Re: [PATCH net-next 1/2 v2] netns: restrict uevents

On Thu, Apr 26, 2018 at 07:35:47PM -0500, Eric W. Biederman wrote: > Christian Brauner writes: > > > On Thu, Apr 26, 2018 at 12:10:30PM -0500, Eric W. Biederman wrote: > >> Christian Brauner writes: > >> > >> > On Thu, Apr 26,

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

Christian Brauner writes: > On Thu, Apr 26, 2018 at 12:10:30PM -0500, Eric W. Biederman wrote: >> Christian Brauner writes: >> >> > On Thu, Apr 26, 2018 at 11:47:19AM -0500, Eric W. Biederman wrote: >> >> Christian Brauner

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

On Thu, Apr 26, 2018 at 12:10:30PM -0500, Eric W. Biederman wrote: > Christian Brauner writes: > > > On Thu, Apr 26, 2018 at 11:47:19AM -0500, Eric W. Biederman wrote: > >> Christian Brauner writes: > >> > >> > On Tue, Apr 24,

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

Christian Brauner writes: > On Thu, Apr 26, 2018 at 11:47:19AM -0500, Eric W. Biederman wrote: >> Christian Brauner writes: >> >> > On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote: >> >> Christian Brauner

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

On Thu, Apr 26, 2018 at 11:47:19AM -0500, Eric W. Biederman wrote: > Christian Brauner writes: > > > On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote: > >> Christian Brauner writes: > >> > >> > On Wed, Apr 25,

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

Christian Brauner writes: > On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote: >> Christian Brauner writes: >> >> > On Wed, Apr 25, 2018, 00:41 Eric W. Biederman >> > wrote: >> > >> >

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote: > Christian Brauner writes: > > > On Wed, Apr 25, 2018, 00:41 Eric W. Biederman wrote: > > > > Bah. This code is obviously correct and probably wrong. > > > > How do we

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

Christian Brauner writes: > On Wed, Apr 25, 2018, 00:41 Eric W. Biederman wrote: > > Bah. This code is obviously correct and probably wrong. > > How do we deliver uevents for network devices that are outside of the > initial user

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

On Tue, Apr 24, 2018 at 05:40:07PM -0500, Eric W. Biederman wrote: > > Bah. This code is obviously correct and probably wrong. > > How do we deliver uevents for network devices that are outside of the > initial user namespace? The kernel still needs to deliver those. > > The logic to figure

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

Bah. This code is obviously correct and probably wrong. How do we deliver uevents for network devices that are outside of the initial user namespace? The kernel still needs to deliver those. The logic to figure out which network namespace a device needs to be delivered to is is present in

Re: [PATCH net-next 1/2 v2] netns: restrict uevents

We already do this in practice in userspace. It doesn't make much sense to perform this delivery. So we might as well make this optimization. Christian Brauner writes: > commit 07e98962fa77 ("kobject: Send hotplug events in all network namespaces") > > enabled

[PATCH net-next 1/2 v2] netns: restrict uevents

commit 07e98962fa77 ("kobject: Send hotplug events in all network namespaces") enabled sending hotplug events into all network namespaces back in 2010. Over time the set of uevents that get sent into all network namespaces has shrunk a little. We have now reached the point where hotplug events