[lxc-devel] [PATCH 6/9] utils: move useful helper functions from lxccontainer to utils.

Serge Hallyn serge.hallyn at ubuntu.com
Tue Oct 14 12:24:14 UTC 2014 

Quoting Dongsheng Yang (yangds.fnst at cn.fujitsu.com):
> Function of enter_to_ns() is useful but currently is static for
> lxccontainer.c.
> 
> This patch split it into two parts named as switch_to_newuser()
> and switch_to_newnet() into utils.c.
> 
> Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

(This patch accidentally includes the prototypes for the new fns defined in
patch 7, but no big deal)

I think 'enter_to_ns' should be renamed 'enter_net_ns'.  Would you mind
sending a follow-on patch to do that?  It's obviously nothing your patch
was responsible for, it was misnamed from the start.

> ---
>  src/lxc/lxccontainer.c | 53 ++++++--------------------------------------------
>  src/lxc/lxccontainer.h | 19 ++++++++++++++++++
>  src/lxc/utils.c        | 26 +++++++++++++++++++++++++
>  src/lxc/utils.h        |  1 +
>  4 files changed, 52 insertions(+), 47 deletions(-)
> 
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 4c3d4d5..47f60d9 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -1476,56 +1476,15 @@ static bool lxcapi_clear_config_item(struct lxc_container *c, const char *key)
>  	return ret == 0;
>  }
>  
> -static inline bool enter_to_ns(struct lxc_container *c) {
> -	int netns, userns, ret = 0, init_pid = 0;;
> -	char new_netns_path[MAXPATHLEN];
> -	char new_userns_path[MAXPATHLEN];
> -
> -	if (!c->is_running(c))
> -		goto out;
> -
> -	init_pid = c->init_pid(c);
> +static inline bool enter_to_ns(struct lxc_container *c)
> +{
> +	pid_t pid = c->init_pid(c);
>  
> -	/* Switch to new userns */
>  	if ((geteuid() != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) && access("/proc/self/ns/user", F_OK) == 0) {
> -		ret = snprintf(new_userns_path, MAXPATHLEN, "/proc/%d/ns/user", init_pid);
> -		if (ret < 0 || ret >= MAXPATHLEN)
> -			goto out;
> -
> -		userns = open(new_userns_path, O_RDONLY);
> -		if (userns < 0) {
> -			SYSERROR("failed to open %s", new_userns_path);
> -			goto out;
> -		}
> -
> -		if (setns(userns, CLONE_NEWUSER)) {
> -			SYSERROR("failed to setns for CLONE_NEWUSER");
> -			close(userns);
> -			goto out;
> -		}
> -		close(userns);
> -	}
> -
> -	/* Switch to new netns */
> -	ret = snprintf(new_netns_path, MAXPATHLEN, "/proc/%d/ns/net", init_pid);
> -	if (ret < 0 || ret >= MAXPATHLEN)
> -		goto out;
> -
> -	netns = open(new_netns_path, O_RDONLY);
> -	if (netns < 0) {
> -		SYSERROR("failed to open %s", new_netns_path);
> -		goto out;
> -	}
> -
> -	if (setns(netns, CLONE_NEWNET)) {
> -		SYSERROR("failed to setns for CLONE_NEWNET");
> -		close(netns);
> -		goto out;
> +		if (!switch_to_ns(pid, "user"))
> +			return false;
>  	}
> -	close(netns);
> -	return true;
> -out:
> -	return false;
> +	return switch_to_ns(pid, "net");
>  }
>  
>  // used by qsort and bsearch functions for comparing names
> diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
> index 6344f3d..f9feeba 100644
> --- a/src/lxc/lxccontainer.h
> +++ b/src/lxc/lxccontainer.h
> @@ -762,6 +762,25 @@ struct lxc_container {
>  	bool (*remove_device_node)(struct lxc_container *c, const char *src_path, const char *dest_path);
>  
>  	/*!
> +	 * \brief Add specified netdev to the container.
> +	 *
> +	 * \param c Container.
> +	 * \param dev name of net device.
> +	 *
> +	 * \return \c true on success, else \c false.
> +	 */
> +	bool (*attach_interface)(struct lxc_container *c, const char *dev, const char *dst_dev);
> +
> +	/*!
> +	 * \brief Remove specified netdev from the container.
> +	 *
> +	 * \param c Container.
> +	 * \param dev name of net device.
> +	 *
> +	 * \return \c true on success, else \c false.
> +	 */
> +	bool (*detach_interface)(struct lxc_container *c, const char *dev, const char *dst_dev);
> +	/*!
>  	 * \brief Checkpoint a container.
>  	 *
>  	 * \param c Container.
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index ed34706..fced210 100644
> --- a/src/lxc/utils.c
> +++ b/src/lxc/utils.c
> @@ -43,6 +43,7 @@
>  #include "utils.h"
>  #include "log.h"
>  #include "lxclock.h"
> +#include "namespace.h"
>  
>  lxc_log_define(lxc_utils, lxc);
>  
> @@ -1260,6 +1261,31 @@ int detect_shared_rootfs(void)
>  	return 0;
>  }
>  
> +bool switch_to_ns(pid_t pid, const char *ns) {
> +	int fd, ret;
> +	char nspath[MAXPATHLEN];
> +
> +	/* Switch to new ns */
> +	ret = snprintf(nspath, MAXPATHLEN, "/proc/%d/ns/%s", pid, ns);
> +	if (ret < 0 || ret >= MAXPATHLEN)
> +		return false;
> +
> +	fd = open(nspath, O_RDONLY);
> +	if (fd < 0) {
> +		SYSERROR("failed to open %s", nspath);
> +		return false;
> +	}
> +
> +	ret = setns(fd, 0);
> +	if (ret) {
> +		SYSERROR("failed to set process %d to %s of %d.", pid, ns, fd);
> +		close(fd);
> +		return false;
> +	}
> +	close(fd);
> +	return true;
> +}
> +
>  /*
>   * looking at fs/proc_namespace.c, it appears we can
>   * actually expect the rootfs entry to very specifically contain
> diff --git a/src/lxc/utils.h b/src/lxc/utils.h
> index cdfe56a..5ffafca 100644
> --- a/src/lxc/utils.h
> +++ b/src/lxc/utils.h
> @@ -283,3 +283,4 @@ char *on_path(char *cmd, const char *rootfs);
>  bool file_exists(const char *f);
>  char *choose_init(const char *rootfs);
>  int print_to_file(const char *file, const char *content);
> +bool switch_to_ns(pid_t pid, const char *ns);
> -- 
> 1.8.4.2
>

More information about the lxc-devel mailing list