[libvirt] [PATCH 3/4] lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces

Daniel P. Berrange berrange at redhat.com
Fri Aug 28 10:58:21 UTC 2015 

On Fri, Aug 28, 2015 at 06:40:39AM -0400, John Ferlan wrote:
> 
> 
> On 08/26/2015 09:06 PM, Michal Privoznik wrote:
> > Now that virProcessSetNamespaces() does accept FD list in the
> > correct format, we can simply turn lxcAttachNS into calling
> > virProcessSetNamespaces().
> > 
> > Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> > ---
> >  src/lxc/lxc_container.c | 22 +++-------------------
> >  1 file changed, 3 insertions(+), 19 deletions(-)
> > 
> > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> > index feb8fad..eb7cad6 100644
> > --- a/src/lxc/lxc_container.c
> > +++ b/src/lxc/lxc_container.c
> > @@ -2184,25 +2184,9 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def ATTRIBUTE_UNUSED,
> >   */
> >  static int lxcAttachNS(int *ns_fd)
> >  {
> > -    size_t i;
> > -    if (ns_fd)
> > -        for (i = 0; i < VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) {
> > -            if (ns_fd[i] < 0)
> > -                continue;
> > -            VIR_DEBUG("Setting into namespace\n");
> > -            /* We get EINVAL if new NS is same as the current
> > -             * NS, or if the fd namespace doesn't match the
> > -             * type passed to setns()'s second param. Since we
> > -             * pass 0, we know the EINVAL is harmless
> > -             */
> > -            if (setns(ns_fd[i], 0) < 0 &&
> > -                errno != EINVAL) {
> > -                virReportSystemError(errno, _("failed to set namespace '%s'"),
> > -                                     virLXCDomainNamespaceTypeToString(i));
> > -                return -1;
> > -            }
> > -            VIR_FORCE_CLOSE(ns_fd[i]);
> > -        }
> > +    if (ns_fd &&
> > +        virProcessSetNamespaces(VIR_LXC_DOMAIN_NAMESPACE_LAST, ns_fd) < 0)
> 
> Coverity wasn't very happy with this one - I got:
> 
> (1) Event suspicious_sizeof: 	Passing argument "ns_fd" of type "int *"
> and argument "VIR_LXC_DOMAIN_NAMESPACE_LAST" to function
> "virProcessSetNamespaces" is suspicious because a multiple of "sizeof
> (int)" /*4*/ is expected.

IIUC, coverity is saying here that 'size_t nfdlist' is supposed to
be a multiple of sizeof(int), which is clearly wrong. it is the
number of int elements in the array, so sizeof() doesn't apply.

I don't see any code change required here at all, I think coverity
is simply wrong.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list