Re: [systemd-devel] IPv6 forwarding inside systemd-nspawn containers

2016-06-14 Thread Lennart Poettering 
On Mon, 13.06.16 14:33, Egor M. (dsx+systemd-de...@droidnest.org) wrote:

> Hello Lennart.
> 
> I made more tests, it looks like networking controls are indeed properly
> namespaced.
> 
> I don't know what's PR means in this context, so can't make it.

I actually meant an issue, not a PR.

https://github.com/systemd/systemd/issues/new

> 
> On Fri, Jun 10, 2016 at 03:18:10PM +0200, Lennart Poettering wrote:
> > On Thu, 09.06.16 17:11, Egor M. (dsx+systemd-de...@droidnest.org) wrote:
> > 
> > > Hello.
> > > 
> > > How to enable IPv6 forwarding in systemd-nspawn containers? I have a 
> > > container
> > > with network-bridge (--network-bridge=br0). Despite of
> > > net.ipv6.conf.all.forwarding value and corresponding interface values, 
> > > IPv6
> > > forwarding is still disabled inside container, while IPv4 forwarding 
> > > inherited
> > > correctly from host system and works just fine.
> > 
> > Hmm, did I grok this right, you want to enable IPv4 forwarding inside
> > the container, so that the container acts as router?
> > 
> > Currently npsawn will mount all of /proc/sys read-only, under the
> > assumption that these sysctl are not namespaced. Are you saying the
> > networking controls are correctly namespaced, and thus can be set to
> > different values from the host without interfering with it? If so, we
> > should probably mount /proc/sys/net writable after all.
> > 
> > If so, could you please file a PR about this, and we'll make the
> > change in upstream nspawn.
> > 
> > For now though you can just make /proc/sys/net writable manually and
> > then set the right sysctl there...
> > 
> > Lennart
> > 
> > -- 
> > Lennart Poettering, Red Hat
> 
> -- 
> Egor M.
> 


Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] IPv6 forwarding inside systemd-nspawn containers

2016-06-14 Thread Lennart Poettering 
On Sat, 11.06.16 14:08, Egor M. (d...@droidnest.org) wrote:

> Hello Lennart.
> 
> In this case there's a slight inconsistence somewhere since 
> net.ipv4.ip_forward
> setting is inherited from host but net.ipv6.conf.all.forwarding isn't. One way
> or another, remounting /proc/sys r/w seems to be helping. I'll do more tests 
> on
> Monday and see if everything's fine. Thank you!

Hmm, if the inheritance between network namespaces is different for
IPv4 and Ipv6 then this is a kernel problem, as it is the kernel that
copies these settings over. Please file a bug against the kernel
regarding this. Thanks.

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] IPv6 forwarding inside systemd-nspawn containers

2016-06-13 Thread Christian Rebischke 
On Mon, Jun 13, 2016 at 02:33:32PM -0400, Egor M. wrote:
> Hello Lennart.
> 
> I made more tests, it looks like networking controls are indeed properly
> namespaced.
> 
> I don't know what's PR means in this context, so can't make it.

Hello Egor,
I guess PR means Pull-Request.

best regards

Chris


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] IPv6 forwarding inside systemd-nspawn containers

2016-06-13 Thread Egor M. 
Hello Lennart.

I made more tests, it looks like networking controls are indeed properly
namespaced.

I don't know what's PR means in this context, so can't make it.

On Fri, Jun 10, 2016 at 03:18:10PM +0200, Lennart Poettering wrote:
> On Thu, 09.06.16 17:11, Egor M. (dsx+systemd-de...@droidnest.org) wrote:
> 
> > Hello.
> > 
> > How to enable IPv6 forwarding in systemd-nspawn containers? I have a 
> > container
> > with network-bridge (--network-bridge=br0). Despite of
> > net.ipv6.conf.all.forwarding value and corresponding interface values, IPv6
> > forwarding is still disabled inside container, while IPv4 forwarding 
> > inherited
> > correctly from host system and works just fine.
> 
> Hmm, did I grok this right, you want to enable IPv4 forwarding inside
> the container, so that the container acts as router?
> 
> Currently npsawn will mount all of /proc/sys read-only, under the
> assumption that these sysctl are not namespaced. Are you saying the
> networking controls are correctly namespaced, and thus can be set to
> different values from the host without interfering with it? If so, we
> should probably mount /proc/sys/net writable after all.
> 
> If so, could you please file a PR about this, and we'll make the
> change in upstream nspawn.
> 
> For now though you can just make /proc/sys/net writable manually and
> then set the right sysctl there...
> 
> Lennart
> 
> -- 
> Lennart Poettering, Red Hat

-- 
Egor M.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] IPv6 forwarding inside systemd-nspawn containers

2016-06-11 Thread Egor M. 
Hello Michael.

No, this is not true. IPv6 works just fine in systemd-nspawn. Don't really know
about networkd as I don't use it but I don't see any reason for it not to
work either.

On Thu, Jun 09, 2016 at 11:19:46PM +0200, Michael Biebl wrote:
> 2016-06-09 23:11 GMT+02:00 Egor M. :
> > Hello.
> >
> > How to enable IPv6 forwarding in systemd-nspawn containers? I have a 
> > container
> > with network-bridge (--network-bridge=br0). Despite of
> > net.ipv6.conf.all.forwarding value and corresponding interface values, IPv6
> > forwarding is still disabled inside container, while IPv4 forwarding 
> > inherited
> > correctly from host system and works just fine.
> 
> Afaik, systemd-nspawn (and networkd) only support IPv4 atm.
> 
> 
> -- 
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?

-- 
Egor M.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] IPv6 forwarding inside systemd-nspawn containers

2016-06-10 Thread Lennart Poettering 
On Thu, 09.06.16 17:11, Egor M. (dsx+systemd-de...@droidnest.org) wrote:

> Hello.
> 
> How to enable IPv6 forwarding in systemd-nspawn containers? I have a container
> with network-bridge (--network-bridge=br0). Despite of
> net.ipv6.conf.all.forwarding value and corresponding interface values, IPv6
> forwarding is still disabled inside container, while IPv4 forwarding inherited
> correctly from host system and works just fine.

Hmm, did I grok this right, you want to enable IPv4 forwarding inside
the container, so that the container acts as router?

Currently npsawn will mount all of /proc/sys read-only, under the
assumption that these sysctl are not namespaced. Are you saying the
networking controls are correctly namespaced, and thus can be set to
different values from the host without interfering with it? If so, we
should probably mount /proc/sys/net writable after all.

If so, could you please file a PR about this, and we'll make the
change in upstream nspawn.

For now though you can just make /proc/sys/net writable manually and
then set the right sysctl there...

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] IPv6 forwarding inside systemd-nspawn containers

2016-06-09 Thread Egor M. 
Hello.

How to enable IPv6 forwarding in systemd-nspawn containers? I have a container
with network-bridge (--network-bridge=br0). Despite of
net.ipv6.conf.all.forwarding value and corresponding interface values, IPv6
forwarding is still disabled inside container, while IPv4 forwarding inherited
correctly from host system and works just fine.

-- 
Egor M.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel