On Mon, 22 May 2023 19:45:59 +0200 Stefano Brivio <sbrivio(a)redhat.com> wrote:In pasta_wait_for_ns(), open() failing with ENOENT is expected: we're busy-looping until the network namespace appears. But any other failure is not something we're going to recover from: return right away if we don't get either success or ENOENT. Now that pasta_wait_for_ns() can actually fail, handle that in pasta_start_ns() by reporting the issue and exiting. Looping on EPERM, when pasta doesn't actually have the permissions to join a given namespace, isn't exactly a productive thing to do. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au> --- pasta.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pasta.c b/pasta.c index b30ce70..2a6fb60 100644 --- a/pasta.c +++ b/pasta.c @@ -95,8 +95,11 @@ static int pasta_wait_for_ns(void *arg) char ns[PATH_MAX]; snprintf(ns, PATH_MAX, "/proc/%i/ns/net", pasta_child_pid); - do - while ((c->pasta_netns_fd = open(ns, flags)) < 0); + while ((c->pasta_netns_fd = open(ns, flags)) < 0) { + if (errno != ENOENT) + return 0; + } + while (setns(c->pasta_netns_fd, CLONE_NEWNET) && !close(c->pasta_netns_fd));Oops, what did I do here... :( On a failed setns(), we need (in most cases) to close and reopen the file. The fix and intention are quite obvious so I'm just fixing this up now as I'm applying it. -- Stefano