On Tue, 13 Sep 2016 16:42:43 +0200, Alban Crequy wrote: > Note that I will probably not have the chance to spend more time on > this patch soon because Iago will explore other methods with > eBPF+kprobes instead. eBPF+kprobes would not have the same API > stability though. I was curious to see if anyone would find the > namespace addition to proc connector interesting for other projects.
Yes, this is a sorely missing feature. I don't care how this is done (proc connector or something else) but the feature itself is quite important for system management daemons. In particular, we need an application that monitors network configuration changes on the machine, displays the current configuration and records history of the changes. This is currently impossible to do reliably if net name spaces are in use - which they are with OpenStack and Docker and similar things in place on those machines. The current tools try to do things like monitoring /var/run/netns which is obviously unreliable and broken. There are actually two (orthogonal) problems here: apart of the one described above, it's also startup of such daemon. There's currently no way to find all current name spaces from the user space. We'll need an API for this, too. And no, eBPF is not the answer. This should just work like any other system daemon. I can't imagine that we would need llvm compiler and kernel sources/debuginfo/whatever on every machine that runs such daemon. Thanks, Jiri
