Re: [PATCH] net: Add network namespace clone & unshare support.
Andrew Morton wrote: > On Fri, 28 Sep 2007 11:12:13 +0200 Cedric Le Goater <[EMAIL PROTECTED]> wrote: > >>> Cedric made a good point that we will have conflicts of code >>> being added to the same place in nsproxy.c and the like. So >>> I copied Andrew to give him a heads up. >> here's a suggestion, >> >> we could keep the net namespace unshare patch out of david's tree, >> let andrew merge and release a new -mm and, then, send the net namespace >> unshare patch to andrew. that should keep nsproxy out of the andrew's >> merge challenge. But david's tree will miss the unshare part for a while. > > This patch only generates two rejects against the current -mm poop pile. > That's insignificant. We don't need to do anything special to merge a > little patch like this one. Thanks Andrew. C. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
On Fri, 28 Sep 2007 11:12:13 +0200 Cedric Le Goater <[EMAIL PROTECTED]> wrote: > > Cedric made a good point that we will have conflicts of code > > being added to the same place in nsproxy.c and the like. So > > I copied Andrew to give him a heads up. > > here's a suggestion, > > we could keep the net namespace unshare patch out of david's tree, > let andrew merge and release a new -mm and, then, send the net namespace > unshare patch to andrew. that should keep nsproxy out of the andrew's > merge challenge. But david's tree will miss the unshare part for a while. This patch only generates two rejects against the current -mm poop pile. That's insignificant. We don't need to do anything special to merge a little patch like this one. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
Eric W. Biederman wrote: > David Miller <[EMAIL PROTECTED]> writes: > >> Eric, pick an appropriate new non-conflicting number NOW. > > Done. My apologies for the confusion. I thought the > way Cedric and the IBM guys were testing someone would have > shouted at me long before now. > >> This adds unnecessary extra work for Andrew Morton, which he has >> enough of already. > > Cedric made a good point that we will have conflicts of code > being added to the same place in nsproxy.c and the like. So > I copied Andrew to give him a heads up. here's a suggestion, we could keep the net namespace unshare patch out of david's tree, let andrew merge and release a new -mm and, then, send the net namespace unshare patch to andrew. that should keep nsproxy out of the andrew's merge challenge. But david's tree will miss the unshare part for a while. As for the clone flags, the values *must not* conflict but the patches probably will. C. > I will gladly do what I can, to help. Working against 3 trees > development at the moment is a bit of a development challenge. > > Eric > ___ > Containers mailing list > [EMAIL PROTECTED] > https://lists.linux-foundation.org/mailman/listinfo/containers > - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
From: [EMAIL PROTECTED] (Eric W. Biederman) Date: Thu, 27 Sep 2007 21:28:45 -0600 > David, Andrew thanks you both are really are good upstream > maintainers to work with. Just keep the coffee flowing :-) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
Andrew Morton <[EMAIL PROTECTED]> writes: > On Thu, 27 Sep 2007 17:10:53 -0700 (PDT) > David Miller <[EMAIL PROTECTED]> wrote: > >> > I will gladly do what I can, to help. Working against 3 trees >> > development at the moment is a bit of a development challenge. >> >> Andrew has to work against 30 or so > > I wish! A remerge presently involves pulling and merging 73 git trees, 9 > quilt trees and maybe 1,500 -mm patches. Yep. There is a lot of chaos and keeping on top of it all is a pain, and nobody has it easy. Andrew probably wins award for the biggest challenge. My todo list pales in comparison. I only have 80+ patches in my queue that I need to reviewed and then pushed upstream. 50 sysfs patches to review and get a handle on so hopefully we can out of the sysfs quagmire. Plus I don't know how many little gotchas that need to be fixed with a new patch of their own. It's coming together but it takes time. David, Andrew thanks you both are really are good upstream maintainers to work with. Eric - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
