On Tue, Jun 24, 2008 at 08:51:33AM -0700, Dan Smith wrote:
> Allow check for containers support to be done without CLONE_NEWNET, and then
> determine support on the fly by checking for iproute2 support and a
> successful clone(CLONE_NEWNET). This lets us set a flag for later, as well
> as not comp
DL> Honestly, these cases are not frequent but they exists. IMO, it is
DL> up to me to warn you when there are some corner cases like
DL> these. And it is up to you to consider you can ignore them because
DL> that happens only when we reach some limits.
Fair enough :)
DL> It is a good point. But
Dan Smith wrote:
DL> Did I missed something ?
I think I misinterpreted your original statement, so let me go back.
You said:
DL> When this call fails, you 'assume' netns is not compiled in.
Why is this not an appropriate assumption? If I can't
clone(CLONE_NETNS) for the check, then why should
DL> Did I missed something ?
I think I misinterpreted your original statement, so let me go back.
You said:
DL> When this call fails, you 'assume' netns is not compiled in.
Why is this not an appropriate assumption? If I can't
clone(CLONE_NETNS) for the check, then why should I not assume that
Dan Smith wrote:
DL> You call
DL>
clone(CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|CLONE_NEWIPC|SIGCHLD|CLONE_NEWNET)
DL> When this call fails, you 'assume' netns is not compiled in.
No, actually, I do this:
int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|
DL> You call
DL>
clone(CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|CLONE_NEWIPC|SIGCHLD|CLONE_NEWNET)
DL> When this call fails, you 'assume' netns is not compiled in.
No, actually, I do this:
int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|
CLONE_NE
Dan Smith wrote:
DL> The CLONE_NEWNET will fail if the network namespace is not
DL> compiled in. I understand this check but it looks like a little
DL> random. You are not 100% sure this clone has failed because the
DL> network namespace is not supported. That can be another subsystem
DL> or name
DL> The CLONE_NEWNET will fail if the network namespace is not
DL> compiled in. I understand this check but it looks like a little
DL> random. You are not 100% sure this clone has failed because the
DL> network namespace is not supported. That can be another subsystem
DL> or namespace which has fai
Dan Smith wrote:
Allow check for containers support to be done without CLONE_NEWNET, and then
determine support on the fly by checking for iproute2 support and a
successful clone(CLONE_NEWNET). This lets us set a flag for later, as well
as not completely disable LXC support on a system without N
Allow check for containers support to be done without CLONE_NEWNET, and then
determine support on the fly by checking for iproute2 support and a
successful clone(CLONE_NEWNET). This lets us set a flag for later, as well
as not completely disable LXC support on a system without NETNS support.
diff
10 matches
Mail list logo
