Re: question about default values for per-namespace settings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Vasily Averin schreef op 15/05/2014 11:01:
Dear Tejun,

how do you think, which defaults should be used for per-namespace settings in general case
and for per-netns sysctls especially? Do we have some common position about this or
perhaps we already have some setting that allows to select desired behavior?

I'm preparing patch that makes per-netns sysctls in br_netfilter,
to be able to enable/disable br-nf-call processing in each network namespace independently.

I've initialized sysctl values in each netns by system defaults, like it was done in similar cases.
However Bart pointed that "this does introduce a bit of backwards incompatibility":
currently all netns shares the br_netfilter sysctl settings applied in init_net.

From OpenVz point of view containers should be properly isolated,
should have predictable initial configuration
and should not depend on settings applied in another containers.
On the other hand independent containers is only one of possible usecases,
and I have no strong objections against Bart's proposal. Frankly speaking
initially I've planned to copy setting from init_net too.

You misread my mail. I stated that I'm ok with always starting from the defaults (as your patch does). As pointed out by Maciej, always starting from init_net isn't really an option in case of nested namespaces (start from the parent's namespace instead). There'll always be pros and cons to whatever you choose here. Complete backwards compatibility isn't possible either way. The only way to keep backwards compatibility is to introduce new proc file names and keep the old behavior for the old names (but I'm not in favor of that).

cheers,
Bart

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux