Oleg Nesterov wrote: > On 06/17, Oleg Nesterov wrote: >> Let's look at copy_namespaces(), it does the same "get_xxx() in advance", but >> -EPERM forgets to do put_nsproxy(), so we definitely have a leak in copy_process(). > > Ugh, I am sorry, EPERM does put_nsproxy(). Still I can't understand why > copy_namespaces() does get_nsproxy() unconditionally. well, if you're cloning a new task and not unsharing some of the namespaces you still want to increase the refcount on the nsproxy bc a new task is now referencing it. nop ? C. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers