[libvirt] [PATCH 3/4] lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces
Daniel P. Berrange
berrange at redhat.com
Fri Aug 28 10:58:21 UTC 2015
On Fri, Aug 28, 2015 at 06:40:39AM -0400, John Ferlan wrote:
>
>
> On 08/26/2015 09:06 PM, Michal Privoznik wrote:
> > Now that virProcessSetNamespaces() does accept FD list in the
> > correct format, we can simply turn lxcAttachNS into calling
> > virProcessSetNamespaces().
> >
> > Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> > ---
> > src/lxc/lxc_container.c | 22 +++-------------------
> > 1 file changed, 3 insertions(+), 19 deletions(-)
> >
> > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> > index feb8fad..eb7cad6 100644
> > --- a/src/lxc/lxc_container.c
> > +++ b/src/lxc/lxc_container.c
> > @@ -2184,25 +2184,9 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def ATTRIBUTE_UNUSED,
> > */
> > static int lxcAttachNS(int *ns_fd)
> > {
> > - size_t i;
> > - if (ns_fd)
> > - for (i = 0; i < VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) {
> > - if (ns_fd[i] < 0)
> > - continue;
> > - VIR_DEBUG("Setting into namespace\n");
> > - /* We get EINVAL if new NS is same as the current
> > - * NS, or if the fd namespace doesn't match the
> > - * type passed to setns()'s second param. Since we
> > - * pass 0, we know the EINVAL is harmless
> > - */
> > - if (setns(ns_fd[i], 0) < 0 &&
> > - errno != EINVAL) {
> > - virReportSystemError(errno, _("failed to set namespace '%s'"),
> > - virLXCDomainNamespaceTypeToString(i));
> > - return -1;
> > - }
> > - VIR_FORCE_CLOSE(ns_fd[i]);
> > - }
> > + if (ns_fd &&
> > + virProcessSetNamespaces(VIR_LXC_DOMAIN_NAMESPACE_LAST, ns_fd) < 0)
>
> Coverity wasn't very happy with this one - I got:
>
> (1) Event suspicious_sizeof: Passing argument "ns_fd" of type "int *"
> and argument "VIR_LXC_DOMAIN_NAMESPACE_LAST" to function
> "virProcessSetNamespaces" is suspicious because a multiple of "sizeof
> (int)" /*4*/ is expected.
IIUC, coverity is saying here that 'size_t nfdlist' is supposed to
be a multiple of sizeof(int), which is clearly wrong. it is the
number of int elements in the array, so sizeof() doesn't apply.
I don't see any code change required here at all, I think coverity
is simply wrong.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list