Hi Cong, On Wed, May 31, 2017 at 03:40:33PM -0700, Cong Wang wrote: > But you have other choices than using the physical interface > directly in non-root ns, for example, creating a virtual pair and > connect it with the physical one with a bridge. There are various > ways to achieve this.
Yes, but then those "workarounds" expose the given physical device to the root namespace, which is exactly what I try to avoid here. The interface has no purpose outside of the specific target namespace, and under no circumstances should the various applications on a normal Linux system (whether it's network manager or whatever else) start to use the device. The same also applies to the kernel itself. It is not desirable to have the "root netns" start to do things like ipv6 stateless autoconfiguration, etc. I of course know that all of those things can be individually disabled. I just think having a physical netdev inside "single application" namespaces is more complicated than it could be. However, I have sufficiently made my argument clear, and I understand that you don't share my concern. This is perfectly fine. We agree to disagree :) I simply have to find the least intrusive work-around to my liking for the intentional but so far undocumented behavior of netdevices vanishing into thin air. I'll manage. -- - Harald Welte <lafo...@gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
