From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Mon, 14 Jan 2019 14:59:36 +0000 (+0000)
Subject: Revert "libxl: fix build on rather old systems"
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2636
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ba219192b108c36b96e4f0f79fd10b03aff9f534;p=xen.git

Revert "libxl: fix build on rather old systems"

This reverts commit 1bce5f9baf0f4a4e50722f32b44afe4fdefc6b35.

This situation should be handled by disabling the dm restrict
feature, not silently falling back to lower protection.

Also this #ifdeffery is bad style.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
---

diff --git a/tools/libxl/libxl_linux.c b/tools/libxl/libxl_linux.c
index a4c2f28dbf..6475cca64b 100644
--- a/tools/libxl/libxl_linux.c
+++ b/tools/libxl/libxl_linux.c
@@ -334,24 +334,12 @@ int libxl__local_dm_preexec_restrict(libxl__gc *gc)
     unsigned i;
 
     /* Unshare mount and IPC namespaces.  These are unused by QEMU. */
-    r = unshare(CLONE_NEWNS);
+    r = unshare(CLONE_NEWNS | CLONE_NEWIPC);
     if (r) {
-        LOGE(ERROR, "libxl: Mount namespace unshare failed");
+        LOGE(ERROR, "libxl: Mount and IPC namespace unfailed");
         return ERROR_FAIL;
     }
 
-#ifndef CLONE_NEWIPC /* Available as of Linux 2.6.19 / glibc 2.8 */
-# define CLONE_NEWIPC 0x08000000
-#endif
-    r = unshare(CLONE_NEWIPC);
-    if (r) {
-        if (r && errno != EINVAL) {
-            LOGE(ERROR, "libxl: IPC namespace unshare failed");
-            return ERROR_FAIL;
-        }
-        LOG(WARN, "libxl: IPC namespace unshare unavailable");
-    }
-
     /* Set various "easy" rlimits */
     for (i = 0; rlimits[i].resource != RLIMIT_NLIMITS; i++) {
         struct rlimit rlim;