[Devel] [PATCH] criu: update second "iptables restore" helper to work in VE#0
Stanislav Kinsburskiy
skinsbursky at virtuozzo.com
Mon Jul 24 12:33:20 MSK 2017
Surprisingly CRIU has 2 equal helpers for iptables restore.
Initial series patched only one the them. This patch updates the second one.
https://jira.sw.ru/browse/PSBM-58574
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
criu/net.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/criu/net.c b/criu/net.c
index b81092c..8d6f975 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1775,7 +1775,7 @@ int netns_keep_nsfd(void)
* iptables-restore allows to make a few changes for one iteration,
* so it works faster.
*/
-static int iptables_restore(bool ipv6, char *buf, int size)
+static int do_iptables_restore(bool ipv6, char *buf, int size)
{
int pfd[2], ret = -1;
char *cmd4[] = {"iptables-restore", "--noflush", NULL};
@@ -1800,6 +1800,34 @@ static int iptables_restore(bool ipv6, char *buf, int size)
return ret;
}
+static int __iptables_restore(bool ipv6, char *buf, int size)
+{
+ if (join_ve(root_item->pid->real, false))
+ return -1;
+
+ return do_iptables_restore(ipv6, buf, size);
+}
+
+static int iptables_restore(bool ipv6, char *buf, int size)
+{
+ int child, status;
+
+ child = fork();
+ if (child < 0) {
+ pr_perror("failed to fork");
+ return -1;
+ } else if (!child) {
+ _exit(__iptables_restore(ipv6, buf, size));
+ }
+
+ if (waitpid(child, &status, 0) != child) {
+ pr_err("failed to collect child %d\n", child);
+ return -1;
+ }
+
+ return WIFEXITED(status) ? WEXITSTATUS(status) : -1;
+}
+
int network_lock_internal()
{
char conf[] = "*filter\n"
More information about the Devel
mailing list