aboutsummaryrefslogtreecommitdiffgithub
path: root/nsdo.c
diff options
context:
space:
mode:
authorAustin Adams <git@austinjadams.com>2015-09-12 11:27:28 -0400
committerAustin Adams <git@austinjadams.com>2015-09-12 11:27:28 -0400
commitdf5335060d2623ec1e54bdc42bfe4f36f1071d0a (patch)
treeacd3c5b34760bff7f721ef21270a30fe43c97051 /nsdo.c
parentf1f56a7ae647fa12784504a2c6bdcc96e276b970 (diff)
downloadnsdo-df5335060d2623ec1e54bdc42bfe4f36f1071d0a.tar.gz
nsdo-df5335060d2623ec1e54bdc42bfe4f36f1071d0a.tar.xz
improve error messages and update vpn suggestions
nsdo now returns better error messages. For instance, if a stat() fails, it gives the filename in the error message. I've also tweaked my vpn suggestions to re-use the same network namespaces across openvpn client restarts. Before, the network namespace was added and removed in the vpn-ns script, but because that ran for every start/stop of the openvpn client, sometimes the network namespace in which an application was running would get 'stale.' Specifically, if Firefox was running in my VPN's network namespace, but I suspended my laptop, the vpn-ns script would create a new network namespace when the computer came out of suspend and the openvpn client started up again. So, /run/netns/vpn (for example) would point to namespace 12345679, where openvpn was running, while firefox would be running in namespace 12345678. The fix -- to use a separate systemd service to create the namespaces -- just makes sense, and I should've done it this way in the first place.
Diffstat (limited to 'nsdo.c')
-rw-r--r--nsdo.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/nsdo.c b/nsdo.c
index 8643c19..7fed018 100644
--- a/nsdo.c
+++ b/nsdo.c
@@ -61,7 +61,7 @@ int current_ns_inode(ino_t *inode) {
struct stat nsstat;
if (stat("/proc/self/ns/net", &nsstat) == -1) {
- perror(PROGRAM ": stat(\"/proc/sys/ns/net\")");
+ perror(PROGRAM ": stat(\"/proc/self/ns/net\")");
return 0;
}
@@ -95,7 +95,9 @@ int inode_in_nspath(ino_t inode) {
}
if (stat(nspath, &nsstat) == -1) {
- perror(PROGRAM ": stat");
+ /* i hate to break consistency and use fprintf() rather than
+ perror(), but it's necessary here. */
+ fprintf(stderr, PROGRAM ": stat(\"%s\"): %s\n", nspath, strerror(errno));
return -1;
}
@@ -106,7 +108,7 @@ int inode_in_nspath(ino_t inode) {
}
if (errno != 0) {
- perror(PROGRAM ": readdir");
+ perror(PROGRAM ": readdir(\"" NS_PATH "\")");
return -1;
}
@@ -137,7 +139,7 @@ int bad_nsname(char *ns) {
}
int set_netns(char *ns) {
- int nsfd;
+ int nsfd, perm_issue;
char *nspath;
if (bad_nsname(ns)) {
@@ -158,7 +160,12 @@ int set_netns(char *ns) {
free(nspath);
if (setns(nsfd, CLONE_NEWNET) == -1) {
+ perm_issue = errno == EPERM;
perror(PROGRAM ": setns");
+
+ if (perm_issue)
+ fprintf(stderr, "\nis the " PROGRAM " binary missing the setuid bit?\n");
+
return 0;
} else {
return 1;