On Wed, Mar 05, 2025 at 05:07:13PM +0100, Stefano Garzarella wrote: > On Wed, 5 Mar 2025 at 16:55, Bobby Eshleman <bobbyeshleman@xxxxxxxxx> wrote: > > > > Do you know of any use cases for guest-side vsock netns? > > Yep, as I mentioned in another mail this morning, the use case is > nested VMs or containers running in the L1 guests. > Users (e.g. Kata) would like to hide the L0<->L1 vsock channel in the > container, so anything running there can't talk with the L0 host. > > BTW we can do that incrementally if it's too complicated. > Got it! I will try your solution with /dev/vsock-netns (unless there are strong feelings otherwise), and if it becomes hairy maybe I'll omit it in the next rev. I don't think my earlier concern about port collissions in the G2H scenario is worth worrying about without a real use case, that doesn't sound expected by any users right now. Thanks, Bobby
