| Message ID | 1420628662-9930-4-git-send-email-vadim4j@gmail.com |
|---|---|
| State | Rejected, archived |
| Delegated to: | stephen hemminger |
| Headers | show |
On 01/07/2015 06:04 AM, Vadim Kochan wrote: > From: Vadim Kochan <vadim4j@gmail.com> > > Allow delete all namespace names by: > > $ ip netns del all So I can still create a namespace called 'all', but can't exec in it or delete it independently with this change. Perhaps you need to block that as well? Unless there's some other patch I'm missing? -Brian -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jan 07, 2015 at 10:44:24AM -0500, Brian Haley wrote: > On 01/07/2015 06:04 AM, Vadim Kochan wrote: > > From: Vadim Kochan <vadim4j@gmail.com> > > > > Allow delete all namespace names by: > > > > $ ip netns del all > > So I can still create a namespace called 'all', but can't exec in it or delete > it independently with this change. Perhaps you need to block that as well? > Unless there's some other patch I'm missing? > > -Brian Hm, I did not take it into account ... I will look if I can find another way ... Thanks, -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jan 07, 2015 at 07:36:40PM +0200, Vadim Kochan wrote: > On Wed, Jan 07, 2015 at 10:44:24AM -0500, Brian Haley wrote: > > On 01/07/2015 06:04 AM, Vadim Kochan wrote: > > > From: Vadim Kochan <vadim4j@gmail.com> > > > > > > Allow delete all namespace names by: > > > > > > $ ip netns del all > > > > So I can still create a namespace called 'all', but can't exec in it or delete > > it independently with this change. Perhaps you need to block that as well? > > Unless there's some other patch I'm missing? > > > > -Brian > Hm, I did not take it into account ... > I will look if I can find another way ... > > Thanks, what about this ? $ ip netns exec / ip link $ ip netns del / so it make a sense to be as root directory of bound ns names in /var/run/netns/ ? what do you think ? Regards, -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 01/07/2015 01:11 PM, Vadim Kochan wrote: > On Wed, Jan 07, 2015 at 07:36:40PM +0200, Vadim Kochan wrote: >> On Wed, Jan 07, 2015 at 10:44:24AM -0500, Brian Haley wrote: >>> On 01/07/2015 06:04 AM, Vadim Kochan wrote: >>>> From: Vadim Kochan <vadim4j@gmail.com> >>>> >>>> Allow delete all namespace names by: >>>> >>>> $ ip netns del all >>> >>> So I can still create a namespace called 'all', but can't exec in it or delete >>> it independently with this change. Perhaps you need to block that as well? >>> Unless there's some other patch I'm missing? >>> >>> -Brian >> Hm, I did not take it into account ... >> I will look if I can find another way ... >> >> Thanks, > > what about this ? > > $ ip netns exec / ip link > $ ip netns del / > > so it make a sense to be as root directory of bound ns names in /var/run/netns/ ? > what do you think ? I think using / is confusing. And something like -a[ll] as an option doesn't seem right either. Or you just trap the name "all" in the add case and don't allow it. Just my opinion. -Brian -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jan 07, 2015 at 02:40:51PM -0500, Brian Haley wrote: > On 01/07/2015 01:11 PM, Vadim Kochan wrote: > > On Wed, Jan 07, 2015 at 07:36:40PM +0200, Vadim Kochan wrote: > >> On Wed, Jan 07, 2015 at 10:44:24AM -0500, Brian Haley wrote: > >>> On 01/07/2015 06:04 AM, Vadim Kochan wrote: > >>>> From: Vadim Kochan <vadim4j@gmail.com> > >>>> > >>>> Allow delete all namespace names by: > >>>> > >>>> $ ip netns del all > >>> > >>> So I can still create a namespace called 'all', but can't exec in it or delete > >>> it independently with this change. Perhaps you need to block that as well? > >>> Unless there's some other patch I'm missing? > >>> > >>> -Brian > >> Hm, I did not take it into account ... > >> I will look if I can find another way ... > >> > >> Thanks, > > > > what about this ? > > > > $ ip netns exec / ip link > > $ ip netns del / > > > > so it make a sense to be as root directory of bound ns names in /var/run/netns/ ? > > what do you think ? > > I think using / is confusing. And something like -a[ll] as an option doesn't > seem right either. > > Or you just trap the name "all" in the add case and don't allow it. > > Just my opinion. > > -Brian So I think that do not allow to add netns "all" can be a solution, I'd like to hear from other people if it might be OK. Thanks, -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jan 7, 2015 at 11:55 AM, Vadim Kochan <vadim4j@gmail.com> wrote: > So I think that do not allow to add netns "all" can be a solution, I'd > like to hear from other people if it might be OK. > Nope, that would break existing scripts using "all" as a netns. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 7 Jan 2015 21:55:17 +0200, Vadim Kochan wrote: > On Wed, Jan 07, 2015 at 02:40:51PM -0500, Brian Haley wrote: > > Or you just trap the name "all" in the add case and don't allow it. > > So I think that do not allow to add netns "all" can be a solution, I'd > like to hear from other people if it might be OK. You can still add the name manually (there is software out there that adds symlinks to /ver/run/netns), so nope, that's not a solution. Generally, the only special names that could be used would be those containing a letter not allowed in file name, i.e. \0 or '/'. Neither of those sounds thrilling. I'm afraid the only working solution is a new option. Jiri
Ok,
If I will re-work to use new option, would it be useful ? So it will look:
$ ip -all netns del
$ ip -all netns exec ip link
$ ip -all netns exec ip route add ...
