External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 21:55:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

virsh: domain: refactor cmdLxcEnterNamespace()

Browse Source 
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Kristina Hanicova 2021-09-24 01:25:09 +02:00 committed by Michal Privoznik
parent 637d98b329
commit ba78db1f73
1 changed files with 27 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
tools/virsh-domain.c
View File

@ -9856,6 +9856,7 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
int nfdlist; int nfdlist;
int *fdlist; int *fdlist;
size_t i; size_t i;
int status;
bool setlabel = true; bool setlabel = true;
g_autofree virSecurityModelPtr secmodel = NULL; g_autofree virSecurityModelPtr secmodel = NULL;
g_autofree virSecurityLabelPtr seclabel = NULL; g_autofree virSecurityLabelPtr seclabel = NULL;
@ -9894,40 +9895,8 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
*/ */
if ((pid = virFork()) < 0) if ((pid = virFork()) < 0)
return false; return false;
if (pid == 0) {
int status;
if (setlabel && if (pid != 0) {
virDomainLxcEnterSecurityLabel(secmodel,
seclabel,
NULL,
0) < 0)
_exit(EXIT_CANCELED);
if (virDomainLxcEnterCGroup(dom, 0) < 0)
_exit(EXIT_CANCELED);
if (virDomainLxcEnterNamespace(dom,
nfdlist,
fdlist,
NULL,
NULL,
0) < 0)
_exit(EXIT_CANCELED);
/* Fork a second time because entering the
* pid namespace only takes effect after fork
*/
if ((pid = virFork()) < 0)
_exit(EXIT_CANCELED);
if (pid == 0) {
execv(cmdargv[0], cmdargv);
_exit(errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE);
}
if (virProcessWait(pid, &status, true) < 0)
_exit(EXIT_CANNOT_INVOKE);
virProcessExitWithStatus(status);
} else {
for (i = 0; i < nfdlist; i++) for (i = 0; i < nfdlist; i++)
VIR_FORCE_CLOSE(fdlist[i]); VIR_FORCE_CLOSE(fdlist[i]);
VIR_FREE(fdlist); VIR_FREE(fdlist);
@ -9935,8 +9904,33 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
vshReportError(ctl); vshReportError(ctl);
return false; return false;
} }
return true;
} }
if (setlabel &&
virDomainLxcEnterSecurityLabel(secmodel, seclabel, NULL, 0) < 0)
_exit(EXIT_CANCELED);
if (virDomainLxcEnterCGroup(dom, 0) < 0)
_exit(EXIT_CANCELED);
if (virDomainLxcEnterNamespace(dom, nfdlist, fdlist, NULL, NULL, 0) < 0)
_exit(EXIT_CANCELED);
/* Fork a second time because entering the
* pid namespace only takes effect after fork
*/
if ((pid = virFork()) < 0)
_exit(EXIT_CANCELED);
if (pid == 0) {
execv(cmdargv[0], cmdargv);
_exit(errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE);
}
if (virProcessWait(pid, &status, true) < 0)
_exit(EXIT_CANNOT_INVOKE);
virProcessExitWithStatus(status);
return true; return true;
} }