nspawn: beef up netns checking a bit, for compat with old kernels

[poettering]

Fixes: #10544

[evverx]

If a file referring to a non-network namespace is passed to nspawn, it fails to start (which is good and expected), but the message it prints doesn't seem to be helpful:

# ../../build/systemd-nspawn -D ./CONT/ --network-namespace-path=/proc/1/ns/ipc ip a
Spawning container CONT on /root/systemd-centos-ci/systemd/test/TEST-13-NSPAWN-SMOKE/CONT.
Press ^] three times within 1s to kill container.
Failed to register machine: Interrupted system call

I'm not sure what to do about it. It could be fixed or we could probably safely assume that people who try to run containers on CentOS with nspawn know what they're doing and leave everything as is :-)

[poettering]

I'm not sure what to do about it. It could be fixed or we could probably safely assume that people who try to run containers on CentOS with nspawn know what they're doing and leave everything as is :-)

hmm, is that on an old kernel or a new one?

i am a bit surprised about the EINTR i must say... can you strace -f -s 500 -o log that and paste the output somewhere please?

[evverx]

strace slows everything down so when run under it nspawn fails with

Spawning container CONT on /root/systemd-centos-ci/systemd/test/TEST-13-NSPAWN-SMOKE/CONT.
Press ^] three times within 1s to kill container.
Child died too early.

The most important part is probably that setns fails and the process exits without logging anything:

2996  setns(22<ipc:[4026531839]>, CLONE_NEWNET <unfinished ...>
2994  recvmsg(11<UNIX:[32416->32423]>,  <unfinished ...>
2996  <... setns resumed> )             = -1 EINVAL (Invalid argument)
2994  <... recvmsg resumed> {msg_name(0)=NULL, msg_iov(1)=[{":1.84\0\0\0\5\1u\0\2\0\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0", 48}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 48
2996  close(5<UNIX:[32402,"/run/systemd/nspawn/notify"]> <unfinished ...>
2994  recvmsg(11<UNIX:[32416->32423]>,  <unfinished ...>
2996  <... close resumed> )             = 0
2994  <... recvmsg resumed> {msg_name(0)=NULL, msg_iov(1)=[{"l\2\1\1+\0\0\0A\1\0\0.\0\0\0\5\1u\0\3\0\0\0", 24}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 24
2996  exit_group(1)                     = ?
2994  recvmsg(11<UNIX:[32416->32423]>,  <unfinished ...>
2996  +++ exited with 1 +++

[evverx]

Forgot to write what I'm using. It's CentOS 7 with Linux 3.10.0-862.14.4.el7.x86_64.

[poettering]

ok, thanks, we can definitely improve that error logging in that case...

[mrc0mmand]

Both testsuites (nspawn and QEMU) finally pass on CentOS 7 with this PR (full TEST-13 log for reference).

Btw, if you have any idea how to speed-up the CentOS ticket process so the testing on CentOS is finally fully automated, I'd be really glad to know.

[poettering]

@evverx i posted #10591 for you, ptal

[evverx]

Btw, if you have any idea how to speed-up the CentOS ticket process so the testing on CentOS is finally fully automated, I'd be really glad to know.

A full disclosure: I have no idea :-), but maybe it would make sense to ask the previous maintainer how long it took to get access to the testing infrastructure and whether it's possible to speed up the process a little bit. Unfortunately, I don't know who was the previous maintainer either.

[evverx]

I hope nobody is going to run ./build/test-stat-util </proc/1/ns/net :-)