Re: [libvirt] [PATCH 3/4] lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces
On Fri, Aug 28, 2015 at 06:40:39AM -0400, John Ferlan wrote: On 08/26/2015 09:06 PM, Michal Privoznik wrote: Now that virProcessSetNamespaces() does accept FD list in the correct format, we can simply turn lxcAttachNS into calling virProcessSetNamespaces(). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/lxc/lxc_container.c | 22 +++--- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index feb8fad..eb7cad6 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -2184,25 +2184,9 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def ATTRIBUTE_UNUSED, */ static int lxcAttachNS(int *ns_fd) { -size_t i; -if (ns_fd) -for (i = 0; i VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) { -if (ns_fd[i] 0) -continue; -VIR_DEBUG(Setting into namespace\n); -/* We get EINVAL if new NS is same as the current - * NS, or if the fd namespace doesn't match the - * type passed to setns()'s second param. Since we - * pass 0, we know the EINVAL is harmless - */ -if (setns(ns_fd[i], 0) 0 -errno != EINVAL) { -virReportSystemError(errno, _(failed to set namespace '%s'), - virLXCDomainNamespaceTypeToString(i)); -return -1; -} -VIR_FORCE_CLOSE(ns_fd[i]); -} +if (ns_fd +virProcessSetNamespaces(VIR_LXC_DOMAIN_NAMESPACE_LAST, ns_fd) 0) Coverity wasn't very happy with this one - I got: (1) Event suspicious_sizeof: Passing argument ns_fd of type int * and argument VIR_LXC_DOMAIN_NAMESPACE_LAST to function virProcessSetNamespaces is suspicious because a multiple of sizeof (int) /*4*/ is expected. IIUC, coverity is saying here that 'size_t nfdlist' is supposed to be a multiple of sizeof(int), which is clearly wrong. it is the number of int elements in the array, so sizeof() doesn't apply. I don't see any code change required here at all, I think coverity is simply wrong. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 3/4] lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces
On 08/26/2015 09:06 PM, Michal Privoznik wrote: Now that virProcessSetNamespaces() does accept FD list in the correct format, we can simply turn lxcAttachNS into calling virProcessSetNamespaces(). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/lxc/lxc_container.c | 22 +++--- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index feb8fad..eb7cad6 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -2184,25 +2184,9 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def ATTRIBUTE_UNUSED, */ static int lxcAttachNS(int *ns_fd) { -size_t i; -if (ns_fd) -for (i = 0; i VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) { -if (ns_fd[i] 0) -continue; -VIR_DEBUG(Setting into namespace\n); -/* We get EINVAL if new NS is same as the current - * NS, or if the fd namespace doesn't match the - * type passed to setns()'s second param. Since we - * pass 0, we know the EINVAL is harmless - */ -if (setns(ns_fd[i], 0) 0 -errno != EINVAL) { -virReportSystemError(errno, _(failed to set namespace '%s'), - virLXCDomainNamespaceTypeToString(i)); -return -1; -} -VIR_FORCE_CLOSE(ns_fd[i]); -} +if (ns_fd +virProcessSetNamespaces(VIR_LXC_DOMAIN_NAMESPACE_LAST, ns_fd) 0) Coverity wasn't very happy with this one - I got: (1) Event suspicious_sizeof:Passing argument ns_fd of type int * and argument VIR_LXC_DOMAIN_NAMESPACE_LAST to function virProcessSetNamespaces is suspicious because a multiple of sizeof (int) /*4*/ is expected. Changing 'arg1' to virProcessSetNamespaces from size_t to unsigned int cleared the error - whether that's right or not, I'm not sure. I do note the only other caller virDomainLxcEnterNamespace passes an 'unsigned int' which is why I tried that first. John +return -1; return 0; } -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 3/4] lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces
On Thu, Aug 27, 2015 at 03:06:53AM +0200, Michal Privoznik wrote: Now that virProcessSetNamespaces() does accept FD list in the correct format, we can simply turn lxcAttachNS into calling virProcessSetNamespaces(). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/lxc/lxc_container.c | 22 +++--- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index feb8fad..eb7cad6 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -2184,25 +2184,9 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def ATTRIBUTE_UNUSED, */ static int lxcAttachNS(int *ns_fd) { -size_t i; -if (ns_fd) -for (i = 0; i VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) { -if (ns_fd[i] 0) -continue; -VIR_DEBUG(Setting into namespace\n); -/* We get EINVAL if new NS is same as the current - * NS, or if the fd namespace doesn't match the - * type passed to setns()'s second param. Since we - * pass 0, we know the EINVAL is harmless - */ -if (setns(ns_fd[i], 0) 0 -errno != EINVAL) { -virReportSystemError(errno, _(failed to set namespace '%s'), - virLXCDomainNamespaceTypeToString(i)); -return -1; -} -VIR_FORCE_CLOSE(ns_fd[i]); -} +if (ns_fd +virProcessSetNamespaces(VIR_LXC_DOMAIN_NAMESPACE_LAST, ns_fd) 0) +return -1; return 0; } ACK, or we could just inline this call and get rid fo the lxcAttachNS method entirely Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/4] lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces
Now that virProcessSetNamespaces() does accept FD list in the correct format, we can simply turn lxcAttachNS into calling virProcessSetNamespaces(). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/lxc/lxc_container.c | 22 +++--- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index feb8fad..eb7cad6 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -2184,25 +2184,9 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def ATTRIBUTE_UNUSED, */ static int lxcAttachNS(int *ns_fd) { -size_t i; -if (ns_fd) -for (i = 0; i VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) { -if (ns_fd[i] 0) -continue; -VIR_DEBUG(Setting into namespace\n); -/* We get EINVAL if new NS is same as the current - * NS, or if the fd namespace doesn't match the - * type passed to setns()'s second param. Since we - * pass 0, we know the EINVAL is harmless - */ -if (setns(ns_fd[i], 0) 0 -errno != EINVAL) { -virReportSystemError(errno, _(failed to set namespace '%s'), - virLXCDomainNamespaceTypeToString(i)); -return -1; -} -VIR_FORCE_CLOSE(ns_fd[i]); -} +if (ns_fd +virProcessSetNamespaces(VIR_LXC_DOMAIN_NAMESPACE_LAST, ns_fd) 0) +return -1; return 0; } -- 2.4.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list