[PATCH 2/4] [RFC] Add sock_create_kern_net()

Dan Smith danms at us.ibm.com
Wed Apr 28 08:06:06 PDT 2010


DM> If you can create netlink sockets in a remote NS you can also make
DM> changes there, and the whole point is to disallow changes.

DM> So maybe you won't be making changes, but others will think about
DM> using this and doing so.

I would be making changes on restart, because I insert routes.  As has
been pointed out, Eric's setns() patches allow this sort of violation
from userspace even :)

Following that example, I could have the checkpointing task stash the
current nsproxy and temporarily jump to the destination netns to do
the checkpoint.  I'll cook up something to look at...

Thanks Dave!

Dan Smith
IBM Linux Technology Center
email: danms at us.ibm.com

More information about the Containers mailing list