system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-15 04:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

tree-wide: add short comments for namespace_open() and namespace_enter()

Browse source 
Also use -EBADF when unspecified.
This commit is contained in:
Yu Watanabe 2024-01-19 10:46:20 +09:00
parent 5178d4a77e
commit d2881ef96e
10 changed files with 88 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/basic/namespace-util.c
View file

@ -243,7 +243,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) {
if (r < 0)
return log_error_errno(r, "Failed to write GID map: %m");
r = namespace_open(pid, NULL, NULL, NULL, &userns_fd, NULL);
r = namespace_open(pid,
/* ret_pidns_fd = */ NULL,
/* ret_mntns_fd = */ NULL,
/* ret_netns_fd = */ NULL,
&userns_fd,
/* ret_root_fd = */ NULL);
if (r < 0)
return log_error_errno(r, "Failed to open userns fd: %m");

4
src/basic/terminal-util.c
View file

@ -1211,7 +1211,7 @@ int openpt_allocate_in_namespace(pid_t pid, int flags, char **ret_slave) {
assert(pid > 0);
r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
r = namespace_open(pid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, &usernsfd, &rootfd);
if (r < 0)
return r;
@ -1262,7 +1262,7 @@ int open_terminal_in_namespace(pid_t pid, const char *name, int mode) {
pid_t child;
int r;
r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
r = namespace_open(pid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, &usernsfd, &rootfd);
if (r < 0)
return r;

2
src/libsystemd/sd-bus/bus-container.c
View file

@ -34,7 +34,7 @@ int bus_container_connect_socket(sd_bus *b) {
log_debug("sd-bus: connecting bus%s%s to namespace of PID "PID_FMT"...",
b->description ? " " : "", strempty(b->description), b->nspid);
r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, &usernsfd, &rootfd);
if (r < 0)
return log_debug_errno(r, "Failed to open namespace of PID "PID_FMT": %m", b->nspid);

21
src/machine/machine-dbus.c
View file

@ -232,7 +232,12 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd
if (streq(us, them))
return sd_bus_error_setf(error, BUS_ERROR_NO_PRIVATE_NETWORKING, "Machine %s does not use private networking", m->name);
r = namespace_open(m->leader.pid, NULL, NULL, &netns_fd, NULL, NULL);
r = namespace_open(m->leader.pid,
/* ret_pidns_fd = */ NULL,
/* ret_mntns_fd = */ NULL,
&netns_fd,
/* ret_userns_fd = */ NULL,
/* ret_root_fd = */ NULL);
if (r < 0)
return r;
@ -366,7 +371,12 @@ int bus_machine_method_get_os_release(sd_bus_message *message, void *userdata, s
_cleanup_fclose_ FILE *f = NULL;
pid_t child;
r = namespace_open(m->leader.pid, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd);
r = namespace_open(m->leader.pid,
&pidns_fd,
&mntns_fd,
/* ret_netns_fd = */ NULL,
/* ret_userns_fd = */ NULL,
&root_fd);
if (r < 0)
return r;
@ -1069,7 +1079,12 @@ int bus_machine_method_open_root_directory(sd_bus_message *message, void *userda
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
pid_t child;
r = namespace_open(m->leader.pid, NULL, &mntns_fd, NULL, NULL, &root_fd);
r = namespace_open(m->leader.pid,
/* ret_pidns_fd = */ NULL,
&mntns_fd,
/* ret_netns_fd = */ NULL,
/* ret_userns_fd = */ NULL,
&root_fd);
if (r < 0)
return r;

19
src/nspawn/nspawn-mount.c
View file

@ -1388,17 +1388,30 @@ int wipe_fully_visible_fs(int mntns_fd) {
_cleanup_close_ int orig_mntns_fd = -EBADF;
int r, rr;
r = namespace_open(0, NULL, &orig_mntns_fd, NULL, NULL, NULL);
r = namespace_open(0,
/* ret_pidns_fd = */ NULL,
&orig_mntns_fd,
/* ret_netns_fd = */ NULL,
/* ret_userns_fd = */ NULL,
/* ret_root_fd = */ NULL);
if (r < 0)
return log_error_errno(r, "Failed to pin originating mount namespace: %m");
r = namespace_enter(-EBADF, mntns_fd, -EBADF, -EBADF, -EBADF);
r = namespace_enter(/* pidns_fd = */ -EBADF,
mntns_fd,
/* netns_fd = */ -EBADF,
/* userns_fd = */ -EBADF,
/* root_fd = */ -EBADF);
if (r < 0)
return log_error_errno(r, "Failed to enter mount namespace: %m");
rr = do_wipe_fully_visible_fs();
r = namespace_enter(-EBADF, orig_mntns_fd, -EBADF, -EBADF, -EBADF);
r = namespace_enter(/* pidns_fd = */ -EBADF,
orig_mntns_fd,
/* netns_fd = */ -EBADF,
/* userns_fd = */ -EBADF,
/* root_fd = */ -EBADF);
if (r < 0)
return log_error_errno(r, "Failed to enter original mount namespace: %m");

