(added cc to containers list) On 08/18/2011 11:45 AM, Milan Broz wrote: > Hi, > > after analysing very strange report (with running chromium > some device-mapper ioctl functions started to fail) I found > interesting problem: > > If you run clone() with CLONE_NEWNET (which is chromium using > for sanboxing), udev namespace is cloned too (newly registered > in uevent_sock_list) and netlink send (except the first in list) > fails with -ESRCH. > > This causes that _every_ call of kobject_uevent_env() return failure. > > Most of users silently ignores kobject_uevent() return value, > so the problem was invisible for long time. > > Unfortunately dm checks return value and reports failure, > taking the wrong error path. > > How is this supposed to work? > > Why cloning net namespace breaks the udev netlink subsystem? > > Is it bug or we need to do something differently? > (I do not think ignoring return value is the proper way...) I forgot to explicitly mention that running clone with CLONE_NEWNET causes kobject_uevent_env() to fail _outside_ of cloned namespace (for all kernel users in fact). (The former problem is described here http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/5256 but it is IMHO generic problem. Instrumenting kobject_uevent() shows that it returns send failure really to all events.) Can anyone please explain this behavior? Milan -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
