[CRIU] [PATCH 2/2] net: handle a case when --empty net is set only for criu dump

[Andrei Vagin]

From: Andrei Vagin <avagin at virtuozzo.com>

The origin idea was to set --empty net for criu dump and criu restore,
but before cde33dcb0639 ("empty-ns: Don't C/R iptables too (v2)"),
criu restore worked without --empty net and we didn't notice that
docker doesn't set this option on restore.

After a small brainstorm, we decided that it is better to remove
this requirement. Docker has to set this option, but with this changes,
the docker issue will be less urgent.

https://github.com/checkpoint-restore/criu/issues/393
Signed-off-by: Andrei Vagin <avagin at virtuozzo.com>
---
 criu/net.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/criu/net.c b/criu/net.c
index 1e7c74e1e..8a2b60b67 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1972,13 +1972,18 @@ static inline int restore_iptables(int pid)
 	struct cr_img *img;
 
 	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
-	if (img) {
-		ret = run_iptables_tool("iptables-restore -w", img_raw_fd(img), -1);
-		close_image(img);
+	if (img == NULL)
+		return -1;
+	if (empty_image(img)) {
+		ret = 0;
+		goto ipt6;
 	}
+
+	ret = run_iptables_tool("iptables-restore -w", img_raw_fd(img), -1);
+	close_image(img);
 	if (ret)
 		return ret;
-
+ipt6:
 	img = open_image(CR_FD_IP6TABLES, O_RSTR, pid);
 	if (img == NULL)
 		return -1;
@@ -2188,6 +2193,9 @@ static int restore_netns_ids(struct ns_id *ns)
 {
 	int i, sk, exit_code = -1;
 
+	if (!ns->net.netns)
+		return 0;
+
 	sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
 	if (sk < 0) {
 		pr_perror("Can't open rtnl sock for net dump");
-- 
2.13.3