[v2,25/30] net_ns: Make net_ns check in do_restore_task_net_ns more universal

Submitted by Kirill Tkhai on June 7, 2017, 11:30 a.m.


Message ID 149683504015.4663.7864620446736786406.stgit@localhost.localdomain
State Accepted
Series "Support sockets leaked to child user_ns task"
Headers show

Commit Message

Kirill Tkhai June 7, 2017, 11:30 a.m.
setns() on the same net_ns is OK (just a noop),
while the task has permissions to do that.
But if the namespace is inherited from parent task,
we can't do that.

So, speedup existing cases, and support "inherited ns"

v2: New

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
 criu/net.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index 410a3d2a7..2e7599b7c 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -2175,7 +2175,7 @@  static int do_restore_task_net_ns(struct ns_id *nsid, struct pstree_item *curren
 	int fd;
-	if (!(root_ns_mask & CLONE_NEWNET))
+	if (current->net_ns == nsid)
 		return 0;
 	fd = fdstore_get(nsid->net.nsfd_id);