dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

nspawn: use in_same_namespace() helper

Browse Source
This commit is contained in:
Christian Brauner
2022-09-30 15:05:02 +02:00
committed by Christian Brauner (Microsoft)
parent 2fe299a320
commit f7a2dc3dd5
1 changed files with 3 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/nspawn/nspawn.c
View File

@@ -5387,8 +5387,6 @@ static int initialize_rlimits(void) {
}
static int cant_be_in_netns(void) {
char udev_path[STRLEN("/proc//ns/net") + DECIMAL_STR_MAX(pid_t)];
_cleanup_free_ char *udev_ns = NULL, *our_ns = NULL;
_cleanup_close_ int fd = -1;
struct ucred ucred;
int r;
@@ -5417,16 +5415,10 @@ static int cant_be_in_netns(void) {
if (r < 0)
return log_error_errno(r, "Failed to determine peer of udev control socket: %m");
xsprintf(udev_path, "/proc/" PID_FMT "/ns/net", ucred.pid);
r = readlink_malloc(udev_path, &udev_ns);
r = in_same_namespace(ucred.pid, 0, NAMESPACE_NET);
if (r < 0)
return log_error_errno(r, "Failed to read network namespace of udev: %m");
r = readlink_malloc("/proc/self/ns/net", &our_ns);
if (r < 0)
return log_error_errno(r, "Failed to read our own network namespace: %m");
if (!streq(our_ns, udev_ns))
return log_error_errno(r, "Failed to determine network namespace of udev: %m");
if (r == 0)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Sorry, but --image= is only supported in the main network namespace, since we need access to udev/AF_NETLINK.");
return 0;