's new set of patches for named
>>> netns / netns switching]
>>>
>>> ok so I successfully modified /sbin/ip. I can now:
>>> - add/del a new netns by name: "ip netns {addns,delns} ns_name"
>>> -> The namespace files are mounted on /var/run/netns/ns_name (so you have to
>>> mkdir /var/run/netns/ for this to work).
>>>
>>>
>> IMHO, the ip command is not suitable for this, it does not write
>> anything to the fs.
>>
> It does configuration by all kinds of means. As far as it goes I
> think the ip command is perfectly suitable in this particular
> situation. Having a vrf functionality in linux is very desirable.
>
I agree it would be preferable to centralize all in the ip command.
But the approach proposed by Mathieu relies on the filesystem. I don't
think there is another solution but having the ip command mounting,
writing and reading from this directory is a bit weird IMHO, may be
because it does not do that (or I missed something).
And for this reason, only, I find the ip command not suitable for this.
But I am perfectly fine with the idea in general.
That makes me feel, maybe a 'netnsfs' is missing. IMHO, it is like we
fork and we store the pid in /var/run/pid/1234.
In the other hand, the 'ip' command is run as root, so we can assume he
knows what it does, like the 'mount' command writing to /etc/mtab.
> Getting this into ip has the major advantage that we will have a defacto
> standard, and using IFLA_NET_NS_FD makes a lot more sense if everything
> is in ip.
>
Sure, if the netdev guys are ok with writing into /var/run/netns, I
won't argue against.
>> You should write you own command, which can be a perl script using the
>> 'unshare' command (util-linux package on my distro).
>>
>> vrf create<name>
>> vrf delete<name>
>> vrf attach<name>
>> vrf list
>>
>> vrf create will bind mount the ns at the place you decided in the script
>> (eg. a tmpfs in order to keep the directory consistent across (unclean)
>> reboots).
>>
>>
>>> - list netns: "ip netns show"
>>> - use /sbin/ip in any named netns: "ip -netns ns_name link show"
>>>
>>> (rough patch against current git tree attached)
>>>
>>> I want now to move devices across namespaces using their filesystem names
>>> (instead of using PIDs...). I'm not sure I can do it in userspace with the
>>> current code yet, can I ?
>>>
>>>
>> No, you can do that only with pids, but why don't you move the devices
>> at the create time ?
>> You have all the latitude to do that, no ?
>>
> Does my published tree not have IFLA_NET_NS_FD in it?
Hmm, AFAICS no.
>>> I saw there was a rtnetlink attribute to set the netns of a device but it
>>> uses the PID of a namespace owner to do so... within 'ip' i can refer to
>>> only one namespace (i.e. the one that 'ip' task_struct->ns_proxy currently
>>> points to), so I won't be able to move an interface from outside my
>>> namespace to my namespace...
>>> I hope my explanation is clear and that this will get some interest... :)
>>>
>>>
>> Your 'create' command can open a fd to its current netns, unshare a new
>> namespace, bind mount it, and then return to the previously saved netns.
>>
>>
>>> BTW is this the right ML to post this on ?
>>>
>>>
>> Well, this is something related to a subsystem of the containers, so it
>> has some interest but I would suggest to send to the netdev@ mailing
>> list (netdev@xxxxxxxxxxxxxxx), maybe cc'ing this mailing list.
>>
> Anyway it looks like time to post the core of my patchset for review,
> and get things moving on this.
>
Reviewing in progress ... ;)
Thanks
-- Daniel
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
