From: Willy Tarreau <w@1wt.eu>
Date: Tue, 20 Oct 2015 13:14:07 +0000 (+0200)
Subject: BUG/MEDIUM: namespaces: don't fail if no namespace is used
X-Git-Tag: v1.7-dev1~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70f289cf8d9e9bc456a7a519a522fe44a146054f;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: namespaces: don't fail if no namespace is used

Susheel Jalali reported a confusing bug in namespaces implementation.
If namespaces are enabled at build time (USE_NS=1) and *no* namespace
is used at all in the whole config file, my_socketat() returns -1 and
all socket bindings fail. This is because of a wrong condition in this
function. A possible workaround consists in creating some namespaces.
---

diff --git a/src/namespace.c b/src/namespace.c
index a22f1a5c45..f1e81df7c4 100644
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -97,14 +97,13 @@ int my_socketat(const struct netns_entry *ns, int domain, int type, int protocol
 	int sock;
 
 #ifdef CONFIG_HAP_NS
-	if (default_namespace < 0 ||
-	    (ns && setns(ns->fd, CLONE_NEWNET) == -1))
+	if (default_namespace >= 0 && ns && setns(ns->fd, CLONE_NEWNET) == -1)
 		return -1;
 #endif
 	sock = socket(domain, type, protocol);
 
 #ifdef CONFIG_HAP_NS
-	if (ns && setns(default_namespace, CLONE_NEWNET) == -1) {
+	if (default_namespace >= 0 && ns && setns(default_namespace, CLONE_NEWNET) == -1) {
 		close(sock);
 		return -1;
 	}