On Thu, Jun 06, 2013 at 09:58:28AM +0200, Richard Weinberger wrote: > Am 06.06.2013 09:53, schrieb Daniel P. Berrange: > >On Wed, Jun 05, 2013 at 11:23:07PM +0200, Richard Weinberger wrote: > >>virProcessGetNamespaces() opens files in /proc/XXX/ns/ which will > >>later be passed to setns(). > >>We have to make sure that the file descriptors in the array are in the correct > >>order. Otherwise setns() may fail. > > > >What is the scenario / cause of the failure ? > > You cannot attach to namespaces in random order. > For example with user namespaces an unprivileged can enter other namespaces. > But to do so you have to enter the user namespace first and then > the other ones. Ok, that kind of makes sense, ACK to the patch. I'll update the commit message with this information. > Same for mnt and pid, if you enter the mnt namespace before pid > your procfs will go nuts. That shouldn't affect us since we don't need to access procfs at all during the loop where we call setns(). Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list