[libvirt] [PATCH 3/4] lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces

John Ferlan jferlan at redhat.com
Fri Aug 28 10:40:39 UTC 2015 


On 08/26/2015 09:06 PM, Michal Privoznik wrote:
> Now that virProcessSetNamespaces() does accept FD list in the
> correct format, we can simply turn lxcAttachNS into calling
> virProcessSetNamespaces().
> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/lxc/lxc_container.c | 22 +++-------------------
>  1 file changed, 3 insertions(+), 19 deletions(-)
> 
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index feb8fad..eb7cad6 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -2184,25 +2184,9 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def ATTRIBUTE_UNUSED,
>   */
>  static int lxcAttachNS(int *ns_fd)
>  {
> -    size_t i;
> -    if (ns_fd)
> -        for (i = 0; i < VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) {
> -            if (ns_fd[i] < 0)
> -                continue;
> -            VIR_DEBUG("Setting into namespace\n");
> -            /* We get EINVAL if new NS is same as the current
> -             * NS, or if the fd namespace doesn't match the
> -             * type passed to setns()'s second param. Since we
> -             * pass 0, we know the EINVAL is harmless
> -             */
> -            if (setns(ns_fd[i], 0) < 0 &&
> -                errno != EINVAL) {
> -                virReportSystemError(errno, _("failed to set namespace '%s'"),
> -                                     virLXCDomainNamespaceTypeToString(i));
> -                return -1;
> -            }
> -            VIR_FORCE_CLOSE(ns_fd[i]);
> -        }
> +    if (ns_fd &&
> +        virProcessSetNamespaces(VIR_LXC_DOMAIN_NAMESPACE_LAST, ns_fd) < 0)

Coverity wasn't very happy with this one - I got:

(1) Event suspicious_sizeof: 	Passing argument "ns_fd" of type "int *"
and argument "VIR_LXC_DOMAIN_NAMESPACE_LAST" to function
"virProcessSetNamespaces" is suspicious because a multiple of "sizeof
(int)" /*4*/ is expected.

Changing 'arg1' to virProcessSetNamespaces from size_t to unsigned int
cleared the error - whether that's "right" or not, I'm not sure.  I do
note the only other caller virDomainLxcEnterNamespace passes an
'unsigned int' which is why I tried that first.

John
> +        return -1;
>      return 0;
>  }
>  
>

More information about the libvir-list mailing list