Ubuntu
iproute2 package

ip-netns(8) unmounts /sys filesystem hierarchy within namespace

Bug #1870554 reported by Lucía Andrea Illanes Albornoz
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
iproute2 (Ubuntu)
Confirmed
Medium
Bilal Khan

Bug Description

Filesystems ordinarily mounted beneath /sys, particularly /sys/fs/cgroup, are not mounted within network namespaces created by ip-netns(8), as lib/namespace.c:netns_switch() explicitly remounts /sys.
The patch enclosed removes the offending calls to umount2(2) and mount(2), leaving the /sys hierarchy intact within network namespaces.

$ lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04

$ apt-cache policy iproute2
iproute2:
  Installed: 4.15.0-2ubuntu1
  Candidate: 4.15.0-2ubuntu1
  Version table:
 *** 4.15.0-2ubuntu1 500
        500 http://fr2.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        100 /var/lib/dpkg/status

Nota bene: this bug was reported in [1] (unresolved) and, on Arch Linux, [2].

References:
[1] https://answers.launchpad.net/ubuntu/+source/iproute2/+question/659146
[2] https://bugs.archlinux.org/task/33328

Revision history for this message
Lucía Andrea Illanes Albornoz (lalbornoz) wrote :
Mathew Hodson (mhodson)
Changed in iproute2 (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Bilal Khan (ibilalkayy) wrote :

In the netns_switch() function, the original code attempts to unmount the /sys filesystem and mount it again when switching network namespaces. This has been causing issues with the filesystems mounted beneath /sys, particularly /sys/fs/cgroup, which are not being mounted within network namespaces created by ip-netns(8).

To resolve this issue, I have removed the calls to umount2() and mount() related to the /sys filesystem in the function. This change ensures that the /sys hierarchy remains intact within network namespaces, and the reported bug should be resolved. Here is the updated function, which no longer unmounts and mounts /sys:

int netns_switch(char *name)
{
 char net_path[PATH_MAX];
 int netns;

 snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
 netns = open(net_path, O_RDONLY | O_CLOEXEC);
 if (netns < 0) {
  fprintf(stderr, "Cannot open network namespace \"%s\": %s\n",
   name, strerror(errno));
  return -1;
 }

 if (setns(netns, CLONE_NEWNET) < 0) {
  fprintf(stderr, "setting the network namespace \"%s\" failed: %s\n",
   name, strerror(errno));
  close(netns);
  return -1;
 }
 close(netns);

 if (unshare(CLONE_NEWNS) < 0) {
  fprintf(stderr, "unshare failed: %s\n", strerror(errno));
  return -1;
 }
 /* Don't let any mounts propagate back to the parent */
 if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) {
  fprintf(stderr, "\"mount --make-rslave /\" failed: %s\n",
   strerror(errno));
  return -1;
 }

 /* Setup bind mounts for config files in /etc */
 bind_etc(name);
 return 0;
}

This modification should address the bug and maintain the proper mounting of filesystems under /sys within network namespaces.

Changed in iproute2 (Ubuntu):
assignee: nobody → Bilal Khan (ibilalkayy)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in iproute2 (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.