qemu: Use namespaces iff available on the host kernel

So far the namespaces were turned on by default unconditionally. For all non-Linux platforms we provided stub functions that just ignored whatever namespaces setting there was in qemu.conf and returned 0 to indicate success. Moreover, we didn't really check if namespaces are available on the host kernel. This is suboptimal as we might have ignored user setting. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2025-02-22 03:12:22 +00:00 · 2017-01-11 11:05:50 +01:00 · 2017-01-11 11:05:50 +01:00 · 49f326edc0
commit 49f326edc0
parent 41816751a7
2 changed files with 15 additions and 26 deletions
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@ -317,8 +317,12 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
    if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST)))
        goto error;

-    if (virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
+#if defined(__linux__)
+    if (privileged &&
+        virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT) == 0 &&
+        virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
        goto error;
+#endif /* defined(__linux__) */

 #ifdef DEFAULT_LOADER_NVRAM
    if (virFirmwareParseList(DEFAULT_LOADER_NVRAM,
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -6879,7 +6879,6 @@ qemuDomainGetHostdevPath(virDomainHostdevDefPtr dev,
 }


-#if defined(__linux__)
 /**
 * qemuDomainGetPreservedMounts:
 *
@ -7432,12 +7431,20 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
    int ret = -1;

-    if (!virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) ||
-        !virQEMUDriverIsPrivileged(driver)) {
+    if (!virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT)) {
        ret = 0;
        goto cleanup;
    }

+    if (!virQEMUDriverIsPrivileged(driver)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("cannot use namespaces in session mode"));
+        goto cleanup;
+    }
+
+    if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT) < 0)
+        goto cleanup;
+
    if (qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0)
        goto cleanup;

@ -7447,28 +7454,6 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
    return ret;
 }

-#else /* !defined(__linux__) */
-
-int
-qemuDomainBuildNamespace(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
-                         virDomainObjPtr vm ATTRIBUTE_UNUSED)
-{
-    /* Namespaces are Linux specific. On other platforms just
-     * carry on with the old behaviour. */
-    return 0;
-}
-
-
-int
-qemuDomainCreateNamespace(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
-                          virDomainObjPtr vm ATTRIBUTE_UNUSED)
-{
-    /* Namespaces are Linux specific. On other platforms just
-     * carry on with the old behaviour. */
-    return 0;
-}
-#endif /* !defined(__linux__) */
-

 struct qemuDomainAttachDeviceMknodData {
    virQEMUDriverPtr driver;