Merge pull request #8551 from amshinde/runtime-rs-setns-clh

runtime-rs: Launch cloud-hypervisor in given netns
2025-08-28 04:21:03 +00:00 · 2023-12-05 10:18:34 +00:00 · 2023-12-05 10:18:34 +00:00 · 93c0fc2ad3
commit 93c0fc2ad3
parent e8b28fed2a 2df8144cfe
1 changed files with 22 additions and 0 deletions
--- a/src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs
+++ b/src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs
@ -23,10 +23,12 @@ use kata_sys_util::protection::{available_guest_protection, GuestProtection};
 use kata_types::capabilities::{Capabilities, CapabilityBits};
 use kata_types::config::default::DEFAULT_CH_ROOTFS_TYPE;
 use lazy_static::lazy_static;
 use nix::sched::{setns, CloneFlags};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 use std::convert::TryFrom;
 use std::fs::create_dir_all;
 use std::os::unix::io::AsRawFd;
 use std::os::unix::net::UnixStream;
 use std::path::Path;
 use std::process::Stdio;
@ -374,6 +376,26 @@ impl CloudHypervisorInner {
            cmd.args(["--seccomp", "false"]);
        }
        let netns = self.netns.clone();
        if self.netns.is_some() {
            info!(
                sl!(),
                "set netns for vmm : {:?}",
                self.netns.as_ref().unwrap()
            );
        }
        unsafe {
            let _pre = cmd.pre_exec(move || {
                if let Some(netns_path) = &netns {
                    let netns_fd = std::fs::File::open(netns_path);
                    let _ = setns(netns_fd?.as_raw_fd(), CloneFlags::CLONE_NEWNET)
                        .context("set netns failed");
                }
                Ok(())
            });
        }
        debug!(sl!(), "launching {} as: {:?}", CH_NAME, cmd);
        let child = cmd.spawn().context(format!("{} spawn failed", CH_NAME))?;