diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c index 34c3a140c4..9f4a38a317 100644 --- a/src/libcrun/linux.c +++ b/src/libcrun/linux.c @@ -6198,17 +6198,21 @@ run_in_container_namespace (libcrun_container_status_t *status, int (*callback) ret = setns (pidfd, CLONE_NEWNS); if (UNLIKELY (ret < 0)) { + /* Create an error for the parent proc. */ crun_make_error (err, 0, "setns to target pid"); _safe_exit (ret); } ret = chdir ("/"); if (UNLIKELY (ret < 0)) { + /* Create an error for the parent proc. */ crun_make_error (err, errno, "chdir to `/`"); _safe_exit (ret); } ret = callback (arg, err); + /* On failure (ret < 0) the created error will be + used by the parent proc */ _safe_exit (ret); } @@ -6216,6 +6220,9 @@ run_in_container_namespace (libcrun_container_status_t *status, int (*callback) if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "waitpid for exec child pid"); + /* The vfork() child shares the parent's memory space, so the error + object populated by the child is available to the parent. + Do not call crun_make_error() here. */ return get_process_exit_status (wait_status); } diff --git a/src/libcrun/net_device.c b/src/libcrun/net_device.c index df3dbf4897..8c5b54f039 100644 --- a/src/libcrun/net_device.c +++ b/src/libcrun/net_device.c @@ -474,7 +474,10 @@ move_network_device (const char *ifname, const char *newifname, int netns_fd, li { ret = setup_network_device_in_ns_helper (buffer, buffer_size, netns_fd, newifname, ips, err); if (UNLIKELY (ret < 0)) - _safe_exit (-ret); + { + /* Do not release the error as it will be used by the parent proc. */ + _safe_exit (-ret); + } _safe_exit (0); } @@ -484,7 +487,11 @@ move_network_device (const char *ifname, const char *newifname, int netns_fd, li return crun_make_error (err, errno, "waitpid for exec child pid"); if (wait_status != 0) - return -get_process_exit_status (wait_status); + { + /* Reuse the error from the child proc. + In other words, do not call crun_make_error() here. */ + return -get_process_exit_status (wait_status); + } return 0; }