Quoting Dan Smith (danms@xxxxxxxxxx):
> +static int temp_netns_enter(struct net *net)
> +{
> + int ret;
> + struct net *tmp_netns;
> +
> + ret = copy_namespaces(CLONE_NEWNET, current);
> + if (ret)
> + return ret;
Actually there is one problem here - copy_namespaces() is
specifically used only by clone() and it expects tsk to
not yet be live. So it just does
tsk->nsproxy = new_ns
Since you're doing this on current which is live, it would
have to use rcu_assign_pointer() to be safe.
So I'm afraid you're going to have to do a slightly uglier
thing where you unshare_nsproxy_namespaces() and then
switch_task_namespaces() to the new nsproxy.
> +
> + tmp_netns = current->nsproxy->net_ns;
> + get_net(net);
> + current->nsproxy->net_ns = net;
> + put_net(tmp_netns);
> +
> + return 0;
> +}
Otherwise it looks good to me. My only other comment would be to soothe
readers' anxieties by putting a comment right here explaining that
switch_task_namespaces() will drop your ref to current->nsproxy->net_ns,
and that you had never dropped the ref to prev so it will be safe.
> +static void temp_netns_exit(struct nsproxy *prev)
> +{
> + switch_task_namespaces(current, prev);
> +}
thanks,
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
