Initial network namespace support.

TCP/IP will work with netstack networking. hostinet doesn't work, and sockets will have the same behavior as it is now. Before the userspace is able to create device, the default loopback device can be used to test. /proc/net and /sys/net will still be connected to the root network stack; this is the same behavior now. Issue #1833 PiperOrigin-RevId: 296309389
author: gVisor bot <gvisor-bot@google.com> 2020-02-20 15:19:40 -0800
committer: Copybara-Service <copybara-worker@google.com> 2020-02-20 15:20:40 -0800
commit: 4a73bae269ae9f52a962ae3b08a17ccaacf7ba80 (patch)
tree: f79489b8eabed3412e80697387908c694fcee592 /pkg/sentry/fsimpl/proc/tasks_sys.go
parent: 67b615b86f2aa1d4ded3dcf2eb8aca4e7fec57a0 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/sentry/fsimpl/proc/tasks_sys.go b/pkg/sentry/fsimpl/proc/tasks_sys.go
index c7ce74883..3d5dc463c 100644
--- a/pkg/sentry/fsimpl/proc/tasks_sys.go
+++ b/pkg/sentry/fsimpl/proc/tasks_sys.go
@@ -50,7 +50,9 @@ func newSysDir(root *auth.Credentials, inoGen InoGenerator, k *kernel.Kernel) *k
 func newSysNetDir(root *auth.Credentials, inoGen InoGenerator, k *kernel.Kernel) *kernfs.Dentry {
 	var contents map[string]*kernfs.Dentry
 
-	if stack := k.NetworkStack(); stack != nil {
+	// TODO(gvisor.dev/issue/1833): Support for using the network stack in the
+	// network namespace of the calling process.
+	if stack := k.RootNetworkNamespace().Stack(); stack != nil {
 		contents = map[string]*kernfs.Dentry{
 			"ipv4": kernfs.NewStaticDir(root, inoGen.NextIno(), 0555, map[string]*kernfs.Dentry{
 				"tcp_sack": newDentry(root, inoGen.NextIno(), 0644, &tcpSackData{stack: stack}),
author	gVisor bot <gvisor-bot@google.com>	2020-02-20 15:19:40 -0800
committer	Copybara-Service <copybara-worker@google.com>	2020-02-20 15:20:40 -0800
commit	4a73bae269ae9f52a962ae3b08a17ccaacf7ba80 (patch)
tree	f79489b8eabed3412e80697387908c694fcee592 /pkg/sentry/fsimpl/proc/tasks_sys.go
parent	67b615b86f2aa1d4ded3dcf2eb8aca4e7fec57a0 (diff)