On Sat, Feb 04, 2017 at 09:15:10AM -0800, Andy Lutomirski wrote: > On Fri, Feb 3, 2017 at 5:22 PM, Alexei Starovoitov <a...@fb.com> wrote: > > Note that all bpf programs types are global. > > I don't think this has a clear enough meaning to work with. In
Please clarify what you mean. The quoted part says "bpf programs are global". What is not "clear enough" there? > I think that this patch plus a minor change to prevent installing > cgroup+bpf programs if the installer isn't in the init netns + fs ns > would work because it would allow new, migratable semantics to be > added down the road to relax the restriction. Forcing installer to be in init netns is not acceptable to David who added cgroup_sock in the first place. I'm not sure why we have to discuss that bit in circles.
