On Mon, Feb 23, 2026 at 02:38:33PM -0800, Bobby Eshleman wrote: > From: Bobby Eshleman <[email protected]> > > Two administrator processes may race when setting child_ns_mode as one > process sets child_ns_mode to "local" and then creates a namespace, but > another process changes child_ns_mode to "global" between the write and > the namespace creation. The first process ends up with a namespace in > "global" mode instead of "local". While this can be detected after the > fact by reading ns_mode and retrying, it is fragile and error-prone. > > Make child_ns_mode write-once so that a namespace manager can set it > once and be sure it won't change. Writing a different value after the > first write returns -EBUSY. This applies to all namespaces, including > init_net, where an init process can write "local" to lock all future > namespaces into local mode. > > Fixes: eafb64f40ca4 ("vsock: add netns to vsock core") > Suggested-by: Daan De Meyer <[email protected]> > Suggested-by: Stefano Garzarella <[email protected]> > Co-developed-by: Stefano Garzarella <[email protected]> > Signed-off-by: Stefano Garzarella <[email protected]>
Stefano, I wasn't sure if you wanted the Co-developed-by and S-o-b on this iteration, but I added it just in case. Please let me know, if that wasn't what you intended. Best, Bobby
