start: add netnsfd to lxc_handler

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ed23034a0623e6452e34c1c34efa8ff9ba1c7d3d..4f21f53995d7c83bfd70597a6b88a0dc55643f41 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2591,6 +2591,7 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
                                      veth1, netdev->link, strerror(-err));
                        goto out_delete;
                }
+               INFO("Attached '%s': to the bridge '%s': ", veth1, netdev->link);
        }
 
        err = lxc_netdev_up(veth1);

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 451becb3351a3237ac05292b4ecca699a97dd5c1..8bc7f732fc889b133a575da9988fbd8e77463e65 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -564,6 +564,12 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
                        handler->nsfd[i] = -1;
                }
        }
+
+       if (handler->netnsfd >= 0) {
+               close(handler->netnsfd);
+               handler->netnsfd = -1;
+       }
+
        lxc_set_state(name, handler, STOPPED);
 
        if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL)) {
@@ -1051,24 +1057,28 @@ void resolve_clone_flags(struct lxc_handler *handler)
        handler->clone_flags = CLONE_NEWPID | CLONE_NEWNS;
 
        if (!lxc_list_empty(&handler->conf->id_map)) {
-               INFO("Cloning a new user namespace");
+               INFO("Cloning a new USER namespace");
                handler->clone_flags |= CLONE_NEWUSER;
        }
 
        if (handler->conf->inherit_ns_fd[LXC_NS_NET] == -1) {
-               if (!lxc_requests_empty_network(handler))
+               if (!lxc_requests_empty_network(handler)) {
+                       INFO("Cloning a new NET namespace");
                        handler->clone_flags |= CLONE_NEWNET;
+               }
        } else {
-               INFO("Inheriting a net namespace");
+               INFO("Inheriting a NET namespace");
        }
 
        if (handler->conf->inherit_ns_fd[LXC_NS_IPC] == -1) {
+               INFO("Cloning a new IPC namespace");
                handler->clone_flags |= CLONE_NEWIPC;
        } else {
                INFO("Inheriting an IPC namespace");
        }
 
        if (handler->conf->inherit_ns_fd[LXC_NS_UTS] == -1) {
+               INFO("Cloning a new UTS namespace");
                handler->clone_flags |= CLONE_NEWUTS;
        } else {
                INFO("Inheriting a UTS namespace");
@@ -1300,6 +1310,7 @@ static int lxc_spawn(struct lxc_handler *handler)
        }
 
        lxc_sync_fini(handler);
+       handler->netnsfd = lxc_preserve_ns(handler->pid, "net");
 
        return 0;
 
@@ -1319,26 +1330,6 @@ out_abort:
        return -1;
 }
 
-int get_netns_fd(int pid)
-{
-       char path[MAXPATHLEN];
-       int ret, fd;
-
-       ret = snprintf(path, MAXPATHLEN, "/proc/%d/ns/net", pid);
-       if (ret < 0 || ret >= MAXPATHLEN) {
-               WARN("Failed to pin netns file for pid %d", pid);
-               return -1;
-       }
-
-       fd = open(path, O_RDONLY);
-       if (fd < 0) {
-               WARN("Failed to pin netns file %s for pid %d: %s",
-                               path, pid, strerror(errno));
-               return -1;
-       }
-       return fd;
-}
-
 int __lxc_start(const char *name, struct lxc_conf *conf,
                struct lxc_operations* ops, void *data, const char *lxcpath,
                bool backgrounded)
@@ -1346,7 +1337,6 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
        struct lxc_handler *handler;
        int err = -1;
        int status;
-       int netnsfd = -1;
 
        handler = lxc_init(name, conf, lxcpath);
        if (!handler) {
@@ -1356,6 +1346,7 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
        handler->ops = ops;
        handler->data = data;
        handler->backgrounded = backgrounded;
+       handler->netnsfd = -1;
 
        if (must_drop_cap_sys_boot(handler->conf)) {
                #if HAVE_SYS_CAPABILITY_H
@@ -1397,13 +1388,13 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 
        handler->conf->reboot = 0;
 
-       netnsfd = get_netns_fd(handler->pid);
-
        err = lxc_poll(name, handler);
        if (err) {
                ERROR("mainloop exited with an error");
-               if (netnsfd >= 0)
-                       close(netnsfd);
+               if (handler->netnsfd >= 0) {
+                       close(handler->netnsfd);
+                       handler->netnsfd = -1;
+               }
                goto out_abort;
        }
 
@@ -1435,14 +1426,11 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
        }
 
        DEBUG("Pushing physical nics back to host namespace");
-       lxc_restore_phys_nics_to_netns(netnsfd, handler->conf);
+       lxc_restore_phys_nics_to_netns(handler->netnsfd, handler->conf);
 
        DEBUG("Tearing down virtual network devices used by container");
        lxc_delete_network(handler);
 
-       if (netnsfd >= 0)
-               close(netnsfd);
-
        if (handler->pinfd >= 0) {
                close(handler->pinfd);
                handler->pinfd = -1;

diff --git a/src/lxc/start.h b/src/lxc/start.h
index fe47ab9ffa23ba3aa72164f9fb19847d5df8512a..65d553bfeb4deb39bb0ac2ec9c228fba601d876f 100644 (file)
--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@@ -77,6 +77,7 @@ struct lxc_handler {
        int ttysock[2]; // socketpair for child->parent tty fd passing
        bool backgrounded; // indicates whether should we close std{in,out,err} on start
        int nsfd[LXC_NS_MAX];
+       int netnsfd;
 };