[lxc-devel] [lxd/master] netnsid_getifaddrs: fix check for netnsid support

Wed Sep 19 07:43:06 UTC 2018

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 590 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180919/48ca1a82/attachment.bin>
-------------- next part --------------
From 09a953359008706cd454e89db9b1c8c6f5052537 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 19 Sep 2018 09:40:59 +0200
Subject: [PATCH] netnsid_getifaddrs: fix check for netnsid support

The loopback device needs to be up for netnsid_getifaddrs() to actually
work. Let's avoid this churn and be smarter and assign a netnsid to the
host as seen from another network namespace.
Also, log an error on failure.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/main_checkfeature.go | 42 ++++++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go
index 04773354db..86dd59c1ff 100644
--- a/lxd/main_checkfeature.go
+++ b/lxd/main_checkfeature.go
@@ -1,5 +1,9 @@
 package main
 
+import (
+	"github.com/lxc/lxd/shared/logger"
+)
+
 /*
 #define _GNU_SOURCE
 #include <errno.h>
@@ -18,6 +22,7 @@ package main
 #include "../shared/netns_getifaddrs.c"
 
 bool netnsid_aware = false;
+char errbuf[4096];
 
 static int netns_set_nsid(int fd)
 {
@@ -66,44 +71,44 @@ void checkfeature() {
 
 	hostnetns_fd = open("/proc/self/ns/net", O_RDONLY | O_CLOEXEC);
 	if (hostnetns_fd < 0) {
-		fprintf(stderr, "Failed to preserve host network namespace\n");
+		(void)sprintf(errbuf, "%s", "Failed to preserve host network namespace\n");
 		goto on_error;
 	}
 
 	ret = unshare(CLONE_NEWNET);
 	if (ret < 0) {
-		fprintf(stderr, "Failed to unshare network namespace\n");
+		(void)sprintf(errbuf, "%s", "Failed to unshare network namespace\n");
 		goto on_error;
 	}
 
 	newnetns_fd = open("/proc/self/ns/net", O_RDONLY | O_CLOEXEC);
 	if (newnetns_fd < 0) {
-		fprintf(stderr, "Failed to preserve new network namespace\n");
-		goto on_error;
-	}
-
-	ret = setns(hostnetns_fd, CLONE_NEWNET);
-	if (ret < 0) {
-		fprintf(stderr, "Failed to attach to host network namespace\n");
+		(void)sprintf(errbuf, "%s", "Failed to preserve new network namespace\n");
 		goto on_error;
 	}
 
-	ret = netns_set_nsid(newnetns_fd);
+	ret = netns_set_nsid(hostnetns_fd);
 	if (ret < 0) {
-		fprintf(stderr, "failed to set network namespace identifier\n");
+		(void)sprintf(errbuf, "%s", "failed to set network namespace identifier\n");
 		goto on_error;
 	}
 
-	netnsid = netns_get_nsid(newnetns_fd);
+	netnsid = netns_get_nsid(hostnetns_fd);
 	if (netnsid < 0) {
-		fprintf(stderr, "Failed to get network namespace identifier\n");
+		(void)sprintf(errbuf, "%s", "Failed to get network namespace identifier\n");
 		goto on_error;
 	}
 
 	ret = netns_getifaddrs(&ifaddrs, netnsid, &netnsid_aware);
 	netns_freeifaddrs(ifaddrs);
+	if (ret < 0) {
+		(void)sprintf(errbuf, "%s", "Netlink is not fully network namespace id aware\n");
+		goto on_error;
+	}
+
+	ret = setns(hostnetns_fd, CLONE_NEWNET);
 	if (ret < 0)
-		fprintf(stderr, "Netlink is not fully network namespace id aware\n");
+		(void)sprintf(errbuf, "%s", "Failed to attach to host network namespace\n");
 
 on_error:
 	if (hostnetns_fd >= 0)
@@ -112,9 +117,18 @@ on_error:
 	if (newnetns_fd >= 0)
 		close(newnetns_fd);
 }
+
+static bool is_empty_string(char *s)
+{
+	return (errbuf[0] == '\0');
+}
 */
 import "C"
 
 func CanUseNetnsGetifaddrs() bool {
+	if bool(C.is_empty_string(&C.errbuf[0])) {
+		logger.Errorf("%s", C.GoString(&C.errbuf[0]))
+	}
+
 	return bool(C.netnsid_aware)
 }
