Initial network namespace support.

TCP/IP will work with netstack networking. hostinet doesn't work, and sockets will have the same behavior as it is now. Before the userspace is able to create device, the default loopback device can be used to test. /proc/net and /sys/net will still be connected to the root network stack; this is the same behavior now. Issue #1833 PiperOrigin-RevId: 296309389
author: gVisor bot <gvisor-bot@google.com> 2020-02-20 15:19:40 -0800
committer: Copybara-Service <copybara-worker@google.com> 2020-02-20 15:20:40 -0800
commit: 4a73bae269ae9f52a962ae3b08a17ccaacf7ba80 (patch)
tree: f79489b8eabed3412e80697387908c694fcee592 /pkg/sentry/kernel/task.go
parent: 67b615b86f2aa1d4ded3dcf2eb8aca4e7fec57a0 (diff)
1 files changed, 3 insertions, 6 deletions
diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go
index a3443ff21..e37e23231 100644
--- a/pkg/sentry/kernel/task.go
+++ b/pkg/sentry/kernel/task.go
@@ -486,13 +486,10 @@ type Task struct {
 	numaPolicy   int32
 	numaNodeMask uint64
 
-	// If netns is true, the task is in a non-root network namespace. Network
-	// namespaces aren't currently implemented in full; being in a network
-	// namespace simply prevents the task from observing any network devices
-	// (including loopback) or using abstract socket addresses (see unix(7)).
+	// netns is the task's network namespace. netns is never nil.
 	//
-	// netns is protected by mu. netns is owned by the task goroutine.
-	netns bool
+	// netns is protected by mu.
+	netns *inet.Namespace
 
 	// If rseqPreempted is true, before the next call to p.Switch(),
 	// interrupt rseq critical regions as defined by rseqAddr and
author	gVisor bot <gvisor-bot@google.com>	2020-02-20 15:19:40 -0800
committer	Copybara-Service <copybara-worker@google.com>	2020-02-20 15:20:40 -0800
commit	4a73bae269ae9f52a962ae3b08a17ccaacf7ba80 (patch)
tree	f79489b8eabed3412e80697387908c694fcee592 /pkg/sentry/kernel/task.go
parent	67b615b86f2aa1d4ded3dcf2eb8aca4e7fec57a0 (diff)