
Getting a network trace from a single application - jonasdn
http://jonasdn.blogspot.com/2016/07/getting-network-trace-from-single.html
======
ckastner
Looks very nice!

One thing: the "Handle exceptions of setuid() and setgid()" commit message
caught my eye, so I took a look:

    
    
      if (setuid(uid) < 0) { 
              fprintf(stderr, "Unable to set process user ID"); 
      }
    

You probably want to add an exit() here, as well as to the preceeding setgid()
call. Also, the earlier initgroups() can fail, too, so its result should also
be checked.

~~~
jakobdabo
While we are doing this...

    
    
        #define APP_TIMEOUT (2000000L) /* 2 seconds */
        ...
        usleep(APP_TIMEOUT);
    

usleep limits its argument's range to values from 0 to 1000000 and is
considered obsolete. Please use nanosleep instead.

~~~
jonasdn
Thank you, applied :)

------
mrb
Cool! Namespace are a powerful but not very well known feature of Linux.

~~~
andrewstuart2
Well, unless you count docker, rkt, and the whole linux containers thing.

~~~
rincebrain
There are a number of consumers of namespaces, particularly of late, but
they've been around (depending on which type) for years at this point, and
many users (or even admins) have little knowledge of their existence or usage
unless it comes time to deploy $CONTAINER and their platform does not have
them enabled.

