ch...@versecorp.net wrote: > On Wed, Jan 14, 2009 at 01:26:34PM -0600, Serge E. Hallyn wrote: > >> Quoting Daniel Lezcano (daniel.lezc...@free.fr): >> >>> ch...@versecorp.net wrote: >>> >>>> On Wed, Jan 14, 2009 at 09:50:29AM +0100, Daniel Lezcano wrote: >>>> >>>> >>>>> Guenter Roeck wrote: >>>>> >>>>> >>>>>> As far as I recall, if you have sysfs active and use the sysfs patch to >>>>>> let you configure both sysfs and network namespaces, you can only move >>>>>> virtual interfaces into a network namespace. >>>>>> >>>>>> Guenter >>>>>> >>>>>> >>>>>> >>>>> Ah ! yes, you are right :) >>>>> >>>>> The current upstream implementation allowing sysfs and netns to coexist >>>>> together has one restriction, the physical network devices can not be >>>>> moved if sysfs is enabled in the kernel. This is why Chris can not move >>>>> the physical network device with this version of the kernel. >>>>> This restriction will be set until the sysfs per namespace is fully >>>>> supported. >>>>> >>>>> This restriction does not exist with with the previous kernel version >>>>> with the sysfs per namespace patchset. >>>>> >>>>> -- Daniel >>>>> >>>>> >>>>> >>>> Ah, great, thanks to all for your help on this. >>>> Do you have any rough estimate when the support for sysfs per namespace >>>> will >>>> >>>> >>> The sysfs per namespace has been rejected because of some design >>> problems related with the sysfs itself. >>> Perhaps Eric can tell more about that... >>> >> Chris, in the meantime, is using the physical device an absolute >> necessity, or could you work around it for now using a veth tunnel? >> >> Even if Eric has been working on the sysfs locking rework quietly >> the last few months, i'd expect several months of back-and-forth >> trying to prove that the rework is correct... >> >> -serge >> > > Yes, ultimately we'll need the physical device inside the same namespace > as our application. Our application does a lot of management on the > interface, > monitoring things like the interface's link-pulse and such, and that wouldn't > be available through a virtual interface. We can always redesign things > to have the management portion run in the namespace with the physical > interface, > but for performance reasons we'd eventually want the physical interface to be > directly inside the namespace anyway - so that would probably be wasted > effort. > Did you tried with the macvlan ? _______________________________________________ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers
_______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel