Opening /proc/<pid>/net/dev prevents network namespace from expiring

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

as an unprivileged user one is able to keep network namespaces from expiring by opening /proc/<pid>/net/dev of other processes. I've previously put this on stackexchange [1] and then bugzilla [2]. That's been a while though, so posting here for a bit more visibility in case it's something that's worth fixing.

The reproducer is roughly as follows. As root:
# echo "100" > /proc/sys/user/max_net_namespaces
# while true ; do (unshare -n bash -c 'sleep 0.3 && readlink /proc/self/ns/net') || sleep 0.5  ; done

As unprivileged user in a second terminal, run the below Python script [3]:
# python3 pin_net_namespaces.py

After about one minute the first terminal will show the following until the Python process keeping the network namespaces alive is terminated.
...
unshare: unshare failed: No space left on device
unshare: unshare failed: No space left on device

Without the change to max_net_namespaces reproducing just very long, but then also kernel memory grows fairly large.

Does that seem like problematic behavior? I had attached a patch and tests to [2], but I fall into the kernel newbie category, so not sure how useful.

Thanks,
   Arne


[1] https://unix.stackexchange.com/questions/576718/opening-proc-pid-net-dev-prevents-network-namespace-from-expiring-is-this-ex/
[2] https://bugzilla.kernel.org/show_bug.cgi?id=207351

[3] $ cat pin_net_namespaces.py
#!/usr/bin/env python3
import glob
import os
import time

net_namespaces = {}

while True:
    for net_dev in glob.glob("/proc/*/net/dev"):
        try:
            ino = os.stat(net_dev).st_ino
            if ino not in net_namespaces:
                net_namespaces[ino] = open(net_dev)
                print("Have", len(net_namespaces), "namespaces...")
        except FileNotFoundError:
            # not fast enough...
            pass

    time.sleep(0.2)
===
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]

  Powered by Linux