util: Make ns_enter() a void function and report setns() errors

ns_enter() returns an integer... but it's always zero.  If we actually fail
the function doesn't return.  Therefore it makes more sense for this to be
a function returning void, and we can remove the cases where we pointlessly
checked its return value.

In addition ns_enter() is usually called from an ephemeral thread created
by NS_CALL().  That means that the exit(EXIT_FAILURE) there usually won't
be reported (since NS_CALL() doesn't wait() for the thread).  So, use die()
instead to print out some information in the unlikely event that our
setns() here does fail.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson 2023-08-02 13:15:40 +10:00 committed by Stefano Brivio
parent b15ce5b6ce
commit 6920adda0d
5 changed files with 10 additions and 13 deletions

3
conf.c
View file

@ -101,9 +101,10 @@ static int get_bound_ports_ns(void *arg)
struct get_bound_ports_ns_arg *a = (struct get_bound_ports_ns_arg *)arg; struct get_bound_ports_ns_arg *a = (struct get_bound_ports_ns_arg *)arg;
struct ctx *c = a->c; struct ctx *c = a->c;
if (!c->pasta_netns_fd || ns_enter(c)) if (!c->pasta_netns_fd)
return 0; return 0;
ns_enter(c);
get_bound_ports(c, 1, a->proto); get_bound_ports(c, 1, a->proto);
return 0; return 0;

4
tap.c
View file

@ -1182,9 +1182,9 @@ static int tap_ns_tun(void *arg)
struct ctx *c = (struct ctx *)arg; struct ctx *c = (struct ctx *)arg;
memcpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ); memcpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ);
ns_enter(c);
if (ns_enter(c) || if ((tun_ns_fd = open("/dev/net/tun", flags)) < 0 ||
(tun_ns_fd = open("/dev/net/tun", flags)) < 0 ||
ioctl(tun_ns_fd, TUNSETIFF, &ifr) || ioctl(tun_ns_fd, TUNSETIFF, &ifr) ||
!(c->pasta_ifi = if_nametoindex(c->pasta_ifn))) { !(c->pasta_ifi = if_nametoindex(c->pasta_ifn))) {
if (tun_ns_fd != -1) if (tun_ns_fd != -1)

6
udp.c
View file

@ -473,8 +473,7 @@ static int udp_splice_new_ns(void *arg)
a = (struct udp_splice_new_ns_arg *)arg; a = (struct udp_splice_new_ns_arg *)arg;
if (ns_enter(a->c)) ns_enter(a->c);
return 0;
a->s = udp_splice_new(a->c, a->v6, a->src, true); a->s = udp_splice_new(a->c, a->v6, a->src, true);
@ -1064,8 +1063,7 @@ int udp_sock_init_ns(void *arg)
struct ctx *c = (struct ctx *)arg; struct ctx *c = (struct ctx *)arg;
unsigned dst; unsigned dst;
if (ns_enter(c)) ns_enter(c);
return 0;
for (dst = 0; dst < NUM_PORTS; dst++) { for (dst = 0; dst < NUM_PORTS; dst++) {
if (!bitmap_isset(c->udp.fwd_out.f.map, dst)) if (!bitmap_isset(c->udp.fwd_out.f.map, dst))

8
util.c
View file

@ -378,16 +378,14 @@ void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
* ns_enter() - Enter configured user (unless already joined) and network ns * ns_enter() - Enter configured user (unless already joined) and network ns
* @c: Execution context * @c: Execution context
* *
* Return: 0, won't return on failure * Won't return on failure
* *
* #syscalls:pasta setns * #syscalls:pasta setns
*/ */
int ns_enter(const struct ctx *c) void ns_enter(const struct ctx *c)
{ {
if (setns(c->pasta_netns_fd, CLONE_NEWNET)) if (setns(c->pasta_netns_fd, CLONE_NEWNET))
exit(EXIT_FAILURE); die("setns() failed entering netns: %s", strerror(errno));
return 0;
} }
/** /**

2
util.h
View file

@ -216,7 +216,7 @@ int bitmap_isset(const uint8_t *map, int bit);
char *line_read(char *buf, size_t len, int fd); char *line_read(char *buf, size_t len, int fd);
void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
uint8_t *map, uint8_t *exclude); uint8_t *map, uint8_t *exclude);
int ns_enter(const struct ctx *c); void ns_enter(const struct ctx *c);
bool ns_is_init(void); bool ns_is_init(void);
void write_pidfile(int fd, pid_t pid); void write_pidfile(int fd, pid_t pid);
int __daemon(int pidfile_fd, int devnull_fd); int __daemon(int pidfile_fd, int devnull_fd);