Re: How to identify net namespace in kernel messages?

[David Ahern]

On 11/6/17 5:56 AM, Vasily Averin wrote:
> On 2017-11-05 15:48, David Miller wrote:
>> From: Vasily Averin <v...@virtuozzo.com>
>>> I doubt that pointer to freed net have value for someone except
>>> developers, on the other hand it helps to speed up the problem
>>> investigation.
>>
>> Any kernel pointer printed has value to attackers.
> 
> David, could you please advise how to identify net namespace in kernel 
> messages?
> 
> In OpenVz we got many requests from host admins, they need to understand
> which container triggered the message. In such cases we have added our custom
> Container Id, but mainline lacks it.
> 
> I expected that mainline can use net pointer for such purposes,
> nfsd does it for example:
> 
>  NFSD: starting 90-second grace period (net 880e307fe240)
> 
> Now you recommend do not use net pointer.
> However could you please advise some alternative?
> 

Perf now exports the device and inode. see perf_ns_link_info and its use.

How to identify net namespace in kernel messages?

[Vasily Averin]

On 2017-11-05 15:48, David Miller wrote:
> From: Vasily Averin <v...@virtuozzo.com>
>> I doubt that pointer to freed net have value for someone except
>> developers, on the other hand it helps to speed up the problem
>> investigation.
> 
> Any kernel pointer printed has value to attackers.

David, could you please advise how to identify net namespace in kernel messages?

In OpenVz we got many requests from host admins, they need to understand
which container triggered the message. In such cases we have added our custom
Container Id, but mainline lacks it.

I expected that mainline can use net pointer for such purposes,
nfsd does it for example:

 NFSD: starting 90-second grace period (net 880e307fe240)

Now you recommend do not use net pointer.
However could you please advise some alternative?