Seems not so weird to me ?
Thanks,
On Fri, Jan 9, 2015 at 10:43 AM, Jiri Benc <jbenc@redhat.com> wrote:
> On Wed, 7 Jan 2015 21:55:17 +0200, Vadim Kochan wrote:
>> On Wed, Jan 07, 2015 at 02:40:51PM -0500, Brian Haley wrote:
>> > Or you just trap the name "all" in the add case and don't allow it.
>>
>> So I think that do not allow to add netns "all" can be a solution, I'd
>> like to hear from other people if it might be OK.
>
> You can still add the name manually (there is software out there that
> adds symlinks to /ver/run/netns), so nope, that's not a solution.
>
> Generally, the only special names that could be used would be those
> containing a letter not allowed in file name, i.e. \0 or '/'. Neither
> of those sounds thrilling. I'm afraid the only working solution is a
> new option.
>
> Jiri
>
> --
> Jiri Benc
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Le 09/01/2015 10:54, Vadim Kochan a écrit : > Ok, > > If I will re-work to use new option, would it be useful ? So it will look: > > $ ip -all netns del > $ ip -all netns exec ip link > $ ip -all netns exec ip route add ... > > Seems not so weird to me ? What about making this new option only for the 'netns' subsystem? Something like: 'ip netns -all exec'? Regards, Nicolas -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/ip/ipnetns.c b/ip/ipnetns.c index b5a6f57..20707b8 100644 --- a/ip/ipnetns.c +++ b/ip/ipnetns.c @@ -274,18 +274,11 @@ static int netns_identify(int argc, char **argv) } -static int netns_delete(int argc, char **argv) +static int on_netns_del(char *nsname, void *arg) { - const char *name; char netns_path[MAXPATHLEN]; - if (argc < 1) { - fprintf(stderr, "No netns name specified\n"); - return -1; - } - - name = argv[0]; - snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name); + snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, nsname); umount2(netns_path, MNT_DETACH); if (unlink(netns_path) < 0) { fprintf(stderr, "Cannot remove namespace file \"%s\": %s\n", @@ -295,6 +288,19 @@ static int netns_delete(int argc, char **argv) return 0; } +static int netns_delete(int argc, char **argv) +{ + if (argc < 1) { + fprintf(stderr, "No netns name specified\n"); + return -1; + } + + if (strcmp(argv[0], "all") == 0) + return netns_foreach(on_netns_del, NULL); + + return on_netns_del(argv[0], NULL); +} + static int create_netns_dir(void) { /* Create the base netns directory if it doesn't exist */ diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8 index 70ea4f0..e56068e 100644 --- a/man/man8/ip-netns.8 +++ b/man/man8/ip-netns.8 @@ -16,10 +16,14 @@ ip-netns \- process network namespace management .BR "ip netns" " { " list " } " .ti -8 -.BR "ip netns" " { " add " | " delete " } " +.B ip netns add .I NETNSNAME .ti -8 +.B ip netns del +.RI "{ " NETNSNAME " | " all " }" + +.ti -8 .BR "ip netns identify" .RI "[ " PID " ]" @@ -76,7 +80,7 @@ If NAME is available in /var/run/netns/ this command creates a new network namespace and assigns NAME. .TP -.B ip netns delete NAME - delete the name of a network namespace +.B ip netns delete { NAME | all } - delete the name of a network namespace(s) .sp If NAME is present in /var/run/netns it is umounted and the mount point is removed. If this is the last user of the network namespace the @@ -84,6 +88,10 @@ network namespace will be freed, otherwise the network namespace persists until it has no more users. ip netns delete may fail if the mount point is in use in another mount namespace. +If +.B all +was specified then all the network namespace names will be removed. + .TP .B ip netns identify [PID] - Report network namespaces names for process .sp