| Summary: | ip: addr flush hangs forever when called by non-root user | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Andrej Gantvorg <a.gantvorg> |
| Component: | Networking | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | busybox-cvs, mikma.busybox |
| Priority: | P5 | ||
| Version: | 1.22.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: | The quick-and-dirty patch that should further illustrate the issue. | ||
My initial impression proved partly incorrect: in case of success "ip addr flush dev XXX" receives no response from kernel. The receive in flush_update() must not block. This problem also occurs when running as root without cap_net_admin capability. Docker containers by default run without this capability and hang with 100% CPU utilization if you run "ip addr flush dev <ifname>". This includes containers based on alpine which use busybox by default. It would be nice with a solution to this problem. (In reply to Mikael from comment #2) Can you strace the offending command? Fixed in git, please test. Thanks for the patch, it solves the problem for me. It applied cleanly on version 1.30.1 which I tested. |
Created attachment 5276 [details] The quick-and-dirty patch that should further illustrate the issue. When called without root privilleges, the "ip flush dev" command should return with a "permission denied" message. Busybox' implementation sends an according rtnl message but does not check for response from kernel containing the error state (networking/libiproute/ipaddress.c, flush_update()). Thus, the for-loop in ipaddr_list_or_flush() is never left causing the applet to hang forever.