From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTP id C934E5A0082 for ; Thu, 2 Feb 2023 16:24:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1675351440; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fFuGCd3BEfu0RtMJb3CN0AzkTjRMcslPqLHc8vbxEeY=; b=YbqZKWM+ddqgLqZGp2VFhNiV+GikKIYK2Qvn0bNg5XGl+tfJAVskXXQSQ3lo9uakWwgN+w gCkxrZkAldgCyyUG+lki0Br6s/kh+4A4DdrMuSqeJ91YHhWKd8vq7G4JGTdCW0RJJuvLWV Tv8RGf9t62NAyO4rmv1QV/cqwfXuVlI= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-110-XBFmlGSDPpGyFbAPgUX1mA-1; Thu, 02 Feb 2023 10:23:58 -0500 X-MC-Unique: XBFmlGSDPpGyFbAPgUX1mA-1 Received: by mail-wm1-f72.google.com with SMTP id bg24-20020a05600c3c9800b003db0ddddb6fso1187685wmb.0 for ; Thu, 02 Feb 2023 07:23:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fFuGCd3BEfu0RtMJb3CN0AzkTjRMcslPqLHc8vbxEeY=; b=RpubfkSnysKhP7m+0grt2CcOCIYAD/YprWCJ9D+e3cXy5xiniVls6KGNKwLb+vOwV4 9ZLy6BnIReUSML0EoFmtNhUs3+E9HX1vWJHnM1wd2yQjGwst/AOeEufd3maMHh11M7Hb nvgYLradoA6/RYL3CMvLd2UWL6lltbD+SY9Vo+vLjPh4yKTRg1+np/qZZpL3qJWzZcQ0 wBPe+xi+mqptXqwOrhbP2Ui1+J85baeoHAg0ELOK/q75VPjbAeONwqABvMwRF2KcTmVM XOje6vShPSP0uk338sljUEyVFZI44WcLluNrnU1XoXTBX3yuOzIY/CWJRThhcpGuAEi7 3bNw== X-Gm-Message-State: AO0yUKWJ6y1aWHMOpyC8ksyYVSr/5WC5pC2j6BDeSMDioZjGeIxIkUk6 C+Omc2u+XKKsBIdCAaiDfdKbdZJkyF5nEFy8+7SBpipxDUe9fSiiqrZ0YTq0YJapVYmZJSBbTUM Xvihw/3FYD667 X-Received: by 2002:a05:600c:1e1f:b0:3dc:40a0:3853 with SMTP id ay31-20020a05600c1e1f00b003dc40a03853mr2182022wmb.11.1675351436295; Thu, 02 Feb 2023 07:23:56 -0800 (PST) X-Google-Smtp-Source: AK7set8DPFQdOcnGu8rmHEMI3vLM0m5pyN7MFn2AixyxeEpKq+7cjeFnXjIhXt1txFqhNgg2UnE9hQ== X-Received: by 2002:a05:600c:1e1f:b0:3dc:40a0:3853 with SMTP id ay31-20020a05600c1e1f00b003dc40a03853mr2181978wmb.11.1675351435024; Thu, 02 Feb 2023 07:23:55 -0800 (PST) Received: from [192.168.188.25] ([80.243.52.133]) by smtp.gmail.com with ESMTPSA id bg21-20020a05600c3c9500b003db06493ee7sm5816393wmb.47.2023.02.02.07.23.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Feb 2023 07:23:54 -0800 (PST) Message-ID: <7799b65a-dd26-c198-721e-ef54b6756d7e@redhat.com> Date: Thu, 2 Feb 2023 16:23:53 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: Re: [PATCH] pasta: wait for netns setup before calling exec To: Stefano Brivio References: <20230201180116.21281-1-pholzing@redhat.com> <20230202112506.187d852e@elisabeth> From: Paul Holzinger In-Reply-To: <20230202112506.187d852e@elisabeth> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-MailFrom: pholzing@redhat.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: K6ME4MDJXZTZIPSB6ZXRWYQ5XTK3W4CS X-Message-ID-Hash: K6ME4MDJXZTZIPSB6ZXRWYQ5XTK3W4CS X-Mailman-Approved-At: Thu, 02 Feb 2023 20:31:40 +0100 CC: passt-dev@passt.top X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 02/02/2023 11:25, Stefano Brivio wrote: > On Wed, 1 Feb 2023 19:01:16 +0100 > Paul Holzinger wrote: > >> When a user spawns a command with pasta they expect the network to be >> ready. Currently this does not work because pasta will fork/exec >> before it will setup the network config. >> >> This patch fixes it by using a pipe to sync parent and child. The child >> will now block reading from this pipe before the exec call. The parent >> will then unblock the child only after the netns was configured. > Thanks for the patch! I'm reviewing this in a bit. > > A few considerations meanwhile: > > - there's actually a bigger issue (you're fixing here) than the > namespace configuration (via netlink) itself: the tap device isn't > ready (tap_sock_init() hasn't been called yet) when we spawn the > command in the new namespace. Oops. > > If you're wondering: we can't just reorder things, because to complete > the configuration phase (conf()) we need the namespace to be set up, > and we can't initialise the tap device before it's set up > > - pipes are more commonly used to transfer data around (hence the whole > code you need to open a communication channel, check it, close it). > Did you try with a signal? Or is there a reason why it wouldn't work? > > You could simply SIGSTOP the child, from the child itself: > > kill(getpid(), SIGSTOP); > > and send a SIGCONT to it (we already store the PID of the child in > pasta_child_pid) once we're ready. > > SIGCONT is special in that it doesn't need CAP_KILL or the processes > to run under the same UID -- just in the same session, so it wouldn't > risk interfering with the isolation_*() calls. > > I haven't tested this but I think it should lead to simpler code. > I simply haven't thought of using the stop signal, we use pipes like that in podman so I knew how to implement it. I will test your approach, I agree that it would be a bit simpler.