Hello, [reposting from kernelnewbies as suggested by Greg]
as an unprivileged user one is able to keep network namespaces from expiring by opening /proc/<pid>/net/dev of other processes. I've previously put this on stackexchange [1] and then bugzilla [2]. That's been a while though, so posting here for a bit more visibility in case it's something that's worth fixing. The reproducer is roughly as follows. As root: # echo "100" > /proc/sys/user/max_net_namespaces # while true ; do # (unshare -n bash -c 'sleep 0.3 && readlink /proc/self/ns/net') || sleep 0.5 # done As unprivileged user in a second terminal, run below Python script [3]: # python3 pin_net_namespaces.py After about one minute the first terminal will show the following until the Python process keeping the network namespaces alive is terminated. ... unshare: unshare failed: No space left on device unshare: unshare failed: No space left on device Without the change to max_net_namespaces reproducing just takes very long, but then also kernel memory grows fairly large. Does that seem like problematic behavior? I had attached a patch and tests to [2], but I fall into the kernel newbie category, so not sure how useful. Thanks, Arne [1] https://unix.stackexchange.com/questions/576718/opening-proc-pid-net-dev-prevents-network-namespace-from-expiring-is-this-ex/ [2] https://bugzilla.kernel.org/show_bug.cgi?id=207351 [3] $ cat pin_net_namespaces.py #!/usr/bin/env python3 import glob import os import time net_namespaces = {} while True: for net_dev in glob.glob("/proc/*/net/dev"): try: ino = os.stat(net_dev).st_ino if ino not in net_namespaces: net_namespaces[ino] = open(net_dev) print("Have", len(net_namespaces), "namespaces...") except FileNotFoundError: # not fast enough... pass time.sleep(0.2)
