tree-wide: use container_uses_namespace() helper

No functional changes.

Will be useful in future support for an isolated
user namespaces [1]. I have already played with
that locally and found that in the LXC codebase
we have a bunch of different ways to ensure if
a container uses user namespaces or not.

This commit contains a trivial conversion from
an open-coded version of the container_uses_namespace()
helper to an actual use of the helper.

[1] https://lpc.events/event/17/contributions/1569/

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a7775059dfaa537bc8575cae86f81518df9f57a3..c6c4279e2f9482edb3db55b8f2ae765d0bacf62b 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4290,7 +4290,7 @@ int lxc_sync_fds_parent(struct lxc_handler *handler)
        if (ret < 0)
                return syserror_ret(ret, "Failed to receive tty info from child process");
 
-       if (handler->ns_clone_flags & CLONE_NEWNET) {
+       if (container_uses_namespace(handler, CLONE_NEWNET)) {
                ret = lxc_network_recv_name_and_ifindex_from_child(handler);
                if (ret < 0)
                        return syserror_ret(ret, "Failed to receive names and ifindices for network devices from child");
@@ -4320,7 +4320,7 @@ int lxc_sync_fds_child(struct lxc_handler *handler)
        if (ret < 0)
                return syserror_ret(ret, "Failed to send tty file descriptors to parent");
 
-       if (handler->ns_clone_flags & CLONE_NEWNET) {
+       if (container_uses_namespace(handler, CLONE_NEWNET)) {
                ret = lxc_network_send_name_and_ifindex_to_parent(handler);
                if (ret < 0)
                        return syserror_ret(ret, "Failed to send network device names and ifindices to parent");
@@ -4382,7 +4382,7 @@ int lxc_setup(struct lxc_handler *handler)
                        return log_error(-1, "Failed to setup container keyring");
        }
 
-       if (handler->ns_clone_flags & CLONE_NEWNET) {
+       if (container_uses_namespace(handler, CLONE_NEWNET)) {
                ret = lxc_network_recv_from_parent(handler);
                if (ret < 0)
                        return log_error(-1, "Failed to receive veth names from parent");

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 14e5cdab7245fe3235b4476dd712327beb583e82..4b3b2a264867f70c359d3731f5e7fa689d98d8c7 100644 (file)
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -3763,7 +3763,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler)
         * If we weren't asked to clone a new network namespace, there's
         * nothing to restore.
         */
-       if (!(handler->ns_clone_flags & CLONE_NEWNET))
+       if (!container_uses_namespace(handler, CLONE_NEWNET))
                return 0;
 
        /* We need CAP_NET_ADMIN in the parent namespace in order to setns() to

diff --git a/src/lxc/start.c b/src/lxc/start.c
index d8f641a8d788db704852a1f8ad696f47b82fac2f..a34f76a609cd90fd3dde6ed3c247aab07ffaada4 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1565,7 +1565,7 @@ static int core_scheduling(struct lxc_handler *handler)
        if (!conf->sched_core)
                return log_trace(0, "No new core scheduling domain requested");
 
-       if (!(handler->ns_clone_flags & CLONE_NEWPID))
+       if (!container_uses_namespace(handler, CLONE_NEWPID))
                return syserror_set(-EINVAL, "Core scheduling currently requires a separate pid namespace");
 
        ret = core_scheduling_cookie_create_threadgroup(handler->pid);
@@ -1641,7 +1641,7 @@ static int lxc_spawn(struct lxc_handler *handler)
        data_sock0 = handler->data_sock[0];
        data_sock1 = handler->data_sock[1];
 
-       if (handler->ns_clone_flags & CLONE_NEWNET) {
+       if (container_uses_namespace(handler, CLONE_NEWNET)) {
                ret = lxc_find_gateway_addresses(handler);
                if (ret) {
                        ERROR("Failed to find gateway addresses");
@@ -1685,7 +1685,7 @@ static int lxc_spawn(struct lxc_handler *handler)
                        .exit_signal = SIGCHLD,
                };
 
-               if (handler->ns_clone_flags & CLONE_NEWCGROUP) {
+               if (container_uses_namespace(handler, CLONE_NEWCGROUP)) {
                        cgroup_fd = cgroup_unified_fd(cgroup_ops);
                        if (cgroup_fd >= 0) {
                                handler->clone_flags    |= CLONE_INTO_CGROUP;
@@ -1840,7 +1840,7 @@ static int lxc_spawn(struct lxc_handler *handler)
                TRACE("Allocated new network namespace id");
 
        /* Create the network configuration. */
-       if (handler->ns_clone_flags & CLONE_NEWNET) {
+       if (container_uses_namespace(handler, CLONE_NEWNET)) {
                ret = lxc_create_network(handler);
                if (ret < 0) {
                        ERROR("Failed to create the network");
@@ -1870,7 +1870,7 @@ static int lxc_spawn(struct lxc_handler *handler)
                goto out_delete_net;
        }
 
-       if (handler->ns_clone_flags & CLONE_NEWNET) {
+       if (container_uses_namespace(handler, CLONE_NEWNET)) {
                ret = lxc_network_send_to_child(handler);
                if (ret < 0) {
                        SYSERROR("Failed to send veth names to child");
@@ -1986,7 +1986,7 @@ static int lxc_spawn(struct lxc_handler *handler)
        return 0;
 
 out_delete_net:
-       if (handler->ns_clone_flags & CLONE_NEWNET)
+       if (container_uses_namespace(handler, CLONE_NEWNET))
                lxc_delete_network(handler);
 
 out_abort: