[patch 1/2][RFC] add socketat syscall
Eric W. Biederman
ebiederm at xmission.com
Fri Nov 7 08:09:54 PST 2008
Daniel Lezcano <dlezcano at fr.ibm.com> writes:
> AFAIU, the Eric's proposal in case a new syscall was not accepted. IMHO a new
> syscall, with the man pages is better than adding an extra obscure argument to a
> well known API. But if there is a reason to not add a new syscall, we can
> consider Eric's approach as a good alternative I think.
>
> But before sending anything, I am still waiting for Vivien and Andreas answer
> about this approach. If it helps them to migrate their project to the network
> namespace, I will send something more formal.
In my queue I have some preliminary patches. For both the syscall
thing and a filesystem that will pin the namespace. I trying
to get my pile down so I can actually test it.
Ultimately to get the full functionality of the current linux-vrf
project we need:
socketat (or some variant thereof) so we can get unprivileged
creation of new sockets in another network namespace.
A fs to pin the network namespace and give it a name.
And ultimately a privileged operation sys_enter(int type, int fd);
To allow the default network namespace to be changed allowing
unprivileged applications to be run in the network namespace.
Eric
More information about the Containers
mailing list