From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio To: passt-dev@passt.top Subject: Re: [PATCH v2 10/10] Allow --userns when pasta spawns a command Date: Fri, 09 Sep 2022 16:34:25 +0200 Message-ID: <20220909163425.56e56c58@elisabeth> In-Reply-To: <20220908035907.1750314-11-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3039361797925058446==" --===============3039361797925058446== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thu, 8 Sep 2022 13:59:07 +1000 David Gibson wrote: > Currently --userns is only allowed when pasta is attaching to an existing > netns or PID, and is prohibited when creating a new netns by spawning a > command or shell. >=20 > With the new handling of userns, this check isn't neccessary. I'm not sure > if there's any use case for --userns with a spawned command, but it's > strictly more flexible and requires zero extra code, so we might as well. I think it's helpful because one might not be able to join a network namespace without first joining a given user namespace. So, if you want to run any network-ish command in such a network namespace, using pasta instead of nsenter for whatever reason, this possibility might be practical. > Signed-off-by: David Gibson > --- > conf.c | 5 ----- > 1 file changed, 5 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index 27d520e..ec191c2 100644 > --- a/conf.c > +++ b/conf.c > @@ -561,11 +561,6 @@ static int conf_pasta_ns(int *netns_only, char *userns= , char *netns, > } > } > =20 > - if (*userns && !*netns) { > - err("--userns requires --netns or PID"); > - return -EINVAL; > - } I guess we should now drop this sentence about --userns from the man page: This option requires --netns or a PID to be specified. ...either drop it, or clarify that a command might also be given instead, I'm not sure. --=20 Stefano --===============3039361797925058446==--