From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Gibson To: passt-dev@passt.top Subject: Re: [PATCH v2 10/10] Allow --userns when pasta spawns a command Date: Sat, 10 Sep 2022 17:29:35 +1000 Message-ID: In-Reply-To: <20220909163425.56e56c58@elisabeth> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1862007422456850421==" --===============1862007422456850421== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Fri, Sep 09, 2022 at 04:34:25PM +0200, Stefano Brivio wrote: > On Thu, 8 Sep 2022 13:59:07 +1000 > David Gibson wrote: >=20 > > Currently --userns is only allowed when pasta is attaching to an existing > > netns or PID, and is prohibited when creating a new netns by spawning a > > command or shell. > >=20 > > With the new handling of userns, this check isn't neccessary. I'm not su= re > > if there's any use case for --userns with a spawned command, but it's > > strictly more flexible and requires zero extra code, so we might as well. >=20 > I think it's helpful because one might not be able to join a network > namespace without first joining a given user namespace. Well.. this is strictly for the spawning command case, so we're creating the network ns rather than joining one. > So, if you want to run any network-ish command in such a network > namespace, using pasta instead of nsenter for whatever reason, this > possibility might be practical. >=20 > > Signed-off-by: David Gibson > > --- > > conf.c | 5 ----- > > 1 file changed, 5 deletions(-) > >=20 > > diff --git a/conf.c b/conf.c > > index 27d520e..ec191c2 100644 > > --- a/conf.c > > +++ b/conf.c > > @@ -561,11 +561,6 @@ static int conf_pasta_ns(int *netns_only, char *user= ns, char *netns, > > } > > } > > =20 > > - if (*userns && !*netns) { > > - err("--userns requires --netns or PID"); > > - return -EINVAL; > > - } >=20 > I guess we should now drop this sentence about --userns from the man > page: >=20 > This option requires --netns or a PID to be specified. >=20 > ...either drop it, or clarify that a command might also be given > instead, I'm not sure. Good point, I'll adjust. --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --===============1862007422456850421== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ0FBZEZpRUVvVUx4V3U0L1dz MGRCK1h0Z3lwWTRnRXdZU0lGQW1NY1BOa0FDZ2tRZ3lwWTRnRXcKWVNKa2hoQUFrM1NUNEgvM1l5 aHlXTVpjaHBtVmEwN0pPc1ZBbXhqV3F1M2c2WnhqMFh5TTdJNzVyajVxUmR6NwoyUzAzVW15Z2pD UUFkYWhpYUpzc2IycklNNHdiUlJSVTFWMlZJVThLRFlVMFc2Z2dyc0hod1RDZ1hWL1RITk54CjdQ Tk1WWWZ4aCtGMTZMVjBoOCtHNUhwRXQ0N1NCRmRWb1N3NXlQd1R1TGFFYzBJckRKQXB3RExwelYr RDVROUgKR0Vad3dhN1pkUm1BZ3hEMHA5OXJUMTRTYlgybXV4bjNLNU9nb3RKUGtOZDgyakNPWDNt Qm8vd3pwZzF1ZjdCRAovaXlkRkx6U3lYeWp4ajhmM1NSUC9kWFNZaGlybFhkUzkwOUprd0U5blRU ZEVMZlNNTTJsSnU4bDQ2Z3creWR6CjRjN3RaaUptcjJCUjJMN00xdTgwVTdqc1NPT3hRNHBBWkQr SnJhYXZ0cEJJTXVCWXJOdHg5ZFZBSGFldk9aQjMKT2lCenJKRXplSnVnd0ZJN1F4RDdZbHViZU8y eVp3d3NDN3M4MFV3T0s3K0lzaWE1aDhYSlBIV1djK3BsRzJUbAppcXhuYkREMkxpdUZTK3d0QUE3 dkRvcVduS1J4UC80azFlanZmVWxXdHZlcURXYVJGYjlIaFJ5UE54OWVybUZ5CmJvNTdIUUVnYnE1 ZFJydEMvSUtDNFdWckM2dE4rTDFGYXJ0QnFpS0dGZmxaUFZMVVNwLzJFUkwxZktVbWUwVEkKV0ww WlJBeW1JdlZoWTdBUTZJdUVnODMvL3NacHUrR1AreXFlRTlPQlhkNnV3cmdlaGVrdlVDWG1oRmww cENGaAo5L2poc0V1K2NFdmV2YVZmeEc1bVlwZFY4MW02WWFzR2hXRjhBMnAvcUlVa3kvbjMzVFE9 Cj1za2FJCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============1862007422456850421==--