On Thu, Jun 08, 2017 at 10:31:53AM +0200, Nicolas Dichtel wrote:

Le 07/06/2017 à 21:14, Flavio Leitner a écrit :

quoted

Let's say the app is restarted, or another monitoring app is executed
with enough perms.  How will it identify the error condition?

Your app wants to monitor a subset of netns. It means that you already have a
way to identify those netns, something like a file stored somewhere
(/var/run/netns/, /proc/<pid>/ns/net, ...). Thus, it's easy to check if those
netns have a nsid assigned in the netns where your app will open the socket.

This option was called NETLINK_F_LISTEN_ALL_NSID, because it only enables to
listen netns *with* a nsid assigned, nothing more. It's up to the user to ensure
that nsid are correctly assigned.

Makes sense, thanks.
-- 
Flavio