[v1,06/55] net: Do not change net_ns of root_item in create_net_ns()

Submitted by Kirill Tkhai on March 24, 2017, 2:56 p.m.

Details

Message ID 149036737489.21903.9996223753231079307.stgit@localhost.localdomain
State New
Series "Nested pid namespaces support"
Headers show

Commit Message

Kirill Tkhai March 24, 2017, 2:56 p.m.
Currently, we do unshare(CLONE_NEWNET), but do not restore
old net ns. So, net_ns of criu task and root_item becomes
different. Unpredictible net_ns of root_item is not good,
so this patch fixes the problem.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 criu/net.c |   37 +++++++++++++++++--------------------
 1 file changed, 17 insertions(+), 20 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index a5d3df6b..977a9091 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1721,20 +1721,22 @@  static int create_net_ns(void *arg)
 	int ufd, ret;
 
 	uns = ns->user_ns;
-	ufd = fdstore_get(uns->user.nsfd_id);
-	if (ufd < 0) {
-		pr_err("Can't get user ns\n");
-		exit(1);
-	}
-	if (setns(ufd, CLONE_NEWUSER) < 0) {
-		pr_perror("Can't set user ns");
-		exit(2);
-	}
-	if (prepare_userns_creds() < 0) {
-		pr_err("Can't prepare creds\n");
-		exit(3);
+	if (uns && uns != root_user_ns) {
+		ufd = fdstore_get(uns->user.nsfd_id);
+		if (ufd < 0) {
+			pr_err("Can't get user ns\n");
+			exit(1);
+		}
+		if (setns(ufd, CLONE_NEWUSER) < 0) {
+			pr_perror("Can't set user ns");
+			exit(2);
+		}
+		close(ufd);
+		if (prepare_userns_creds() < 0) {
+			pr_err("Can't prepare creds\n");
+			exit(3);
+		}
 	}
-	close(ufd);
 	ret = do_create_net_ns(ns) ? 3 : 0;
 	exit(ret);
 }
@@ -1751,13 +1753,8 @@  int prepare_net_namespaces()
 		if (nsid->nd != &net_ns_desc)
 			continue;
 
-		if (root_user_ns && nsid->user_ns != root_user_ns) {
-			if (call_in_child_process(create_net_ns, nsid) < 0)
-				goto err;
-		} else {
-			if (do_create_net_ns(nsid))
-				goto err;
-		}
+		if (call_in_child_process(create_net_ns, nsid) < 0)
+			goto err;
 	}
 
 	close_service_fd(NS_FD_OFF);