[Devel] Re: Network namespaces a path to mergable code.

Cedric Le Goater clg at fr.ibm.com
Wed Jun 28 02:54:58 PDT 2006


Eric W. Biederman wrote:

> Despite what it might look like unix domain sockets do not live in the
> filesystem.  They store a cookie in the filesystem that roughly
> corresponds to the port number of an AF_INET socket.  When you open a
> socket the lookup is done by the cookie retrieved from the filesystem.

unix domain socket lookup uses a path_lookup for sockets in the filesystem
namespace and a find_by_name for socket in the abstract namespace.

> So except for their cookies unix domain sockets are always in the
> network stack.

what is that cookie ? the file dentry and mnt ref ?

so, ok, the resulting struct sock is part of the network namespace but
there is a bridge with the filesystem namespace which does not prevent
other namespaces to do a lookup. the lookup routine needs to be changed,
this is any way necessary for the abstract namespace.

I think we're reaching the limits of namespaces. It would be much easier
with a container id in each kernel object we want to isolate.

C.




More information about the Devel mailing list