libnetwork: create netns without reexec

corhere · corhere · commit 0246332954e3 · 2023-01-11T12:05:39.000-05:00
Signed-off-by: Cory Snider &lt;csnider@mirantis.com&gt;
diff --git a/libnetwork/osl/namespace_linux.go b/libnetwork/osl/namespace_linux.go
@@ -14,6 +14,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/docker/docker/internal/unshare"
 	"github.com/docker/docker/libnetwork/ns"
 	"github.com/docker/docker/libnetwork/osl/kernel"
 	"github.com/docker/docker/libnetwork/types"
@@ -70,10 +71,6 @@ func SetBasePath(path string) {
 	prefix = path
 }
 
-func init() {
-	reexec.Register("netns-create", reexecCreateNamespace)
-}
-
 func basePath() string {
 	return filepath.Join(prefix, "netns")
 }
@@ -301,35 +298,18 @@ func GetSandboxForExternalKey(basePath string, key string) (Sandbox, error) {
 	return n, nil
 }
 
-func reexecCreateNamespace() {
-	if len(os.Args) < 2 {
-		logrus.Fatal("no namespace path provided")
-	}
-	if err := mountNetworkNamespace("/proc/self/ns/net", os.Args[1]); err != nil {
-		logrus.Fatal(err)
-	}
-}
-
 func createNetworkNamespace(path string, osCreate bool) error {
 	if err := createNamespaceFile(path); err != nil {
 		return err
 	}
 
-	cmd := &exec.Cmd{
-		Path:   reexec.Self(),
-		Args:   append([]string{"netns-create"}, path),
-		Stdout: os.Stdout,
-		Stderr: os.Stderr,
+	do := func() error {
+		return mountNetworkNamespace(fmt.Sprintf("/proc/self/task/%d/ns/net", unix.Gettid()), path)
 	}
 	if osCreate {
-		cmd.SysProcAttr = &syscall.SysProcAttr{}
-		cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNET
+		return unshare.Go(unix.CLONE_NEWNET, do, nil)
 	}
-	if err := cmd.Run(); err != nil {
-		return fmt.Errorf("namespace creation reexec command failed: %v", err)
-	}
-
-	return nil
+	return do()
 }
 
 func unmountNamespaceFile(path string) {
