• David Woodhouse's avatar
    tun: add IFF_TUN_EXCL flag to avoid opening a persistent device. · f85ba780
    David Woodhouse authored
    When creating a certain types of VPN, NetworkManager will first attempt
    to find an available tun device by iterating through 'vpn%d' until it
    finds one that isn't already busy. Then it'll set that to be persistent
    and owned by the otherwise unprivileged user that the VPN dæmon itself
    runs as.
    
    There's a race condition here -- during the period where the vpn%d
    device is created and we're waiting for the VPN dæmon to actually
    connect and use it, if we try to create _another_ device we could end up
    re-using the same one -- because trying to open it again doesn't get
    -EBUSY as it would while it's _actually_ busy.
    
    So solve this, we add an IFF_TUN_EXCL flag which causes tun_set_iff() to
    fail if it would be opening an existing persistent tundevice -- so that
    we can make sure we're getting an entirely _new_ device.
    Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    f85ba780
tun.c 31.6 KB