On Fri, Feb 03, 2017 at 01:00:47PM -0800, Andy Lutomirski wrote: > > ISTM any ability to migrate namespaces and to migrate eBPF programs > that know about namespaces needs to have the eBPF program firmly > rooted in some namespace (or perhaps cgroup in this case) so that it
programs are already global. We cannot break that. > can see a namespaced view of the world. For this to work, presumably > we need to make sure that eBPF programs that are installed by programs > that are in a container don't see traffic that isn't in that > container. such approach will break existing users.
