From d2881ef96ec63c29a4ed41a23133068c821c4fb0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 19 Jan 2024 10:46:20 +0900 Subject: [PATCH] tree-wide: add short comments for namespace_open() and namespace_enter() Also use -EBADF when unspecified. --- src/basic/namespace-util.c | 7 +++++- src/basic/terminal-util.c | 4 ++-- src/libsystemd/sd-bus/bus-container.c | 2 +- src/machine/machine-dbus.c | 21 ++++++++++++++--- src/nspawn/nspawn-mount.c | 19 ++++++++++++--- src/nspawn/nspawn.c | 33 +++++++++++++++++++++++---- src/shared/logs-show.c | 2 +- src/shared/machine-id-setup.c | 13 +++++++++-- src/shared/mount-util.c | 2 +- src/shared/socket-netlink.c | 8 +++---- 10 files changed, 88 insertions(+), 23 deletions(-) diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c index 501d2fcaf3c..0e81b1de6f1 100644 --- a/src/basic/namespace-util.c +++ b/src/basic/namespace-util.c @@ -243,7 +243,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) { if (r < 0) return log_error_errno(r, "Failed to write GID map: %m"); - r = namespace_open(pid, NULL, NULL, NULL, &userns_fd, NULL); + r = namespace_open(pid, + /* ret_pidns_fd = */ NULL, + /* ret_mntns_fd = */ NULL, + /* ret_netns_fd = */ NULL, + &userns_fd, + /* ret_root_fd = */ NULL); if (r < 0) return log_error_errno(r, "Failed to open userns fd: %m"); diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c index 488541ed23b..4c1824bc83f 100644 --- a/src/basic/terminal-util.c +++ b/src/basic/terminal-util.c @@ -1211,7 +1211,7 @@ int openpt_allocate_in_namespace(pid_t pid, int flags, char **ret_slave) { assert(pid > 0); - r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd); + r = namespace_open(pid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, &usernsfd, &rootfd); if (r < 0) return r; @@ -1262,7 +1262,7 @@ int open_terminal_in_namespace(pid_t pid, const char *name, int mode) { pid_t child; int r; - r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd); + r = namespace_open(pid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, &usernsfd, &rootfd); if (r < 0) return r; diff --git a/src/libsystemd/sd-bus/bus-container.c b/src/libsystemd/sd-bus/bus-container.c index 4146a6efd32..2eca82b0338 100644 --- a/src/libsystemd/sd-bus/bus-container.c +++ b/src/libsystemd/sd-bus/bus-container.c @@ -34,7 +34,7 @@ int bus_container_connect_socket(sd_bus *b) { log_debug("sd-bus: connecting bus%s%s to namespace of PID "PID_FMT"...", b->description ? " " : "", strempty(b->description), b->nspid); - r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd); + r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, &usernsfd, &rootfd); if (r < 0) return log_debug_errno(r, "Failed to open namespace of PID "PID_FMT": %m", b->nspid); diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 6c2c2232fe3..a7a53eacaf8 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -232,7 +232,12 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd if (streq(us, them)) return sd_bus_error_setf(error, BUS_ERROR_NO_PRIVATE_NETWORKING, "Machine %s does not use private networking", m->name); - r = namespace_open(m->leader.pid, NULL, NULL, &netns_fd, NULL, NULL); + r = namespace_open(m->leader.pid, + /* ret_pidns_fd = */ NULL, + /* ret_mntns_fd = */ NULL, + &netns_fd, + /* ret_userns_fd = */ NULL, + /* ret_root_fd = */ NULL); if (r < 0) return r; @@ -366,7 +371,12 @@ int bus_machine_method_get_os_release(sd_bus_message *message, void *userdata, s _cleanup_fclose_ FILE *f = NULL; pid_t child; - r = namespace_open(m->leader.pid, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd); + r = namespace_open(m->leader.pid, + &pidns_fd, + &mntns_fd, + /* ret_netns_fd = */ NULL, + /* ret_userns_fd = */ NULL, + &root_fd); if (r < 0) return r; @@ -1069,7 +1079,12 @@ int bus_machine_method_open_root_directory(sd_bus_message *message, void *userda _cleanup_close_pair_ int pair[2] = EBADF_PAIR; pid_t child; - r = namespace_open(m->leader.pid, NULL, &mntns_fd, NULL, NULL, &root_fd); + r = namespace_open(m->leader.pid, + /* ret_pidns_fd = */ NULL, + &mntns_fd, + /* ret_netns_fd = */ NULL, + /* ret_userns_fd = */ NULL, + &root_fd); if (r < 0) return r; diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index 470f477f22c..24771076b44 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -1388,17 +1388,30 @@ int wipe_fully_visible_fs(int mntns_fd) { _cleanup_close_ int orig_mntns_fd = -EBADF; int r, rr; - r = namespace_open(0, NULL, &orig_mntns_fd, NULL, NULL, NULL); + r = namespace_open(0, + /* ret_pidns_fd = */ NULL, + &orig_mntns_fd, + /* ret_netns_fd = */ NULL, + /* ret_userns_fd = */ NULL, + /* ret_root_fd = */ NULL); if (r < 0) return log_error_errno(r, "Failed to pin originating mount namespace: %m"); - r = namespace_enter(-EBADF, mntns_fd, -EBADF, -EBADF, -EBADF); + r = namespace_enter(/* pidns_fd = */ -EBADF, + mntns_fd, + /* netns_fd = */ -EBADF, + /* userns_fd = */ -EBADF, + /* root_fd = */ -EBADF); if (r < 0) return log_error_errno(r, "Failed to enter mount namespace: %m"); rr = do_wipe_fully_visible_fs(); - r = namespace_enter(-EBADF, orig_mntns_fd, -EBADF, -EBADF, -EBADF); + r = namespace_enter(/* pidns_fd = */ -EBADF, + orig_mntns_fd, + /* netns_fd = */ -EBADF, + /* userns_fd = */ -EBADF, + /* root_fd = */ -EBADF); if (r < 0) return log_error_errno(r, "Failed to enter original mount namespace: %m"); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 7ec9889870c..5dd3ff5549e 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3781,7 +3781,12 @@ static int outer_child( return r; if (arg_userns_mode != USER_NAMESPACE_NO) { - r = namespace_open(0, NULL, &mntns_fd, NULL, NULL, NULL); + r = namespace_open(0, + /* ret_pidns_fd = */ NULL, + &mntns_fd, + /* ret_netns_fd = */ NULL, + /* ret_userns_fd = */ NULL, + /* ret_root_fd = */ NULL); if (r < 0) return log_error_errno(r, "Failed to pin outer mount namespace: %m"); @@ -4130,7 +4135,11 @@ static int outer_child( * user if user namespaces are turned on. */ if (arg_network_namespace_path) { - r = namespace_enter(-1, -1, netns_fd, -1, -1); + r = namespace_enter(/* pidns_fd = */ -EBADF, + /* mntns_fd = */ -EBADF, + netns_fd, + /* userns_fd = */ -EBADF, + /* root_fd = */ -EBADF); if (r < 0) return log_error_errno(r, "Failed to join network namespace: %m"); } @@ -5078,7 +5087,12 @@ static int run_container( if (child_netns_fd < 0) { /* Make sure we have an open file descriptor to the child's network * namespace so it stays alive even if the child exits. */ - r = namespace_open(*pid, NULL, NULL, &child_netns_fd, NULL, NULL); + r = namespace_open(*pid, + /* ret_pidns_fd = */ NULL, + /* ret_mntns_fd = */ NULL, + &child_netns_fd, + /* ret_userns_fd = */ NULL, + /* ret_root_fd = */ NULL); if (r < 0) return log_error_errno(r, "Failed to open child network namespace: %m"); } @@ -5372,13 +5386,22 @@ static int run_container( if (r == 