在 2023/4/14 0:42, Parav Pandit 写道:
From: Mark Lehrer <lehrer@xxxxxxxxx>
Sent: Thursday, April 13, 2023 12:38 PM
Initiator is not net ns aware.
Am I correct in my assessment that this could be a container jailbreak risk? We
aren't using containers,
Unlikely. because container orchestration must need to give access to the nvme char/misc device to the container.
And it should do it only when nvme initiator/target are net ns aware.
but we were shocked that RoCEv2 connections
magically worked through the physical function which was not in the netns
context.
I do not understand this part.
If you are in exclusive mode rdma devices must be in respective/appropriate net ns.
After applying these commits, rxe works in the exclusive mode.
Zhu Yanjun
It unlikely works, may be some misconfiguration. Hard to way without exact commands.
