On Tue, Dec 23, 2025 at 04:28:34PM -0800, Bobby Eshleman wrote: > This series adds namespace support to vhost-vsock and loopback. It does > not add namespaces to any of the other guest transports (virtio-vsock, > hyperv, or vmci). > > The current revision supports two modes: local and global. Local > mode is complete isolation of namespaces, while global mode is complete > sharing between namespaces of CIDs (the original behavior). > > The mode is set using the parent namespace's > /proc/sys/net/vsock/child_ns_mode and inherited when a new namespace is > created. The mode of the current namespace can be queried by reading > /proc/sys/net/vsock/ns_mode. The mode can not change after the namespace > has been created. > > Modes are per-netns. This allows a system to configure namespaces > independently (some may share CIDs, others are completely isolated). > This also supports future possible mixed use cases, where there may be > namespaces in global mode spinning up VMs while there are mixed mode > namespaces that provide services to the VMs, but are not allowed to > allocate from the global CID pool (this mode is not implemented in this > series).
Stefano, would like me to resend this without the RFC tag, or should I just leave as is for review? I don't have any planned changes at the moment. Best, Bobby
