Package: iproute Version: 20111117-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu saucy ubuntu-patch
Dear Maintainer, When trying to remove a namespace when another namespace is mounted may cause a failure. Upstream discussion here: http://comments.gmane.org/gmane.linux.network/240795 Ubuntu bug is here: http://bugs.launchpad.net/bugs/1238981 This upstream patch solves the issue. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise'), (100, 'precise-backports') Architecture: amd64 (x86_64) Kernel: Linux 3.5.0-42-generic (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru iproute-20111117/debian/changelog iproute-20111117/debian/changelog diff -Nru iproute-20111117/debian/patches/make-ip-netns-delete-more-likely-to-succeed.patch iproute-20111117/debian/patches/make-ip-netns-delete-more-likely-to-succeed.patch --- iproute-20111117/debian/patches/make-ip-netns-delete-more-likely-to-succeed.patch 1969-12-31 18:00:00.000000000 -0600 +++ iproute-20111117/debian/patches/make-ip-netns-delete-more-likely-to-succeed.patch 2013-10-15 10:59:50.000000000 -0500 @@ -0,0 +1,61 @@ +Description: iproute2: Make "ip netns delete" more likely to succeed + +Sometimes "ip netns delete" fails because it can not delete the file a +network namespace was mounted on. If this only happened when a +network namespace was really in use this would be fine, but today it +is possible to pin all network namespaces by simply having a long +running process started with "ip netns exec". + +Every mount is copied when a network namespace is created so it is +impossible to prevent the mounts from getting into other mount +namespaces. Modify all mounts in the files and subdirectories of +/var/run/netns to be shared mount points so that unmount events can +propogate, making it unlikely that "ip netns delete" will fail because +a directory is mounted in another mount namespace. + +Author: "Eric W. Biederman" <ebied...@xmission.com> + +Origin: upstream, https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=58a3e8270fe72f8ed92687d3a3132c2a708582dd +Bug-Ubuntu: https://launchpad.net/bugs/1238981 +Last-Update: 2013-10-15 + +--- a/ip/ipnetns.c ++++ b/ip/ipnetns.c +@@ -205,6 +205,7 @@ static int netns_add(int argc, char **ar + char netns_path[MAXPATHLEN]; + const char *name; + int fd; ++ int made_netns_run_dir_mount = 0; + + if (argc < 1) { + fprintf(stderr, "No netns name specified\n"); +@@ -217,6 +218,29 @@ static int netns_add(int argc, char **ar + /* Create the base netns directory if it doesn't exist */ + mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + ++ /* Make it possible for network namespace mounts to propogate between ++ * mount namespaces. This makes it likely that a unmounting a network ++ * namespace file in one namespace will unmount the network namespace ++ * file in all namespaces allowing the network namespace to be freed ++ * sooner. ++ */ ++ while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) { ++ /* Fail unless we need to make the mount point */ ++ if (errno != EINVAL || made_netns_run_dir_mount) { ++ fprintf(stderr, "mount --make-shared %s failed: %s\n", ++ NETNS_RUN_DIR, strerror(errno)); ++ return EXIT_FAILURE; ++ } ++ ++ /* Upgrade NETNS_RUN_DIR to a mount point */ ++ if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) { ++ fprintf(stderr, "mount --bind %s %s failed: %s\n", ++ NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno)); ++ return EXIT_FAILURE; ++ } ++ made_netns_run_dir_mount = 1; ++ } ++ + /* Create the filesystem state */ + fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0); + if (fd < 0) { diff -Nru iproute-20111117/debian/patches/series iproute-20111117/debian/patches/series --- iproute-20111117/debian/patches/series 2012-04-08 18:40:42.000000000 -0500 +++ iproute-20111117/debian/patches/series 2013-10-15 10:57:34.000000000 -0500 @@ -1,3 +1,4 @@ moo.diff txtdocs.diff cross.diff +make-ip-netns-delete-more-likely-to-succeed.patch
