On Thu, Jul 14, 2016 at 11:20:14AM -0700, Andrey Vagin wrote: > Pid and user namepaces are hierarchical. There is no way to discover > parent-child relationships too. It bothers me that network namespaces are not hierarchical too ;). namespaces(7) and clone(2) both have: When a network namespace is freed (i.e., when the last process in the namespace terminates), its physical network devices are moved back to the initial network namespace (not to the parent of the process). So the initial network namespace (the head of net_namespace_list?) is special [1]. To understand how physical network devices will be handled, it seems like we want to treat network devices as a depth-1 tree, with all non-initial net namespaces as children of the initial net namespace. Can we extend this series' NS_GET_PARENT to return: * EPERM for an unprivileged caller (like this series currently does for PID namespaces), * ENOENT when called on net_namespace_list, and * net_namespace_list when called on any other net namespace. If that sounds reasonable, I'm happy to stumble my way through a patch ;). And one benefit of the net_namespace_list approach is that it will be really easy to walk children if we ever add a parent → children lookup service to mirror this series' child → parent service. Cheers, Trevor [1]: The commit message for 2b035b39 (net: Batch network namespace destruction, 2009-11-29) opens with: It is fairly common to kill several network namespaces at once. Either because they are nested one inside the other or… which I'm having trouble understanding if network namespaces aren't hierarchical (and they don't seem to be, except for the initial network namespace being special). Maybe nested network namespaces were on the table at one point but never materialized? net->list looks like a reference to that namespace's entry in net_namespace_list, and I didn't see anything else that looked like a reference to a parent or list of children. -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers