attach: use ns_info[LXC_NS_MAX] struct

Using custom structs in attach.c risks getting out of sync with the commonly used ns_info[LXC_NS_MAX] struct and thus attaching to wrong namespaces. Switch to using ns_info[LXC_NS_MAX]. Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

attach: use ns_info[LXC_NS_MAX] struct
b3677ba8 · Christian Brauner · Stéphane Graber · f23504af · b3677ba8
Commit b3677ba8 authored Nov 20, 2016 by Christian Brauner Committed by Stéphane Graber Nov 21, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 23 deletions

attach.c src/lxc/attach.c +16 -23

No files found.
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -212,17 +212,7 @@ static void lxc_proc_put_context_info(struct lxc_proc_context_info *ctx)

 static int lxc_attach_to_ns(pid_t pid, int which)
 {
-	/* according to <http://article.gmane.org/gmane.linux.kernel.containers.lxc.devel/1429>,
-	 * the file for user namespaces in /proc/$pid/ns will be called
-	 * 'user' once the kernel supports it
-	 */
-	static char *ns[] = { "user", "mnt", "pid", "uts", "ipc", "net", "cgroup" };
-	static int flags[] = {
-		CLONE_NEWUSER, CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUTS, CLONE_NEWIPC,
-		CLONE_NEWNET, CLONE_NEWCGROUP
-	};
-	static const int size = sizeof(ns) / sizeof(char *);
-	int fd[size];
+	int fd[LXC_NS_MAX];
 	int i, j, saved_errno;


@@ -231,16 +221,16 @@ static int lxc_attach_to_ns(pid_t pid, int which)
 		return -1;
 	}

-	for (i = 0; i < size; i++) {
+	for (i = 0; i < LXC_NS_MAX; i++) {
 		/* ignore if we are not supposed to attach to that
 		 * namespace
 		 */
-		if (which != -1 && !(which & flags[i])) {
+		if (which != -1 && !(which & ns_info[i].clone_flag)) {
 			fd[i] = -1;
 			continue;
 		}

-		fd[i] = lxc_preserve_ns(pid, ns[i]);
+		fd[i] = lxc_preserve_ns(pid, ns_info[i].proc_name);
 		if (fd[i] < 0) {
 			saved_errno = errno;

@@ -251,23 +241,28 @@ static int lxc_attach_to_ns(pid_t pid, int which)
 				close(fd[j]);

 			errno = saved_errno;
-			SYSERROR("failed to open namespace: '%s'.", ns[i]);
+			SYSERROR("failed to open namespace: '%s'.", ns_info[i].proc_name);
 			return -1;
 		}
 	}

-	for (i = 0; i < size; i++) {
-		if (fd[i] >= 0 && setns(fd[i], 0) != 0) {
+	for (i = 0; i < LXC_NS_MAX; i++) {
+		if (fd[i] < 0)
+			continue;
+
+		if (setns(fd[i], 0) < 0) {
 			saved_errno = errno;

-			for (j = i; j < size; j++)
+			for (j = i; j < LXC_NS_MAX; j++)
 				close(fd[j]);

 			errno = saved_errno;
-			SYSERROR("failed to set namespace '%s'", ns[i]);
+			SYSERROR("Failed to attach to namespace \"%s\".", ns_info[i].proc_name);
 			return -1;
 		}

+		DEBUG("Attached to namespace \"%s\".", ns_info[i].proc_name);
+
 		close(fd[i]);
 	}

@@ -1192,11 +1187,9 @@ static int attach_child_main(void* data)
 		flags = fcntl(fd, F_GETFL);
 		if (flags < 0)
 			continue;
-		if (flags & FD_CLOEXEC) {
-			if (fcntl(fd, F_SETFL, flags & ~FD_CLOEXEC) < 0) {
+		if (flags & FD_CLOEXEC)
+			if (fcntl(fd, F_SETFL, flags & ~FD_CLOEXEC) < 0)
 				SYSERROR("Unable to clear CLOEXEC from fd");
-			}
-		}
 	}

 	/* we don't need proc anymore */