Created attachment 288611 [details] RFC patch Hello, I've found some interesting behavior regarding network namespace expiration and the proc files in `/proc/[pid]/net/*`. That is, a network namespace (without any processes) does not expire if another process had, for example, opened `/proc/[pid]/net/dev` but never closed it. This seems very unexpected and contra to what is documented about "Namespace lifetime" in the manpage [1]. A non-root user can keep a root created namespace alive. I had initially asked this on stackexchange [2] where there are a few more details. This was found by observing veth interfaces not being destructed for a long time when keeping /proc/[pid]/net/dev` open. [I'm attaching an RFC patch - this was mostly done for my own learning as I haven't worked on the kernel before and seemed like a good opportunity. If it doesn't look completely off I'm happy to submit somewhere. Also attached a python script with test cases.] [1] https://manpages.debian.org/testing/manpages/namespaces.7.en.html#Namespace_lifetime [2] https://unix.stackexchange.com/questions/576718/opening-proc-pid-net-dev-prevents-network-namespace-from-expiring-is-this-ex
Created attachment 288613 [details] Test cases for read() returning ESRCH when namespace does not exist anymore. These may be a bit flaky, but with proposed patch applied should give the following output: $ python3 tests.py test_read_net_dev... OK test_read_net_dev__namespace... OK test_read_net_dev__namespace_killed... OK test_seek_read_net_dev__namespace_killed... OK test_read_net_netstat__namespace_killed... OK test_read_net_netstat... OK