0) { _cleanup_close_ int parent_netns_fd = -EBADF; - r = namespace_open(getpid_cached(), NULL, NULL, &parent_netns_fd, NULL, NULL); + r = namespace_open(0, + /* ret_pidns_fd = */ NULL, + /* ret_mntns_fd = */ NULL, + &parent_netns_fd, + /* ret_userns_fd = */ NULL, + /* ret_root_fd = */ NULL); if (r < 0) { log_error_errno(r, "Failed to open parent network namespace: %m"); _exit(EXIT_FAILURE); } - r = namespace_enter(-1, -1, child_netns_fd, -1, -1); + r = namespace_enter(/* pidns_fd = */ -EBADF, + /* mntns_fd = */ -EBADF, + child_netns_fd, + /* userns_fd = */ -EBADF, + /* root_fd = */ -EBADF); if (r < 0) { log_error_errno(r, "Failed to enter child network namespace: %m"); _exit(EXIT_FAILURE); diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index 858b707f6c8..1f0279cde37 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -1688,7 +1688,7 @@ static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) { if (r < 0) return r; - r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, NULL, &rootfd); + r = namespace_open(pid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, /* ret_userns_fd = */ NULL, &rootfd); if (r < 0) return r; diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c index d6aa667adac..833c98b88ef 100644 --- a/src/shared/machine-id-setup.c +++ b/src/shared/machine-id-setup.c @@ -265,7 +265,12 @@ int machine_id_commit(const char *root) { fd = safe_close(fd); /* Store current mount namespace */ - r = namespace_open(0, NULL, &initial_mntns_fd, NULL, NULL, NULL); + r = namespace_open(0, + /* ret_pidns_fd = */ NULL, + &initial_mntns_fd, + /* ret_netns_fd = */ NULL, + /* ret_userns_fd = */ NULL, + /* ret_root_fd = */ NULL); if (r < 0) return log_error_errno(r, "Can't fetch current mount namespace: %m"); @@ -284,7 +289,11 @@ int machine_id_commit(const char *root) { return log_error_errno(r, "Cannot write %s. This is mandatory to get a persistent machine ID: %m", etc_machine_id); /* Return to initial namespace and proceed a lazy tmpfs unmount */ - r = namespace_enter(-1, initial_mntns_fd, -1, -1, -1); + r = namespace_enter(/* pidns_fd = */ -EBADF, + initial_mntns_fd, + /* netns_fd = */ -EBADF, + /* userns_fd = */ -EBADF, + /* root_fd = */ -EBADF); if (r < 0) return log_warning_errno(r, "Failed to switch back to initial mount namespace: %m.\nWe'll keep transient %s file until next reboot.", etc_machine_id); diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index 3305b6360e7..bf351820a74 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -1100,7 +1100,7 @@ static int mount_in_namespace( if (!pidref_is_set(target)) return -ESRCH; - r = namespace_open(target->pid, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd); + r = namespace_open(target->pid, &pidns_fd, &mntns_fd, /* ret_netns_fd = */ NULL, /* ret_userns_fd = */ NULL, &root_fd); if (r < 0) return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m"); diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c index 94b699a5ee6..6865b045b5e 100644 --- a/src/shared/socket-netlink.c +++ b/src/shared/socket-netlink.c @@ -420,11 +420,11 @@ int netns_get_nsid(int netnsfd, uint32_t *ret) { if (netnsfd < 0) { r = namespace_open( 0, - /* pidns_fd= */ NULL, - /* mntns_fd= */ NULL, + /* ret_pidns_fd = */ NULL, + /* ret_mntns_fd = */ NULL, &_netns_fd, - /* userns_fd= */ NULL, - /* root_fd= */ NULL); + /* ret_userns_fd = */ NULL, + /* ret_root_fd = */ NULL); if (r < 0) return r; -- 2.47.3