[Devel] Re: The issues for agreeing on a virtualization/namespaces implementation.
Eric W. Biederman
ebiederm at xmission.com
Tue Feb 7 19:52:15 PST 2006
"Serge E. Hallyn" <serue at us.ibm.com> writes:
>
> What I tried to do in a proof of concept long ago was to have
> CLONE_NETNS mean that you get access to all the network devices, but
> then you could drop/add them. Conceptually I prefer that to getting an
> empty namespace, but I'm not sure whether there's any practical use
> where you'd want that...
My observation was that the network stack does not come out cleanly
as a namespace unless you adopt the rule that a network device
belongs to exactly one network namespace.
With that rule dealing with the network stack is just a matter of making
some currently global variables/data structures per container.
A pain to do the first round but easy to maintain once you are there
and the logic of the code doesn't need to change.
Eric
More information about the Devel
mailing list