libnetwork: create netns without reexec

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-18 13:51:50 -04:00 · 2022-10-18 13:51:50 -04:00 · 0246332954
commit 0246332954
parent ffb2c1fb4a
1 changed files with 5 additions and 25 deletions
--- a/libnetwork/osl/namespace_linux.go
+++ b/libnetwork/osl/namespace_linux.go
@ -14,6 +14,7 @@ import (
 	"syscall"
 	"time"

+	"github.com/docker/docker/internal/unshare"
 	"github.com/docker/docker/libnetwork/ns"
 	"github.com/docker/docker/libnetwork/osl/kernel"
 	"github.com/docker/docker/libnetwork/types"
@ -70,10 +71,6 @@ func SetBasePath(path string) {
 	prefix = path
 }

-func init() {
-	reexec.Register("netns-create", reexecCreateNamespace)
-}
-
 func basePath() string {
 	return filepath.Join(prefix, "netns")
 }
@ -301,35 +298,18 @@ func GetSandboxForExternalKey(basePath string, key string) (Sandbox, error) {
 	return n, nil
 }

-func reexecCreateNamespace() {
-	if len(os.Args) < 2 {
-		logrus.Fatal("no namespace path provided")
-	}
-	if err := mountNetworkNamespace("/proc/self/ns/net", os.Args[1]); err != nil {
-		logrus.Fatal(err)
-	}
-}
-
 func createNetworkNamespace(path string, osCreate bool) error {
 	if err := createNamespaceFile(path); err != nil {
 		return err
 	}

-	cmd := &exec.Cmd{
-		Path:   reexec.Self(),
-		Args:   append([]string{"netns-create"}, path),
-		Stdout: os.Stdout,
-		Stderr: os.Stderr,
+	do := func() error {
+		return mountNetworkNamespace(fmt.Sprintf("/proc/self/task/%d/ns/net", unix.Gettid()), path)
 	}
 	if osCreate {
-		cmd.SysProcAttr = &syscall.SysProcAttr{}
-		cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNET
+		return unshare.Go(unix.CLONE_NEWNET, do, nil)
 	}
-	if err := cmd.Run(); err != nil {
-		return fmt.Errorf("namespace creation reexec command failed: %v", err)
-	}
-
-	return nil
+	return do()
 }

 func unmountNamespaceFile(path string) {