DL> The CLONE_NEWNET will fail if the network namespace is not
DL> compiled in. I understand this check but it looks like a little
DL> random. You are not 100% sure this clone has failed because the
DL> network namespace is not supported. That can be another subsystem
DL> or namespace which has failed during the initialization of the
DL> namespaces.
The check is performed twice, once with the basic set of flags and
again with CLONE_NEWNET. If the first check fails, we assume no LXC
support (as we did before). If the second fails, we assume LXC but no
NETNS. Is there something else I'm missing here?
DL> Why don't you simply check the presence of the 'netns' process ?
That seems like a valid way as well, although we already do our
feature checks by testing the clone. Also, by doing it this way, we
have a better confirmation that an actual clone(CLONE_NEWNET) will
work, IMHO.
DL> Concerning iproute2, I think this is the work of the installer to
DL> check the dependencies, eg. the libvirt rpm depends on
DL> iproute2-x.y.z version rpm.
Agreed, and I'm sure it will. Note DV's second comment here:
https://www.redhat.com/archives/libvir-list/2008-June/msg00232.html
Thanks!
--
Dan Smith
IBM Linux Technology Center
Open Hypervisor Team
email: danms(a)us.ibm.com