net: handle a case when --empty net is set only for criu dump

The origin idea was to set --empty net for criu dump and criu restore, but before cde33dc ("empty-ns: Don't C/R iptables too (v2)"), criu restore worked without --empty net and we didn't notice that docker doesn't set this option on restore. After a small brainstorm, we decided that it is better to remove this requirement. Docker has to set this option, but with this changes, the docker issue will be less urgent. checkpoint-restore#393
avagin · Oct 5, 2017 · 832dfed · 832dfed
1 parent 91bc6e0
commit 832dfed
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/criu/net.c b/criu/net.c
@@ -1541,13 +1541,18 @@ static inline int restore_iptables(int pid)
 	struct cr_img *img;
 
 	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
-	if (img) {
-		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
-		close_image(img);
+	if (img == NULL)
+		return -1;
+	if (empty_image(img)) {
+		ret = 0;
+		goto ipt6;
 	}
+
+	ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
+	close_image(img);
 	if (ret)
 		return ret;
-
+ipt6:
 	img = open_image(CR_FD_IP6TABLES, O_RSTR, pid);
 	if (img == NULL)
 		return -1;