On Thu, 27 Sep 2007 17:10:53 -0700 (PDT) David Miller <[EMAIL PROTECTED]> wrote: > > I will gladly do what I can, to help. Working against 3 trees > > development at the moment is a bit of a development challenge. > > Andrew has to work against 30 or so I wish! A remerge presently involves pulling and merging 73 git trees, 9 quilt trees and maybe 1,500 -mm patches. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
From: [EMAIL PROTECTED] (Eric W. Biederman) Date: Thu, 27 Sep 2007 17:00:23 -0600 > I will gladly do what I can, to help. Working against 3 trees > development at the moment is a bit of a development challenge. Andrew has to work against 30 or so, so multiply your pain by 10 to understand what he has to deal with :-) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
David Miller <[EMAIL PROTECTED]> writes: > Eric, pick an appropriate new non-conflicting number NOW. Done. My apologies for the confusion. I thought the way Cedric and the IBM guys were testing someone would have shouted at me long before now. > This adds unnecessary extra work for Andrew Morton, which he has > enough of already. Cedric made a good point that we will have conflicts of code being added to the same place in nsproxy.c and the like. So I copied Andrew to give him a heads up. I will gladly do what I can, to help. Working against 3 trees development at the moment is a bit of a development challenge. Eric - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
From: [EMAIL PROTECTED] (Eric W. Biederman) Date: Thu, 27 Sep 2007 11:14:33 -0600 > Thanks for pointing this out, it's on my todo list to look into, > and ensure we resolve. > > I'm confused because my notes have 0x8000 for the pid namespace, > and 0x4000 for the time namespace. Eric, pick an appropriate new non-conflicting number NOW. This adds unnecessary extra work for Andrew Morton, which he has enough of already. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
Cedric Le Goater <[EMAIL PROTECTED]> writes: >> diff --git a/include/linux/sched.h b/include/linux/sched.h >> index a01ac6d..e10a0a8 100644 >> --- a/include/linux/sched.h >> +++ b/include/linux/sched.h >> @@ -27,6 +27,7 @@ >> #define CLONE_NEWUTS0x0400 /* New utsname group? */ >> #define CLONE_NEWIPC0x0800 /* New ipcs */ >> #define CLONE_NEWUSER 0x1000 /* New user namespace */ >> +#define CLONE_NEWNET0x2000 /* New network >> namespace */ > > This new flag is going to conflict with the pid namespace flag > CLONE_NEWPID in -mm. It might be worth changing it to: > > #define CLONE_NEWNET 0x4000 Interesting, it would have been nice if someone had caught this detail earlier. Oh well. Thanks for pointing this out, it's on my todo list to look into, and ensure we resolve. I'm confused because my notes have 0x8000 for the pid namespace, and 0x4000 for the time namespace. > The changes in nxproxy.c and fork.c will also conflict but I don't > think we can do much about it for now. They should also be fairly easy conflicts to resolve. I guess we are likely to hit this conflict in the next -mm or the merge window, which ever comes first. Eric - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: Add network namespace clone & unshare support.
Eric W. Biederman wrote:
> This patch allows you to create a new network namespace
> using sys_clone, or sys_unshare.
>
> As the network namespace is still experimental and under development
> clone and unshare support is only made available when CONFIG_NET_NS is
> selected at compile time.
>
> As this patch introduces network namespace support into code paths
> that exist when the CONFIG_NET is not selected there are a few
> additions made to net_namespace.h to allow a few more functions
> to be used when the networking stack is not compiled in.
>
> Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]>
> ---
> include/linux/sched.h |1 +
> include/net/net_namespace.h | 18 ++
> kernel/fork.c |3 ++-
> kernel/nsproxy.c| 15 +--
> net/Kconfig |8
> net/core/net_namespace.c| 43
> +--
> 6 files changed, 83 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index a01ac6d..e10a0a8 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -27,6 +27,7 @@
> #define CLONE_NEWUTS 0x0400 /* New utsname group? */
> #define CLONE_NEWIPC 0x0800 /* New ipcs */
> #define CLONE_NEWUSER0x1000 /* New user namespace */
> +#define CLONE_NEWNET 0x2000 /* New network namespace */
This new flag is going to conflict with the pid namespace flag
CLONE_NEWPID in -mm. It might be worth changing it to:
#define CLONE_NEWNET0x4000
The changes in nxproxy.c and fork.c will also conflict but I don't
think we can do much about it for now.