33
src/nspawn/nspawn.c
View file

@ -3781,7 +3781,12 @@ static int outer_child(
return r;
if (arg_userns_mode != USER_NAMESPACE_NO) {
r = namespace_open(0, NULL, &mntns_fd, NULL, NULL, NULL);
r = namespace_open(0,
/* ret_pidns_fd = */ NULL,
&mntns_fd,
/* ret_netns_fd = */ NULL,
/* ret_userns_fd = */ NULL,
/* ret_root_fd = */ NULL);
if (r < 0)
return log_error_errno(r, "Failed to pin outer mount namespace: %m");
@ -4130,7 +4135,11 @@ static int outer_child(
* user if user namespaces are turned on. */
if (arg_network_namespace_path) {
r = namespace_enter(-1, -1, netns_fd, -1, -1);
r = namespace_enter(/* pidns_fd = */ -EBADF,
/* mntns_fd = */ -EBADF,
netns_fd,
/* userns_fd = */ -EBADF,
/* root_fd = */ -EBADF);
if (r < 0)
return log_error_errno(r, "Failed to join network namespace: %m");
}
@ -5078,7 +5087,12 @@ static int run_container(
if (child_netns_fd < 0) {
/* Make sure we have an open file descriptor to the child's network
* namespace so it stays alive even if the child exits. */
r = namespace_open(*pid, NULL, NULL, &child_netns_fd, NULL, NULL);
r = namespace_open(*pid,
/* ret_pidns_fd = */ NULL,
/* ret_mntns_fd = */ NULL,
&child_netns_fd,
/* ret_userns_fd = */ NULL,
/* ret_root_fd = */ NULL);
if (r < 0)
return log_error_errno(r, "Failed to open child network namespace: %m");
}
@ -5372,13 +5386,22 @@ static int run_container(
if (r == 0) {
_cleanup_close_ int parent_netns_fd = -EBADF;
r = namespace_open(getpid_cached(), NULL, NULL, &parent_netns_fd, NULL, NULL);
r = namespace_open(0,
/* ret_pidns_fd = */ NULL,
/* ret_mntns_fd = */ NULL,
&parent_netns_fd,
/* ret_userns_fd = */ NULL,
/* ret_root_fd = */ NULL);
if (r < 0) {
log_error_errno(r, "Failed to open parent network namespace: %m");
_exit(EXIT_FAILURE);
}
r = namespace_enter(-1, -1, child_netns_fd, -1, -1);
r = namespace_enter(/* pidns_fd = */ -EBADF,
/* mntns_fd = */ -EBADF,
child_netns_fd,
/* userns_fd = */ -EBADF,
/* root_fd = */ -EBADF);
if (r < 0) {
log_error_errno(r, "Failed to enter child network namespace: %m");
_exit(EXIT_FAILURE);

2
src/shared/logs-show.c
View file

@ -1688,7 +1688,7 @@ static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) {
if (r < 0)
return r;
r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, NULL, &rootfd);
r = namespace_open(pid, &pidnsfd, &mntnsfd, /* ret_netns_fd = */ NULL, /* ret_userns_fd = */ NULL, &rootfd);
if (r < 0)
return r;

13
src/shared/machine-id-setup.c
View file

@ -265,7 +265,12 @@ int machine_id_commit(const char *root) {
fd = safe_close(fd);
/* Store current mount namespace */
r = namespace_open(0, NULL, &initial_mntns_fd, NULL, NULL, NULL);
r = namespace_open(0,
/* ret_pidns_fd = */ NULL,
&initial_mntns_fd,
/* ret_netns_fd = */ NULL,
/* ret_userns_fd = */ NULL,
/* ret_root_fd = */ NULL);
if (r < 0)
return log_error_errno(r, "Can't fetch current mount namespace: %m");
@ -284,7 +289,11 @@ int machine_id_commit(const char *root) {
return log_error_errno(r, "Cannot write %s. This is mandatory to get a persistent machine ID: %m", etc_machine_id);
/* Return to initial namespace and proceed a lazy tmpfs unmount */
r = namespace_enter(-1, initial_mntns_fd, -1, -1, -1);
r = namespace_enter(/* pidns_fd = */ -EBADF,
initial_mntns_fd,
/* netns_fd = */ -EBADF,
/* userns_fd = */ -EBADF,
/* root_fd = */ -EBADF);
if (r < 0)
return log_warning_errno(r, "Failed to switch back to initial mount namespace: %m.\nWe'll keep transient %s file until next reboot.", etc_machine_id);

2
src/shared/mount-util.c
View file

@ -1100,7 +1100,7 @@ static int mount_in_namespace(
if (!pidref_is_set(target))
return -ESRCH;
r = namespace_open(target->pid, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd);
r = namespace_open(target->pid, &pidns_fd, &mntns_fd, /* ret_netns_fd = */ NULL, /* ret_userns_fd = */ NULL, &root_fd);
if (r < 0)
return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m");

8
src/shared/socket-netlink.c
View file

@ -420,11 +420,11 @@ int netns_get_nsid(int netnsfd, uint32_t *ret) {
if (netnsfd < 0) {
r = namespace_open(
0,
/* pidns_fd= */ NULL,
/* mntns_fd= */ NULL,
/* ret_pidns_fd = */ NULL,
/* ret_mntns_fd = */ NULL,
&_netns_fd,
/* userns_fd= */ NULL,
/* root_fd= */ NULL);
/* ret_userns_fd = */ NULL,
/* ret_root_fd = */ NULL);
if (r < 0)
return r;