[Devel] Re: [RFC][PATCH] IP address restricting cgroup subsystem

Grzegorz Nosek root at localdomain.pl
Fri Jan 9 08:57:59 PST 2009




On pią, sty 09, 2009 at 10:22:48 -0600, Serge E. Hallyn wrote:
> Well, I think right now we're talking about 'how to do it with network
> namespaces' mostly bc we're curious.  I've heard no strong objections
> to your patch, so please do resubmit once you've addressed Li's
> comments.

Thanks! Will resend. But I'd like to hear some comments about locking
access to the IP address. As Li mentioned, I need the cgroup_lock() to
modify it as I inspect the hierarchy there. However, I don't know what
locking would be required on the _read_ side. Can I expect the address
to be always accessed atomically? What should I use for e.g. IPv6?
A seqlock? RCU (somehow)?

Best regards,
 Grzegorz Nosek


_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list