From patchwork Fri Jan 18 00:47:18 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Eric W. Biederman" X-Patchwork-Id: 213418 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 17DA72C0084 for ; Fri, 18 Jan 2013 11:47:36 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755012Ab3ARArd (ORCPT ); Thu, 17 Jan 2013 19:47:33 -0500 Received: from out03.mta.xmission.com ([166.70.13.233]:55867 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753825Ab3ARArc (ORCPT ); Thu, 17 Jan 2013 19:47:32 -0500 Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1Tw07E-0006OY-O1; Thu, 17 Jan 2013 17:47:29 -0700 Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1Tw07D-0008FC-Fm; Thu, 17 Jan 2013 17:47:28 -0700 From: ebiederm@xmission.com (Eric W. Biederman) To: Stephen Hemminger Cc: , "Serge E. Hallyn" , Ben Hutchings References: <87a9u4q7k9.fsf@xmission.com> <1354039239.2701.8.camel@bwh-desktop.uk.solarflarecom.com> <87622v5ngt.fsf_-_@xmission.com> Date: Thu, 17 Jan 2013 16:47:18 -0800 In-Reply-To: <87622v5ngt.fsf_-_@xmission.com> (Eric W. Biederman's message of "Thu, 17 Jan 2013 16:44:34 -0800") Message-ID: <87ip6v48rt.fsf_-_@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) MIME-Version: 1.0 X-XM-AID: U2FsdGVkX1+Tavun4U03RRC/zMZXAgVLX7b6Xw7ykxM= X-SA-Exim-Connect-IP: 98.207.153.68 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sa07.xmission.com X-Spam-Level: X-Spam-Status: No, score=-3.9 required=8.0 tests=ALL_TRUSTED,BAYES_00, DCC_CHECK_NEGATIVE,T_TooManySym_01,T_TooManySym_02,XMSubLong autolearn=disabled version=3.3.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.1 XMSubLong Long Subject * -3.0 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject * 0.0 T_TooManySym_02 5+ unique symbols in subject X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Stephen Hemminger X-Spam-Relay-Country: Subject: [PATCH iproute2-3.8 4/6] iproute2: Make "ip netns delete" more likely to succeed X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Sometimes "ip netns delete" fails because it can not delete the file a network namespace was mounted on. If this only happened when a network namespace was really in use this would be fine, but today it is possible to pin all network namespaces by simply having a long running process started with "ip netns exec". Every mount is copied when a network namespace is created so it is impossible to prevent the mounts from getting into other mount namespaces. Modify all mounts in the files and subdirectories of /var/run/netns to be shared mount points so that unmount events can propogate, making it unlikely that "ip netns delete" will fail because a directory is mounted in another mount namespace. Signed-off-by: "Eric W. Biederman" --- ip/ipnetns.c | 24 ++++++++++++++++++++++++ 1 files changed, 24 insertions(+), 0 deletions(-) diff --git a/ip/ipnetns.c b/ip/ipnetns.c index 4fce379..33765b5 100644 --- a/ip/ipnetns.c +++ b/ip/ipnetns.c @@ -208,6 +208,7 @@ static int netns_add(int argc, char **argv) char netns_path[MAXPATHLEN]; const char *name; int fd; + int made_netns_run_dir_mount = 0; if (argc < 1) { fprintf(stderr, "No netns name specified\n"); @@ -220,6 +221,29 @@ static int netns_add(int argc, char **argv) /* Create the base netns directory if it doesn't exist */ mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + /* Make it possible for network namespace mounts to propogate between + * mount namespaces. This makes it likely that a unmounting a network + * namespace file in one namespace will unmount the network namespace + * file in all namespaces allowing the network namespace to be freed + * sooner. + */ + while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) { + /* Fail unless we need to make the mount point */ + if (errno != EINVAL || made_netns_run_dir_mount) { + fprintf(stderr, "mount --make-shared %s failed: %s\n", + NETNS_RUN_DIR, strerror(errno)); + return EXIT_FAILURE; + } + + /* Upgrade NETNS_RUN_DIR to a mount point */ + if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) { + fprintf(stderr, "mount --bind %s %s failed: %s\n", + NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno)); + return EXIT_FAILURE; + } + made_netns_run_dir_mount = 1; + } + /* Create the filesystem state */ fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0); if (fd < 0) {