patchpanel: directly use chown() syscall
After:
localhost ~ # ls -ld /sys/class/xt_idletimer
drwxr-xr-x. 2 android-root android-root 0 Mar 5 13:19 /sys/class/xt_idletimer
localhost ~ # android-sh -c "ls -ld /sys/class/xt_idletimer"
drwxr-xr-x 2 root root 0 2021-03-05 13:19 /sys/class/xt_idletimer
Also refactor ScopedNS to support both CLONE_NEWNET and CLONE_NEWNS.
BUG=b:178980566
TEST=Compiled, flashed patchpanel on rammus, started ARC container,
checked that /sys/class/xt_idletimer owner shows as android_root on the
host (xt_idletimer is not namespaced), check /sys/class/xt_idletimer
owner shows as root inside ARC.
Change-Id: Ia799dda263da996fa4880e1cf676556845e7f622
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2738497
Reviewed-by: Garrick Evans <garrick@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
diff --git a/patchpanel/datapath.cc b/patchpanel/datapath.cc
index 4595459..1bb62c1 100644
--- a/patchpanel/datapath.cc
+++ b/patchpanel/datapath.cc
@@ -487,7 +487,7 @@
// Configure the remote veth in namespace |netns_name|.
{
- ScopedNS ns(netns_pid);
+ ScopedNS ns(netns_pid, ScopedNS::Type::Network);
if (!ns.IsValid() && netns_pid != kTestPID) {
LOG(ERROR)
<< "Cannot create virtual link -- invalid container namespace?";
@@ -604,7 +604,7 @@
}
{
- ScopedNS ns(nsinfo.pid);
+ ScopedNS ns(nsinfo.pid, ScopedNS::Type::Network);
if (!ns.IsValid() && nsinfo.pid != kTestPID) {
LOG(ERROR) << "Invalid namespace pid " << nsinfo.pid;
RemoveInterface(nsinfo.host_ifname);