From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Feb 2023 06:32:02 +0000 (+0900)
Subject: core/execute: introduce exec_needs_network_namespace() helper function
X-Git-Tag: v254-rc1~1179^2~9
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fbbb9697b64286e70cd99fa7d56a9bc9c61ddc8e;p=thirdparty%2Fsystemd.git

core/execute: introduce exec_needs_network_namespace() helper function
---

diff --git a/src/core/execute.c b/src/core/execute.c
index 1ed81a5c6d6..5ed7ded7eb5 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2023,6 +2023,12 @@ static int build_pass_environment(const ExecContext *c, char ***ret) {
         return 0;
 }
 
+bool exec_needs_network_namespace(const ExecContext *context) {
+        assert(context);
+
+        return context->private_network || context->network_namespace_path;
+}
+
 bool exec_needs_mount_namespace(
                 const ExecContext *context,
                 const ExecParameters *params,
@@ -4822,7 +4828,7 @@ static int exec_child(
                 }
         }
 
-        if ((context->private_network || context->network_namespace_path) && runtime && runtime->netns_storage_socket[0] >= 0) {
+        if (exec_needs_network_namespace(context) && runtime && runtime->netns_storage_socket[0] >= 0) {
 
                 if (ns_type_supported(NAMESPACE_NET)) {
                         r = setup_shareable_ns(runtime->netns_storage_socket, CLONE_NEWNET);
@@ -6840,7 +6846,7 @@ static int exec_runtime_make(
         assert(id);
 
         /* It is not necessary to create ExecRuntime object. */
-        if (!c->private_network && !c->private_ipc && !c->private_tmp && !c->network_namespace_path) {
+        if (!exec_needs_network_namespace(c) && !c->private_ipc && !c->private_tmp) {
                 *ret = NULL;
                 return 0;
         }
@@ -6854,7 +6860,7 @@ static int exec_runtime_make(
                         return r;
         }
 
-        if (c->private_network || c->network_namespace_path) {
+        if (exec_needs_network_namespace(c)) {
                 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, netns_storage_socket) < 0)
                         return -errno;
         }
diff --git a/src/core/execute.h b/src/core/execute.h
index 325f340862c..b115a52a732 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -531,3 +531,4 @@ const char* exec_resource_type_to_string(ExecDirectoryType i) _const_;
 ExecDirectoryType exec_resource_type_from_string(const char *s) _pure_;
 
 bool exec_needs_mount_namespace(const ExecContext *context, const ExecParameters *params, const ExecRuntime *runtime);
+bool exec_needs_network_namespace(const ExecContext *context);
diff --git a/src/core/socket.c b/src/core/socket.c
index 8241ba050bf..3dd726d52a1 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -1494,7 +1494,7 @@ static int fork_needed(const SocketAddress *address, const ExecContext *context)
                         return true;
         }
 
-        return context->private_network || context->network_namespace_path;
+        return exec_needs_network_namespace(context);
 }
 
 static int socket_address_listen_in_cgroup(
@@ -1557,7 +1557,7 @@ static int socket_address_listen_in_cgroup(
 
                 pair[0] = safe_close(pair[0]);
 
-                if ((s->exec_context.private_network || s->exec_context.network_namespace_path) &&
+                if (exec_needs_network_namespace(&s->exec_context) &&
                     s->exec_runtime &&
                     s->exec_runtime->netns_storage_socket[0] >= 0) {