Sysfs tagging¶
(Taken almost verbatim from Eric Biederman’s netns tagging patchcommit msg)
The problem. Network devices show up in sysfs and with the networknamespace active multiple devices with the same name can show up inthe same directory, ouch!
To avoid that problem and allow existing applications in networknamespaces to see the same interface that is currently presented insysfs, sysfs now has tagging directory support.
By using the network namespace pointers as tags to separate outthe sysfs directory entries we ensure that we don’t have conflictsin the directories and applications only see a limited set ofthe network devices.
Each sysfs directory entry may be tagged with a namespace via thevoid*nsmember of itskernfs_node. If a directory entry is tagged,thenkernfs_node->flags will have a flag between KOBJ_NS_TYPE_NONEand KOBJ_NS_TYPES, and ns will point to the namespace to which itbelongs.
Each sysfs superblock’s kernfs_super_info contains an arrayvoid*ns[KOBJ_NS_TYPES]. When a task in a tagging namespacekobj_nstype first mounts sysfs, a new superblock is created. Itwill be differentiated from other sysfs mounts by having itss_fs_info->ns[kobj_nstype] set to the new namespace. Note thatthrough bind mounting and mounts propagation, a task can easily viewthe contents of other namespaces’ sysfs mounts. Therefore, when anamespace exits, it will callkobj_ns_exit() to invalidate anykernfs_node->ns pointers pointing to it.
Users of this interface:
define a type in the
kobj_ns_typeenumeration.call
kobj_ns_type_register()with itskobj_ns_type_operationswhich hascurrent_ns()which returns current’s namespacenetlink_ns()which returns a socket’s namespaceinitial_ns()which returns the initial namespace
call
kobj_ns_exit()when an individual tag is no longer valid