On Fri, Jan 05, 2018 at 06:13:08PM -0500, Doug Ledford wrote: > Ok, allow me to clarify: restrict the sysfs file to create mappings to > only the init_net namespace, and by views I meant allow the host > srp_daemon to create a mapping with a specific namespace and that would > then create a device file in that namespace, not a sysfs file. I'm not familiar enough with the status of the 'device namespace' stuff, but.. AFAIK a today this works with the orchestation software just putting the device nodes it wants the container to have in /dev/ tmpfs and then the kernel prevents the container from creating new device nodes. So, in that configuration plugging new block devices into the container is a userspace problem, not the kernel, and you'd never run something like srp_daemon inside a container.. > When we arguing over namespaces, especially as they related to IPoIB > devices, we decided to allow the tuple to be p_key/qp/gid so that you > can have to separate containers on the same p_key and gid with the Well, the PKey and GID is supposed to be the differentiator for ACL like purposes. And in roce we can have a full MAC address assigned to the container (for iser and what not) So it isn't broken, it is just limited. (ie by the gid table size) Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
