char pid_str[256];
snprintf(pid_str, sizeof(pid_str), "%d", pid);
char *const argv_netns[] =
- { SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, "name", "virt.ns", NULL };
+ { SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, "name", "virt.ns",
+ NULL
+ };
if (netSystem(SBIN_IP_PATH, argv_netns) == false) {
LOG_E("Couldn't put interface '%s' into NS of PID '%d'", iface, pid);
return false;
}
}
+static bool subprocInitParent(struct nsjconf_t *nsjconf, pid_t pid, int pipefd)
+{
+ if (netCloneMacVtapAndNS(nsjconf, pid) == false) {
+ LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid);
+ return false;
+ }
+ if (containInitUserNs(nsjconf, pid) == false) {
+ LOG_E("Couldn't initialize user namespaces for pid %d", pid);
+ return false;
+ }
+ if (utilWriteToFd(pipefd, &subprocDoneChar, sizeof(subprocDoneChar)) !=
+ sizeof(subprocDoneChar)) {
+ LOG_E("Couldn't signal the new process via a socketpair");
+ return false;
+ }
+ return true;
+}
+
void subprocRunChild(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err)
{
if (netLimitConns(nsjconf, fd_in) == false) {
return;
}
- if (netCloneMacVtapAndNS(nsjconf, pid) == false) {
- LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid);
- close(sv[1]);
- return;
- }
- if (containInitUserNs(nsjconf, pid) == false) {
- LOG_E("Couldn't initialize user namespaces for pid %d", pid);
- close(sv[1]);
- return;
- }
- if (utilWriteToFd(sv[1], &subprocDoneChar, sizeof(subprocDoneChar)) != sizeof(subprocDoneChar)) {
- LOG_E("Couldn't signal the new process via a socketpair");
+ if (subprocInitParent(nsjconf, pid, sv[1]) == false) {
close(sv[1]);
return;
}
projects / platform / upstream / nsjail.git / commitdiff