On Wed, Feb 20, 2019 at 04:53:59PM -0500, Doug Ledford wrote: > On Wed, 2019-02-20 at 14:28 -0700, Jason Gunthorpe wrote: > > On Wed, Feb 20, 2019 at 03:28:11PM -0500, Doug Ledford wrote: > > > > > Obviously, fixing the netlink would be the more robust solution. > > > > I think the way Parav has it works reasonably OK. The admin can toggle > > the switch *before* creating any net namespaces and it is perfectly > > atomic and non-disruptive. > > > > Trying to make it be a strong fence after net namespaces .. the best > > we could probably do is to run over the client list and call a new > > callback that should destroy anything outside the namespace. > > Or, alternatively, we just fail after namespaces have been created. I > don't think it's out of reason to say that once namespaces are created, > we can't change modes. I'm okay with that, easy enough to do. Parav? Jason
