From mboxrd@z Thu Jan 1 00:00:00 1970
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: Re: [PATCH v2 10/10] Allow --userns when pasta spawns a command
Date: Fri, 09 Sep 2022 16:34:25 +0200
Message-ID: <20220909163425.56e56c58@elisabeth>
In-Reply-To: <20220908035907.1750314-11-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3039361797925058446=="
--===============3039361797925058446==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
On Thu, 8 Sep 2022 13:59:07 +1000
David Gibson <david(a)gibson.dropbear.id.au> wrote:
> Currently --userns is only allowed when pasta is attaching to an existing
> netns or PID, and is prohibited when creating a new netns by spawning a
> command or shell.
>=20
> With the new handling of userns, this check isn't neccessary. I'm not sure
> if there's any use case for --userns with a spawned command, but it's
> strictly more flexible and requires zero extra code, so we might as well.
I think it's helpful because one might not be able to join a network
namespace without first joining a given user namespace.
So, if you want to run any network-ish command in such a network
namespace, using pasta instead of nsenter for whatever reason, this
possibility might be practical.
> Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
> ---
> conf.c | 5 -----
> 1 file changed, 5 deletions(-)
>=20
> diff --git a/conf.c b/conf.c
> index 27d520e..ec191c2 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -561,11 +561,6 @@ static int conf_pasta_ns(int *netns_only, char *userns=
, char *netns,
> }
> }
> =20
> - if (*userns && !*netns) {
> - err("--userns requires --netns or PID");
> - return -EINVAL;
> - }
I guess we should now drop this sentence about --userns from the man
page:
This option requires --netns or a PID to be specified.
...either drop it, or clarify that a command might also be given
instead, I'm not sure.
--=20
Stefano
--===============3039361797925058446==--