From: Christian Brauner <christian.brauner@canonical.com>
Date: Thu, 27 Oct 2016 12:35:26 +0000 (+0200)
Subject: start: add netnsfd to lxc_handler
X-Git-Tag: lxc-2.1.0~260^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=738d0deb13040ad6026fd345063c43bd4291babd;p=thirdparty%2Flxc.git

start: add netnsfd to lxc_handler

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ed23034a0..4f21f5399 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2591,6 +2591,7 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
 				      veth1, netdev->link, strerror(-err));
 			goto out_delete;
 		}
+		INFO("Attached '%s': to the bridge '%s': ", veth1, netdev->link);
 	}
 
 	err = lxc_netdev_up(veth1);
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 451becb33..8bc7f732f 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -564,6 +564,12 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 			handler->nsfd[i] = -1;
 		}
 	}
+
+	if (handler->netnsfd >= 0) {
+		close(handler->netnsfd);
+		handler->netnsfd = -1;
+	}
+
 	lxc_set_state(name, handler, STOPPED);
 
 	if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL)) {
@@ -1051,24 +1057,28 @@ void resolve_clone_flags(struct lxc_handler *handler)
 	handler->clone_flags = CLONE_NEWPID | CLONE_NEWNS;
 
 	if (!lxc_list_empty(&handler->conf->id_map)) {
-		INFO("Cloning a new user namespace");
+		INFO("Cloning a new USER namespace");
 		handler->clone_flags |= CLONE_NEWUSER;
 	}
 
 	if (handler->conf->inherit_ns_fd[LXC_NS_NET] == -1) {
-		if (!lxc_requests_empty_network(handler))
+		if (!lxc_requests_empty_network(handler)) {
+			INFO("Cloning a new NET namespace");
 			handler->clone_flags |= CLONE_NEWNET;
+		}
 	} else {
-		INFO("Inheriting a net namespace");
+		INFO("Inheriting a NET namespace");
 	}
 
 	if (handler->conf->inherit_ns_fd[LXC_NS_IPC] == -1) {
+		INFO("Cloning a new IPC namespace");
 		handler->clone_flags |= CLONE_NEWIPC;
 	} else {
 		INFO("Inheriting an IPC namespace");
 	}
 
 	if (handler->conf->inherit_ns_fd[LXC_NS_UTS] == -1) {
+		INFO("Cloning a new UTS namespace");
 		handler->clone_flags |= CLONE_NEWUTS;
 	} else {
 		INFO("Inheriting a UTS namespace");
@@ -1300,6 +1310,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 	}
 
 	lxc_sync_fini(handler);
+	handler->netnsfd = lxc_preserve_ns(handler->pid, "net");
 
 	return 0;
 
@@ -1319,26 +1330,6 @@ out_abort:
 	return -1;
 }
 
-int get_netns_fd(int pid)
-{
-	char path[MAXPATHLEN];
-	int ret, fd;
-
-	ret = snprintf(path, MAXPATHLEN, "/proc/%d/ns/net", pid);
-	if (ret < 0 || ret >= MAXPATHLEN) {
-		WARN("Failed to pin netns file for pid %d", pid);
-		return -1;
-	}
-
-	fd = open(path, O_RDONLY);
-	if (fd < 0) {
-		WARN("Failed to pin netns file %s for pid %d: %s",
-				path, pid, strerror(errno));
-		return -1;
-	}
-	return fd;
-}
-
 int __lxc_start(const char *name, struct lxc_conf *conf,
 		struct lxc_operations* ops, void *data, const char *lxcpath,
 		bool backgrounded)
@@ -1346,7 +1337,6 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 	struct lxc_handler *handler;
 	int err = -1;
 	int status;
-	int netnsfd = -1;
 
 	handler = lxc_init(name, conf, lxcpath);
 	if (!handler) {
@@ -1356,6 +1346,7 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 	handler->ops = ops;
 	handler->data = data;
 	handler->backgrounded = backgrounded;
+	handler->netnsfd = -1;
 
 	if (must_drop_cap_sys_boot(handler->conf)) {
 		#if HAVE_SYS_CAPABILITY_H
@@ -1397,13 +1388,13 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 
 	handler->conf->reboot = 0;
 
-	netnsfd = get_netns_fd(handler->pid);
-
 	err = lxc_poll(name, handler);
 	if (err) {
 		ERROR("mainloop exited with an error");
-		if (netnsfd >= 0)
-			close(netnsfd);
+		if (handler->netnsfd >= 0) {
+			close(handler->netnsfd);
+			handler->netnsfd = -1;
+		}
 		goto out_abort;
 	}
 
@@ -1435,14 +1426,11 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 	}
 
 	DEBUG("Pushing physical nics back to host namespace");
-	lxc_restore_phys_nics_to_netns(netnsfd, handler->conf);
+	lxc_restore_phys_nics_to_netns(handler->netnsfd, handler->conf);
 
 	DEBUG("Tearing down virtual network devices used by container");
 	lxc_delete_network(handler);
 
-	if (netnsfd >= 0)
-		close(netnsfd);
-
 	if (handler->pinfd >= 0) {
 		close(handler->pinfd);
 		handler->pinfd = -1;
diff --git a/src/lxc/start.h b/src/lxc/start.h
index fe47ab9ff..65d553bfe 100644
--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@@ -77,6 +77,7 @@ struct lxc_handler {
 	int ttysock[2]; // socketpair for child->parent tty fd passing
 	bool backgrounded; // indicates whether should we close std{in,out,err} on start
 	int nsfd[LXC_NS_MAX];
+	int netnsfd;
 };