Hi,
I'm probably too late, as it's already merged, but as explained in
initial review [0],
these checks are more about security than feature support:
ip netns uses mount namespaces since check-in
(and mount namespaces are supported since 2.4.19 [1])
The reason for this check was more to make
Maybe I'm misunderstanding the issue?
I thought the reason there is no version check currently, is because a
check is being made to see if the process is in the same namespace as root
for the net namespace (as a proxy to checking that the mount namespace is
being used).
The comment indicates
To summarize, should we...
A) Assume all kernels will be 3.8+ and use mount namespace (risky?)
B) Do a check to ensure kernel is 3.8+ and fall back to net namespace and
mount --bind if not (more work).
C) Just use net namespace as indication that namespace with mount --bind
done (simple)
Maybe
According to the patch author, the check isn't necessary at all.
On Fri, Jan 23, 2015 at 7:12 AM, Paul Michali p...@michali.net wrote:
To summarize, should we...
A) Assume all kernels will be 3.8+ and use mount namespace (risky?)
B) Do a check to ensure kernel is 3.8+ and fall back to net
On Wed, Jan 21, 2015 at 10:27 AM, Ihar Hrachyshka ihrac...@redhat.com
wrote:
On 01/20/2015 05:40 PM, Paul Michali wrote:
Review https://review.openstack.org/#/c/146508/ is adding support for
StrongSwan VPN, which needs mount bind to be able to specify different
paths for config files.
If we can consolidate that and use a single tool from the master neutron
repository, that would be my vote.
+1 with a hook mechanism so the sanity checks stay in the *aas repos and
they are only run if installed.
On Thu, Jan 22, 2015 at 7:30 AM, Kyle Mestery mest...@mestery.com wrote:
On Wed,
pls note that actually this patch doesn't have minumum kernel requirement
because it only uses 'mount --bind' and 'net namespace', not use 'mount
namespace'. ('mount --bind' is since linux 2.4, 'net namespace' is since
Linux 3.0, 'mount namespace' is since Linux 3.8).
so I think sanity checks for
On 01/20/2015 05:40 PM, Paul Michali wrote:
Review https://review.openstack.org/#/c/146508/ is adding support for
StrongSwan VPN, which needs mount bind to be able to specify different
paths for config files.
The code, which used some older patch, does a test for /proc/1/ns/net,
instead of
Review https://review.openstack.org/#/c/146508/ is adding support for
StrongSwan VPN, which needs mount bind to be able to specify different
paths for config files.
The code, which used some older patch, does a test for /proc/1/ns/net,
instead of /proc/1/ns/mnt, because it stated that the latter
