[EMAIL PROTECTED] wrote:
> What is missing ?
> -
> The routes are not yet isolated, that implies:
>
>- binding to another container's address is allowed
>
>- an outgoing packet which has an unset source address can
> potentially get another container's address
>
>
Al Viro wrote:
On Tue, Jun 20, 2006 at 11:21:43PM +0200, Daniel Lezcano wrote:
Al Viro wrote:
On Fri, Jun 09, 2006 at 11:02:02PM +0200, [EMAIL PROTECTED] wrote:
- renaming an interface in one "namespace" affects everyone.
Exact. If we ensure the interface can't be renamed if used in differe
On Tue, Jun 20, 2006 at 11:21:43PM +0200, Daniel Lezcano wrote:
> Al Viro wrote:
> >On Fri, Jun 09, 2006 at 11:02:02PM +0200, [EMAIL PROTECTED] wrote:
> >- renaming an interface in one "namespace" affects everyone.
>
> Exact. If we ensure the interface can't be renamed if used in different
> name
Al Viro wrote:
On Fri, Jun 09, 2006 at 11:02:02PM +0200, [EMAIL PROTECTED] wrote:
- renaming an interface in one "namespace" affects everyone.
Exact. If we ensure the interface can't be renamed if used in different
namespace, is it really a problem ?
-
To unsubscribe from this list: send the
On Fri, Jun 09, 2006 at 11:02:02PM +0200, [EMAIL PROTECTED] wrote:
> What is missing ?
> -
> The routes are not yet isolated, that implies:
>
>- binding to another container's address is allowed
>
>- an outgoing packet which has an unset source address can
> potential
Daniel Lezcano <[EMAIL PROTECTED]> writes:
> Eric W. Biederman wrote:
>
> > Have you seen my previous work in this direction?
>> I know I had a much much more complete implementation. The only part
>> I had not completed was iptables support and that was about a days
>> more work.
>
> No, I didn
Eric W. Biederman wrote:
> Have you seen my previous work in this direction?
I know I had a much much more complete implementation. The only part
I had not completed was iptables support and that was about a days
more work.
No, I didn't see your work, is it possible to send me a pointer on
My apologies for not looking at this earlier I had an email
hickup so I'm having to recreate the context from email archives,
and you didn't copy me.
Have you seen my previous work in this direction?
I know I had a much much more complete implementation. The only part
I had not completed was ip
[EMAIL PROTECTED] writes in gmane.linux.network,gmane.linux.kernel:
> The following patches create a private "network namespace" for use
> within containers. This is intended for use with system containers
> like vserver, but might also be useful for restricting individual
> applications' access t
The following patches create a private "network namespace" for use
within containers. This is intended for use with system containers
like vserver, but might also be useful for restricting individual
applications' access to the network stack.
These patches isolate traffic inside the network namesp
10 matches
Mail list logo
