From eb567478516897fadac1b7d205bef5c86284eace Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Thu, 4 Mar 2021 15:40:08 +0000 Subject: [PATCH] Implement namespace creation method Since [1], Pyroute forks the namespace creation to avoid calling destructive routine "libc.unshare(CLONE_NEWNET)" from the main process. This implementation uses sockets between both processes to return any error feedback sent from the child process. This patch implements the same fork without any communication. If the child process raises an exception other than "OSError(EEXIST)", the child process returns 1 that is read by the the main process, that raises a "RuntimeError" exception. Related-Bug: #1917487 [1]https://github.com/svinota/pyroute2/commit/81db2c98a1dda1c575ae087519cb08aa6ffdb39e Change-Id: I0294586335a71d0757803843f675124bfb450967 --- neutron/privileged/agent/linux/ip_lib.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/neutron/privileged/agent/linux/ip_lib.py b/neutron/privileged/agent/linux/ip_lib.py index c3106285a55..c75c8f6af31 100644 --- a/neutron/privileged/agent/linux/ip_lib.py +++ b/neutron/privileged/agent/linux/ip_lib.py @@ -543,11 +543,19 @@ def create_netns(name, **kwargs): :param name: The name of the namespace to create """ - try: - netns.create(name, libc=priv_linux.get_cdll()) - except OSError as e: - if e.errno != errno.EEXIST: - raise + pid = os.fork() + if pid == 0: + try: + netns._create(name, libc=priv_linux.get_cdll()) + except OSError as e: + if e.errno != errno.EEXIST: + os._exit(1) + except Exception: + os._exit(1) + os._exit(0) + else: + if os.waitpid(pid, 0)[1]: + raise RuntimeError(_('Error creating namespace %s' % name)) @privileged.default.entrypoint