Re: [RFC] Virtualization steps

[Serge E. Hallyn]

Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> "Serge E. Hallyn" <serue@xxxxxxxxxx> writes:
> 
> > Quoting Chris Wright (chrisw@xxxxxxxxxxxx):
> >> * Eric W. Biederman (ebiederm@xxxxxxxxxxxx) wrote:
> >> > At least one implementation Linux Jails by Serge E. Hallyn was done
> > completely
> >> > with security modules, and the code was pretty minimal.
> >> 
> >> Yes, although the networking area was something that looked better done
> >> via namespaces (at least that's my recollection of my conversations with
> >> Serge on that one a few years back).
> >
> > Yes, namespaces would be better - just as the file system isolation was
> > moved from a "strong chroot" approach to using pivot-root.  Though note
> > that vserver still uses basically the method that bsdjail uses, and my
> > two attempts at getting network namespaces considered in the kernel so
> > far were dismal failures.  Hopefully this time we've got some better,
> > more network-savvy minds on the task  :)
> 
> Any pointers to those old discussions?

I can only find the one.

http://marc.theaimsgroup.com/?l=linux-netdev&m=109837694221901&w=2

I thought I'd sent one earlier than this too.  Maybe I just got ready to
resend a new version, then decided the code quality wasn't worth it.

> I'm curious why getting your network namespaces were dismal failures.

Ok, I guess "dismal failure" most aptly applies to the patch itself :)

> Everyone ignored the patch?

Well, there was that.  Then I briefly tried to rework the patch, but
just ran out of time, and have kept this on my todo list ever since,
but never really gotten back to it.  At last it looks like this may
finally be coming back up.

-serge

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/