LXC L3 network isolation, yes/no ?, how ?
Renato Westphal
renatowestphal at gmail.com
Wed Nov 2 20:11:44 UTC 2011
2011/11/2 Toerless Eckert <Toerless.Eckert at informatik.uni-erlangen.de>:
> Cool. Although i would claim my bits are "current", and your bits
> are "bleeding edge". Just found the iproute2 package that supports this
> on my gentoo by getting the latest cvs version only... ;-)
>
> The biggest issue seems to be that setns() is only in 3.0 linux kernels
> as far as i can see. Have to check whether that's a possible version on the
> systems where i need it.
Backporting the setns syscall and related stuff to older linux kernels
is straightforward. I backported it to the 2.6.35.13 release and
everything is working fine. if you are interested let me know.
> But at least this is technically cool and makes these network name spaces
> much more flexible useable (eg: inside and outside of LXC).
>
> Cheers
> Toerless
>
> On Tue, Nov 01, 2011 at 10:17:05AM -0700, Eric W. Biederman wrote:
>> > some setns(XXXX) system call, it's really difficult to use these network name
>> > spaces outside of a concept like LXC - which is a shame, because otherwise
>> > the nework name space woudl exactly be what i am looking for.
>>
>> Definitely old docs.
>>
>> ip netns add
>> ip netns delete
>> ip netns exec
>>
>> And yes there is a setns system call.
>>
>> If you don't have that you have old bits. All of that should be merged
>> and documented.
>>
>> Eric
> _______________________________________________
> Containers mailing list
> Containers at lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers
>
--
Renato Westphal
More information about the Containers
mailing list