Re: [RFC] Fast-user-switching plans
- From: Martijn Lievaart <m rtij nl>
- To: Marc Herbert <Marc Herbert gmail com>
- Cc: networkmanager-list gnome org
- Subject: Re: [RFC] Fast-user-switching plans
- Date: Fri, 28 May 2010 18:23:33 +0200
On 05/28/2010 03:46 PM, Marc Herbert wrote:
Le 28/05/2010 09:16, Simon Geard a écrit :
Simply because IP is not designed like this at all. NetworkManager's
scope is make IP networking easy; not to re-invent the Internet.
Actually, couldn't something be done with Netfilter rules? The
connection (a VPN, say) might technically be system-wide, but with rules
enforcing that only applications running as a certain user could send
and receive packets on it? Perhaps imperfect, but a starting point...
Sockets have owners, but I doubt very much you can extend that to
packets. The "end-to-end principle" strikes again. So this rules out
Netfilter I am afraid.
Netfilter has an owner match, which does extend the owner to packets,
more or less. However, you would als have to consider routing. This also
looks possible with tc rules matching on the same netfilter match.
However I suspect this will never work satisfactorily, IP was just never
designed to do things like this.
I do think that we will move in this general direction, but with a more
light-VM-per-user like aproach, where every user has it's own view of
the filesystem, it's own networking "view" etc. In other words, I
suspect this is much bigger than can be handled now.
HTH,
M4
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
