search

vishvananda / netns

Simple network namespace handling for go.
Apache License 2.0
379 stars 133 forks source link

Set O_CLOEXEC when opening a network namespace #43

Closed fanjiyun closed 4 years ago

fanjiyun commented 4 years ago

Set O_CLOEXEC when opening a network namespace

Fix: moby/moby/issues/41136 the container‘s netns fds leak, causing the container netns to not clean up successfully after the container stop

Signed-off-by: fanjiyun fan.jiyun@zte.com.cn

thaJeztah commented 4 years ago

@vishvananda PTAL

thaJeztah commented 4 years ago

@vishvananda @tklauser ptal

tklauser commented 4 years ago

FWIW, ip netns sets O_CLOEXEC too: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/ipnetns.c?id=d0b645a51e5b5315e14ae2f5538e1e9df6c9f419#n940

thaJeztah commented 4 years ago

@aboch can you help out getting this merged?

fanjiyun commented 4 years ago

@thaJeztah @tklauser @aboch is there anything I need to do for this PR? thanks.

aboch commented 4 years ago

ping @vishvananda

thaJeztah commented 4 years ago

Also, @vishvananda are you interested in having more maintainers added to this repository to help out? If so, I can look for some people to help on that.

vishvananda commented 4 years ago

this looks good. Pull requests are so rare to this repo i haven't been paying attention. I could add @aboch to have a backup

thaJeztah commented 4 years ago

Thanks! Yes, looks like it's fairly stable/low maintenance. Having @aboch added (if he's interested 🤗) would be appreciated