On Tue, Oct 20, 2015 at 11:20:12AM +0200, Willy Tarreau wrote:
> On Tue, Oct 20, 2015 at 10:54:58AM +0200, Lukas Tribus wrote:
> > > Dear Willy,
> > >
> > > Thank you for your insights. As you advised, below is the output of
> > > haproxy -f ?cfg -db -V.
> >
> > Can you run this through strace (strace haproxy -f ?cfg -db -V) and
> > provide the output.
> >
> > Also, if you have the strace output of a successful startup of 1.5.14 for
> > comparison, that would be very helpful as well.
>
> Yes definitely. Actually I'm seeing one difference between the two versions,
> it's the introduction of namespaces in 1.6.0. If it was built with support
> for namespaces and they are not supported in the operating system, I'm not
> seeing how my_socketat() can recover in case setns() returns -1, which
> happens when default_namespace = -1, which is the default case before
> initialization :
>
> #ifdef CONFIG_HAP_NS
> if (default_namespace < 0 ||
> (ns && setns(ns->fd, CLONE_NEWNET) == -1))
> return -1;
> #endif
OK it's clear there's a bug here in my opinion because default_namespace
is *only* initialized if there are explicit namespaces. I could reproduce
the issue here, you simply need to build with USE_NS=1 and to declare no
namespace anywhere. Here's a proposed fix which works for me. Please
confirm.
Willy
diff --git a/src/namespace.c b/src/namespace.c
index a22f1a5..f1e81df 100644
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -97,14 +97,13 @@ int my_socketat(const struct netns_entry *ns, int domain,
int type, int protocol
int sock;
#ifdef CONFIG_HAP_NS
- if (default_namespace < 0 ||
- (ns && setns(ns->fd, CLONE_NEWNET) == -1))
+ if (default_namespace >= 0 && ns && setns(ns->fd, CLONE_NEWNET) == -1)
return -1;
#endif
sock = socket(domain, type, protocol);
#ifdef CONFIG_HAP_NS
- if (ns && setns(default_namespace, CLONE_NEWNET) == -1) {
+ if (default_namespace >= 0 && ns && setns(default_namespace,
CLONE_NEWNET) == -1) {
close(sock);
return -1;
}
