tree-wide: use container_uses_namespace() helper

No functional changes. Will be useful in future support for an isolated user namespaces [1]. I have already played with that locally and found that in the LXC codebase we have a bunch of different ways to ensure if a container uses user namespaces or not. This commit contains a trivial conversion from an open-coded version of the container_uses_namespace() helper to an actual use of the helper. [1] https://lpc.events/event/17/contributions/1569/ Signed-off-by: Alexander Mikhalitsyn <[email protected]>
gibmat · Jan 26, 2024 · 64341ce · 64341ce
1 parent 1fbe1b0
commit 64341ce
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
@@ -4290,7 +4290,7 @@ int lxc_sync_fds_parent(struct lxc_handler *handler)
 	if (ret < 0)
 		return syserror_ret(ret, "Failed to receive tty info from child process");
 
-	if (handler->ns_clone_flags & CLONE_NEWNET) {
+	if (container_uses_namespace(handler, CLONE_NEWNET)) {
 		ret = lxc_network_recv_name_and_ifindex_from_child(handler);
 		if (ret < 0)
 			return syserror_ret(ret, "Failed to receive names and ifindices for network devices from child");
@@ -4320,7 +4320,7 @@ int lxc_sync_fds_child(struct lxc_handler *handler)
 	if (ret < 0)
 		return syserror_ret(ret, "Failed to send tty file descriptors to parent");
 
-	if (handler->ns_clone_flags & CLONE_NEWNET) {
+	if (container_uses_namespace(handler, CLONE_NEWNET)) {
 		ret = lxc_network_send_name_and_ifindex_to_parent(handler);
 		if (ret < 0)
 			return syserror_ret(ret, "Failed to send network device names and ifindices to parent");
@@ -4382,7 +4382,7 @@ int lxc_setup(struct lxc_handler *handler)
 			return log_error(-1, "Failed to setup container keyring");
 	}
 
-	if (handler->ns_clone_flags & CLONE_NEWNET) {
+	if (container_uses_namespace(handler, CLONE_NEWNET)) {
 		ret = lxc_network_recv_from_parent(handler);
 		if (ret < 0)
 			return log_error(-1, "Failed to receive veth names from parent");

diff --git a/src/lxc/network.c b/src/lxc/network.c
@@ -3763,7 +3763,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler)
 	 * If we weren't asked to clone a new network namespace, there's
 	 * nothing to restore.
 	 */
-	if (!(handler->ns_clone_flags & CLONE_NEWNET))
+	if (!container_uses_namespace(handler, CLONE_NEWNET))
 		return 0;
 
 	/* We need CAP_NET_ADMIN in the parent namespace in order to setns() to

diff --git a/src/lxc/start.c b/src/lxc/start.c
@@ -1565,7 +1565,7 @@ static int core_scheduling(struct lxc_handler *handler)
 	if (!conf->sched_core)
 		return log_trace(0, "No new core scheduling domain requested");
 
-	if (!(handler->ns_clone_flags & CLONE_NEWPID))
+	if (!container_uses_namespace(handler, CLONE_NEWPID))
 		return syserror_set(-EINVAL, "Core scheduling currently requires a separate pid namespace");
 
 	ret = core_scheduling_cookie_create_threadgroup(handler->pid);
@@ -1641,7 +1641,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 	data_sock0 = handler->data_sock[0];
 	data_sock1 = handler->data_sock[1];
 
-	if (handler->ns_clone_flags & CLONE_NEWNET) {
+	if (container_uses_namespace(handler, CLONE_NEWNET)) {
 		ret = lxc_find_gateway_addresses(handler);
 		if (ret) {
 			ERROR("Failed to find gateway addresses");
@@ -1685,7 +1685,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 			.exit_signal = SIGCHLD,
 		};
 
-		if (handler->ns_clone_flags & CLONE_NEWCGROUP) {
+		if (container_uses_namespace(handler, CLONE_NEWCGROUP)) {
 			cgroup_fd = cgroup_unified_fd(cgroup_ops);
 			if (cgroup_fd >= 0) {
 				handler->clone_flags	|= CLONE_INTO_CGROUP;
@@ -1840,7 +1840,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 		TRACE("Allocated new network namespace id");
 
 	/* Create the network configuration. */
-	if (handler->ns_clone_flags & CLONE_NEWNET) {
+	if (container_uses_namespace(handler, CLONE_NEWNET)) {
 		ret = lxc_create_network(handler);
 		if (ret < 0) {
 			ERROR("Failed to create the network");
@@ -1870,7 +1870,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 		goto out_delete_net;
 	}
 
-	if (handler->ns_clone_flags & CLONE_NEWNET) {
+	if (container_uses_namespace(handler, CLONE_NEWNET)) {
 		ret = lxc_network_send_to_child(handler);
 		if (ret < 0) {
 			SYSERROR("Failed to send veth names to child");
@@ -1986,7 +1986,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 	return 0;
 
 out_delete_net:
-	if (handler->ns_clone_flags & CLONE_NEWNET)
+	if (container_uses_namespace(handler, CLONE_NEWNET))
 		lxc_delete_network(handler);
 
 out_abort: