This repository has been archived by the owner on Jun 20, 2024. It is now read-only.
Add a safer version of WithNetNS* #2443
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brb
force-pushed
the
issues/2419-withnetns
branch
from
f4a1570 to
c2c5bdd
Compare
The flag is used to denote that weaveutil has to enter the given netns (identified by fd) before executing a cmd. Keep in mind, that this is still not the safest way to run some Go code in custom netns, because some runtime sched threads might reside in the root netns.
The introduced functions are executing a work function via creating a process which executes "weaveutil --netns-fd".
The module introduces the Dev type (copy of common/utils.go:NetDev) which is used to represent network dev info (iface name, IPs, MAC).
The module is used to implement cmds which have to be run inside a custom netns (passed via --netns-fd) and it is intended to replace the usage of WithNetNS*Unsafe.
The relevant functions have been moved to net/netdev.go
brb
force-pushed
the
issues/2419-withnetns
branch
from
c2c5bdd to
8c37ad5
Compare
nsenter ensures that the entire Go runtime runs in the same network namespace.
brb
force-pushed
the
issues/2419-withnetns
branch
from
8c37ad5 to
7463776
Compare
This reverts commit 5898b7a.
|
@awh PTAL. I have replaced |
|
@brb as discussed too invasive for a bugfix release - please reopen against master. Thanks! |
|
Done: #2475 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces a safer version of
WithNetNS*. The new function executeswork()by shelling outweaveutilwhich before executing it enters a given network namespace (passed via--netns-fd).EDIT
Unfortunately, the function isn't totally safe - any go-routine spawned bywork()might be run in a wrong netns. To fix that we either need to create a small in non-Go shim or to compileweaveutilwith a custom constructor function which gets called before the runtime initialization (EDITED: I'll file an issue for it once we have discussed in this PR).nsenteris used when callingweaveutil.Also, the PR replaces the usage of
WithNetNS*Unsafewith the newly introduced function where needed.Fixes #2419