netns: Issues with deleting virtual interfaces during namespace cleanup

Eric W. Biederman ebiederm at xmission.com
Sun Feb 27 01:02:47 PST 2011


Renato Westphal <renatowestphal at gmail.com> writes:

> Hello David,
>
> You may try the patch below (kernel v2.6.35) and see if that helps. It
> basically does what you asked for: during namespace cleanup, move back the
> virtual interfaces to their original namespaces. I did some tests with veth
> pairs and nested netns's and everything worked fine.
>
> I think this should be the default behaviour, I would like if someone could
> review/fix this patch and push it upstream.

I think this approach of pushing virtual network devices back where they
came from is a bad idea.  All of the desired benefits can be obtained by
using an extra veth pair and ethernet bridging.  The current semantics
make it difficult to leak virtual network devices by accident.  The
suggested patch fails hard when the originating network namespace exits
before the target network namespace, and I would contend that is a
fundamentally hard problem and will lead to complicated code.  Finally I
don't see what is gained by changing the current semantics.

Eric


More information about the Containers mailing list