Re: [vserver] /proc/net/dev missing when networknamespaces are active:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] /proc/net/dev missing when networknamespaces are active

From: Adrian Reyer <are_at_lihas.de>
Date: Wed 27 Jun 2012 - 16:19:24 BST
Message-ID: <20120627151924.GA7160@r2d2.s.lihas.de>

On Wed, Jun 27, 2012 at 04:25:07AM +0200, Herbert Poetzl wrote:
> >> - The simple trick of bind-mounting a suitable directory
> >> on /proc/net works in a very limited way as /proc/net is a
> >> symlink to /proc/self/net
> > I think you should never try that.
> > When mount bind you effectively use the deferent network
> > namespace for the new namespace in teh vserver.
> you cannot bind mount across namespaces (atm)

And I didn't try that. The tools (ifconfig, netstat, isc-dhcpd)
complained about a missing /proc/net/dev. The content of that file is
quite generic, so I created a directoy '/some/where/vproc/net', stuffed
a file 'dev' in it, copied the intresting part of my hosts net-file in
there and bind mounted that.
However, as it is not /proc/net but /proc/self/net and therefore a movin
target it failed.

> there is no old/obsolete approach to enabling namespaces
> and I'm pretty confident util-vserver does nothing wrong
> here

Usually I use network isolation and am quite happy with it.
I this case I need a namespace. util-vserver should unshare the network
namespace when it find a file /etc/vservers/NAME/spaces/net and it does
at least something like that. However, the result is completly different
from what you get with e.g. the 'unshare' command line tool. Especially
/proc/net is missing.

> I'm happily using Linux-VServer together with kvm on a
> routed as well as bridged setup and never encountered
> any issues (why would there be any? Linux-VServer does
> not mess with layer 2)

So do I, I'd assume Steve misses something like
echo 1 > /proc/sys/net/ipv4/conf/default/promote_secondaries
echo 1 > /proc/sys/net/ipv4/conf/all/promote_secondaries

> > The problem is gone away currently with my LXC containers setup.
>
> > I do hope that the vserver devs fix the bug so I can use
> > network ns again with vserver.
> please elaborate what 'the bug' is in your opinion and
> describe the setup where 'you used network namespaces with
> Linux-VServer'

The bug is the missing /proc/net/dev and actually the whole of /proc/net
when using network namespaces with linux-vserver via
/etc/vservers/NAME/spaces/net.
/proc/net is fine with 'unshare' without vserver as well as with
vserver with network isolation and without network namespaces.

Regards,
        Adrian 

-- 
LiHAS - Adrian Reyer - Hessenwiesenstraße 10 - D-70565 Stuttgart
Fon: +49 (7 11) 78 28 50 90 - Fax:  +49 (7 11) 78 28 50 91
Mail: lihas_at_lihas.de - Web: http://lihas.de
Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 Stuttgart
Received on Wed Jun 27 16:33:10 2012
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 27 Jun 2012 - 16:33:10 BST by hypermail 2.1.8