From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?Q?G=C3=A1bor_Boskovits?= Subject: Re: Status update on 1.0 Date: Thu, 21 Mar 2019 15:59:00 +0100 Message-ID: References: <871s3a4xd4.fsf@gnu.org> <87zhpw2ql4.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:46591) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h6zA4-0003Ba-E5 for guix-devel@gnu.org; Thu, 21 Mar 2019 10:59:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h6zA3-0001NV-7O for guix-devel@gnu.org; Thu, 21 Mar 2019 10:59:16 -0400 Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]:33245) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h6zA2-0001MM-MN for guix-devel@gnu.org; Thu, 21 Mar 2019 10:59:15 -0400 Received: by mail-ed1-x52d.google.com with SMTP id q3so5284720edg.0 for ; Thu, 21 Mar 2019 07:59:13 -0700 (PDT) In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Kristofer Buffington Cc: Guix-devel Hello, Kristofer Buffington ezt =C3=ADrta (id=C5=91pont: 2019. m=C3=A1rc. 21., Cs, 1:54): > > Woops, I meant to send this message to the list > > ---------- Forwarded message --------- > From: Kristofer Buffington > Date: Wed, Mar 20, 2019 at 8:51 PM > Subject: Re: Status update on 1.0 > To: G=C3=A1bor Boskovits > > > I'm deep into this netlink/rtnetlink business currently. I'm trying to de= cide if it's better to use guile-ffi or if it's just easier to use bash scr= ipts and iproute2. Then virtual network interfaces could map to specific co= ntainerized services, which is my objective. Long-term, the netlink and rtn= etlink fii is the superior approach. But bash scripts could get us somethin= g hacky, but running quickly. > > My other curiosity is: would it make more sense for shepherd to generate = virtual network namespaces when services spawn, or is that something the op= erating-system declaration should contain? > > I'd love to help. I'm on the verge of putting some code down now that the= research is coalescing into a vision. If there's some guidance or suggesti= ons or otherwise, please try to get me involved! > Ok, I will push my preliminary work on wip-netlink soon. It it a guile ffi style binding, but currently I got only to the definitions of structures mainly. Help is much appreciated. > Kristofer Buffington > > On Fri, Mar 15, 2019 at 3:35 PM G=C3=A1bor Boskovits wrote: >> >> Hello, >> >> Thompson, David ezt =C3=ADrta (id=C5=91pont: = 2019. >> m=C3=A1rc. 15., P, 19:32): >> > >> >> > Quick tangent: My memory is a bit fuzzy, but I think that netlink API >> > wrappers would put us one step closer to being able to implement >> > useful network isolation in our container implementation (right now >> > you only have loopback, not so fun), like what Docker can do. Just >> > something to consider. :) >> > >> > - Dave >> > >> >> Yes, that is correct. This is exactly one of the reasons I considered th= is. >> >> Best regards, >> g_bor >> Best regards, g_bot