[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v3 2/3] Revert "libxl: fix build on rather old systems"

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Mon, 14 Jan 2019 14:59:36 +0000
Cc: Juergen Gross <jgross@xxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Mon, 14 Jan 2019 14:59:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This reverts commit 1bce5f9baf0f4a4e50722f32b44afe4fdefc6b35.

This situation should be handled by disabling the dm restrict
feature, not silently falling back to lower protection.

Also this #ifdeffery is bad style.

Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---
 tools/libxl/libxl_linux.c | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/tools/libxl/libxl_linux.c b/tools/libxl/libxl_linux.c
index a4c2f28dbf..6475cca64b 100644
--- a/tools/libxl/libxl_linux.c
+++ b/tools/libxl/libxl_linux.c
@@ -334,24 +334,12 @@ int libxl__local_dm_preexec_restrict(libxl__gc *gc)
     unsigned i;
 
     /* Unshare mount and IPC namespaces.  These are unused by QEMU. */
-    r = unshare(CLONE_NEWNS);
+    r = unshare(CLONE_NEWNS | CLONE_NEWIPC);
     if (r) {
-        LOGE(ERROR, "libxl: Mount namespace unshare failed");
+        LOGE(ERROR, "libxl: Mount and IPC namespace unfailed");
         return ERROR_FAIL;
     }
 
-#ifndef CLONE_NEWIPC /* Available as of Linux 2.6.19 / glibc 2.8 */
-# define CLONE_NEWIPC 0x08000000
-#endif
-    r = unshare(CLONE_NEWIPC);
-    if (r) {
-        if (r && errno != EINVAL) {
-            LOGE(ERROR, "libxl: IPC namespace unshare failed");
-            return ERROR_FAIL;
-        }
-        LOG(WARN, "libxl: IPC namespace unshare unavailable");
-    }
-
     /* Set various "easy" rlimits */
     for (i = 0; rlimits[i].resource != RLIMIT_NLIMITS; i++) {
         struct rlimit rlim;
-- 
2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3 2/3] Revert "libxl: fix build on rather old systems"
  - From: Wei Liu

References:
- Re: [Xen-devel] [PATCH] libxl: fix build on rather old systems
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH v3 04/15] argo: init, destroy and soft-reset, with enable command line opt
Next by Date: [Xen-devel] [PATCH v3 1/3] docs/features/qemu-deprivilege.pandoc: No support with Linux <2.6.18
Previous by thread: Re: [Xen-devel] [PATCH v2 2/2] libxl: fix build (missing CLONE_NEWIPC) on astonishingly old systems
Next by thread: Re: [Xen-devel] [PATCH v3 2/3] Revert "libxl: fix build on rather old systems"
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.