Quoting Dan Smith (danms@xxxxxxxxxx): > +static int temp_netns_enter(struct net *net) > +{ > + int ret; > + struct net *tmp_netns; > + > + ret = copy_namespaces(CLONE_NEWNET, current); > + if (ret) > + return ret; Actually there is one problem here - copy_namespaces() is specifically used only by clone() and it expects tsk to not yet be live. So it just does tsk->nsproxy = new_ns Since you're doing this on current which is live, it would have to use rcu_assign_pointer() to be safe. So I'm afraid you're going to have to do a slightly uglier thing where you unshare_nsproxy_namespaces() and then switch_task_namespaces() to the new nsproxy. > + > + tmp_netns = current->nsproxy->net_ns; > + get_net(net); > + current->nsproxy->net_ns = net; > + put_net(tmp_netns); > + > + return 0; > +} Otherwise it looks good to me. My only other comment would be to soothe readers' anxieties by putting a comment right here explaining that switch_task_namespaces() will drop your ref to current->nsproxy->net_ns, and that you had never dropped the ref to prev so it will be safe. > +static void temp_netns_exit(struct nsproxy *prev) > +{ > + switch_task_namespaces(current, prev); > +} thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers