From: Christian Brauner <brauner@kernel.org>
Date: Fri, 30 Sep 2022 13:05:02 +0000 (+0200)
Subject: nspawn: use in_same_namespace() helper
X-Git-Tag: v252-rc1~13^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7a2dc3dd507ffa04b2c337c163f0a6e523eb765;p=thirdparty%2Fsystemd.git

nspawn: use in_same_namespace() helper
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 056d4f1bc5d..01a67b5553a 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -5387,8 +5387,6 @@ static int initialize_rlimits(void) {
 }
 
 static int cant_be_in_netns(void) {
-        char udev_path[STRLEN("/proc//ns/net") + DECIMAL_STR_MAX(pid_t)];
-        _cleanup_free_ char *udev_ns = NULL, *our_ns = NULL;
         _cleanup_close_ int fd = -1;
         struct ucred ucred;
         int r;
@@ -5417,16 +5415,10 @@ static int cant_be_in_netns(void) {
         if (r < 0)
                 return log_error_errno(r, "Failed to determine peer of udev control socket: %m");
 
-        xsprintf(udev_path, "/proc/" PID_FMT "/ns/net", ucred.pid);
-        r = readlink_malloc(udev_path, &udev_ns);
+        r = in_same_namespace(ucred.pid, 0, NAMESPACE_NET);
         if (r < 0)
-                return log_error_errno(r, "Failed to read network namespace of udev: %m");
-
-        r = readlink_malloc("/proc/self/ns/net", &our_ns);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read our own network namespace: %m");
-
-        if (!streq(our_ns, udev_ns))
+                return log_error_errno(r, "Failed to determine network namespace of udev: %m");
+        if (r == 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                                        "Sorry, but --image= is only supported in the main network namespace, since we need access to udev/AF_NETLINK.");
         return 0;