C.
> /*
> * Scheduling policies
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index ac8f830..3ea4194 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -38,11 +38,23 @@ extern struct net init_net;
>
> extern struct list_head net_namespace_list;
>
> +#ifdef CONFIG_NET
> +extern struct net *copy_net_ns(unsigned long flags, struct net *net_ns);
> +#else
> +static inline struct net *copy_net_ns(unsigned long flags, struct net
> *net_ns)
> +{
> + /* There is nothing to copy so this is a noop */
> + return net_ns;
> +}
> +#endif
> +
> extern void __put_net(struct net *net);
>
> static inline struct net *get_net(struct net *net)
> {
> +#ifdef CONFIG_NET
> atomic_inc(&net->count);
> +#endif
> return net;
> }
>
> @@ -60,19 +72,25 @@ static inline struct net *maybe_get_net(struct net *net)
>
> static inline void put_net(struct net *net)
> {
> +#ifdef CONFIG_NET
> if (atomic_dec_and_test(&net->count))
> __put_net(net);
> +#endif
> }
>
> static inline struct net *hold_net(struct net *net)
> {
> +#ifdef CONFIG_NET
> atomic_inc(&net->use_count);
> +#endif
> return net;
> }
>
> static inline void release_net(struct net *net)
> {
> +#ifdef CONFIG_NET
> atomic_dec(&net->use_count);
> +#endif
> }
>
> extern void net_lock(void);
> diff --git a/kernel/fork.c b/kernel/fork.c
> index 33f12f4..5e67f90 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1608,7 +1608,8 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
> err = -EINVAL;
> if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
> CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
> - CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER))
> + CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|
> + CLONE_NEWNET))
> goto bad_unshare_out;
>
> if ((err = unshare_thread(unshare_flags)))
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index a4fb7d4..f1decd2 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -20,6 +20,7 @@
> #include
> #include
> #include
> +#include
>
> static struct kmem_cache *nsproxy_cachep;
>
> @@ -98,8 +99,17 @@ static struct nsproxy *create_new_namespaces(unsigned long
> flags,
> goto out_user;
> }
>
> + new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns);
> + if (IS_ERR(new_nsp->net_ns)) {
> + err = PTR_ERR(new_nsp->net_ns);
> + goto out_net;
> + }
> +
> return new_nsp;
>
> +out_net:
> + if (new_nsp->user_ns)
> + put_user_ns(new_nsp->user_ns);
> out_user:
> if (new_nsp->pid_ns)
> put_pid_ns(new_nsp->pid_ns);
> @@ -132,7 +142,7 @@ int copy_namespaces(unsigned long flags, struct
> task_struct *tsk)
>
> get_nsproxy(old_ns);
>
> - if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
> CLONE_NEWUSER)))
> + if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
> CLONE_NEWUSER | CLONE_NEWNET)))
> return 0;
>
> if (!capable(CAP_SYS_ADMIN)) {
> @@ -164,6 +174,7 @@ void free_nsproxy(struct n
Re: [PATCH] net: Add network namespace clone & unshare support.
From: [EMAIL PROTECTED] (Eric W. Biederman) Date: Wed, 26 Sep 2007 17:49:54 -0600 > > This patch allows you to create a new network namespace > using sys_clone, or sys_unshare. > > As the network namespace is still experimental and under development > clone and unshare support is only made available when CONFIG_NET_NS is > selected at compile time. > > As this patch introduces network namespace support into code paths > that exist when the CONFIG_NET is not selected there are a few > additions made to net_namespace.h to allow a few more functions > to be used when the networking stack is not compiled in. > > Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]> Applied to net-2.6.24, thanks Eric. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
