Hi, DM> If you can create netlink sockets in a remote NS you can also make DM> changes there, and the whole point is to disallow changes.
DM> So maybe you won't be making changes, but others will think about DM> using this and doing so. I would be making changes on restart, because I insert routes. As has been pointed out, Eric's setns() patches allow this sort of violation from userspace even :) Following that example, I could have the checkpointing task stash the current nsproxy and temporarily jump to the destination netns to do the checkpoint. I'll cook up something to look at... Thanks Dave! -- Dan Smith IBM Linux Technology Center email: da...@us.ibm.com _______________________________________________ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
