[v2,51/57] pid: Set pid_ns before we create a child

Submitted by Kirill Tkhai on March 28, 2017, 3:41 p.m.

Details

Message ID 149071569926.12770.14825909611889488111.stgit@localhost.localdomain
State New
Series "Nested pid namespaces support"
Headers show

Commit Message

Kirill Tkhai March 28, 2017, 3:41 p.m.
Get pid_ns of the child and setns() it.
Of course, many optimizations are possible
here, but not for now.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 criu/cr-restore.c |   27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

Patch hide | download patch | download mbox

diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index f0f3bf5b..81b7229b 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -324,6 +324,30 @@  static void wait_pid_ns_helper_prepared(struct ns_id *pid_ns, struct pid *pid)
 	futex_wait_while_eq(&pid_ns->pid.helper_created, 0);
 }
 
+static int set_pid_ns_for_children(struct ns_id *pid_ns, struct pid *pid)
+{
+	int fd, ret = 0;
+
+	if (!(root_ns_mask & CLONE_NEWPID))
+		return 0;
+
+	if (last_level_pid(pid) == INIT_PID)
+		return 0;
+
+	fd = fdstore_get(pid_ns->pid.nsfd_id);
+	if (fd < 0) {
+		pr_err("Can't get pid_ns fd\n");
+		return -1;
+	}
+
+	if (setns(fd, CLONE_NEWPID) < 0) {
+		pr_perror("Can't set pid ns");
+		ret = -1;
+	}
+	close(fd);
+	return ret;
+}
+
 static rt_sigaction_t sigchld_act;
 /*
  * If parent's sigaction has blocked SIGKILL (which is non-sence),
@@ -1073,6 +1097,9 @@  static inline int fork_with_pid(struct pstree_item *item)
 
 	wait_pid_ns_helper_prepared(pid_ns, item->pid);
 
+	if (set_pid_ns_for_children(pid_ns, item->pid) < 0)
+		goto err_close;
+
 	if (flock(ca.fd, LOCK_EX)) {
 		pr_perror("%d: Can't lock %s", pid, LAST_PID_PATH);
 		goto err_close;