[lxc-devel] [lxc/master] [wip] namespaces: allow a pathname to a nsfd for namespace to share

[hallyn on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 529 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190501/d0e49c32/attachment.bin>
-------------- next part --------------
From 5f0b256f547568f063873af84bdd9c18cacca8c4 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <shallyn at cisco.com>
Date: Wed, 1 May 2019 17:27:53 -0700
Subject: [PATCH] namespaces: allow a pathname to a nsfd for namespace to share

Signed-off-by: Serge Hallyn <shallyn at cisco.com>
---
 src/lxc/utils.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index ea081c566c..975e5791c3 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1367,20 +1367,26 @@ int lxc_preserve_ns(const int pid, const char *ns)
 /* 5 /proc + 21 /int_as_str + 3 /ns + 20 /NS_NAME + 1 \0 */
 #define __NS_PATH_LEN 50
 	char path[__NS_PATH_LEN];
+	const char *p;
 
 	/* This way we can use this function to also check whether namespaces
 	 * are supported by the kernel by passing in the NULL or the empty
 	 * string.
 	 */
-	ret = snprintf(path, __NS_PATH_LEN, "/proc/%d/ns%s%s", pid,
-		       !ns || strcmp(ns, "") == 0 ? "" : "/",
-		       !ns || strcmp(ns, "") == 0 ? "" : ns);
-	if (ret < 0 || (size_t)ret >= __NS_PATH_LEN) {
-		errno = EFBIG;
-		return -1;
+	if (ns[0] == '/') {
+		p = ns;
+	} else {
+		ret = snprintf(path, __NS_PATH_LEN, "/proc/%d/ns%s%s", pid,
+			       !ns || strcmp(ns, "") == 0 ? "" : "/",
+			       !ns || strcmp(ns, "") == 0 ? "" : ns);
+		if (ret < 0 || (size_t)ret >= __NS_PATH_LEN) {
+			errno = EFBIG;
+			return -1;
+		}
+		p = path;
 	}
 
-	return open(path, O_RDONLY | O_CLOEXEC);
+	return open(p, O_RDONLY | O_CLOEXEC);
 }
 
 bool lxc_switch_uid_gid(uid_t uid, gid_t gid)