Opening /proc/<pid>/net/dev prevents network namespace from expiring
Grant Taylor
gtaylor at tnetconsulting.net
Mon Aug 24 12:53:51 EDT 2020
On 8/22/20 3:05 PM, Arne Welzel wrote:
> Hello,
Hi,
> as an unprivileged user one is able to keep network namespaces from
> expiring by opening /proc/<pid>/net/dev of other processes.
This is what I would expect.
At least based on my understanding of how the various namespaces work.
If something is using the namespace, it's not removed. Opening a file /
device therein would count as using it.
> Does that seem like problematic behavior?
No, not as such.
This seems to me like a permissions issue on the /proc/<pid> directory.
Read: Set the permissions such that access is restricted appropriately.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20200824/8690771e/attachment.p7s>
More information about the Kernelnewbies
mailing list