net: Move node's net fd reference into service fd

So we keep it and dont close inside close_old_fds()
helper but pass into veth creation so the kernel
can fetch the net namespace of the veth peer.

v2 (by avagin@):
 - don't forget to close opened descriptor
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

include/servicefd.h

@@ -18,6 +18,7 @@ enum sfd_type {
 	ROOT_FD_OFF,	/* Root of the namespace we dump/restore */
 	CGROUP_YARD,
 	USERNSD_SK,	/* Socket for usernsd */
+	NS_FD_OFF,	/* Node's net namespace fd */
 
 	SERVICE_FD_MAX
 };

net.c

@@ -30,7 +30,6 @@
 #include "protobuf.h"
 #include "protobuf/netdev.pb-c.h"
 
-static int ns_fd = -1;
 static int ns_sysfs_fd = -1;
 
 int read_ns_sys_file(char *path, char *buf, int len)
@@ -463,6 +462,7 @@ enum {
 
 static int veth_link_info(NetDeviceEntry *nde, struct newlink_req *req)
 {
+	int ns_fd = get_service_fd(NS_FD_OFF);
 	struct rtattr *veth_data, *peer_data;
 	struct ifinfomsg ifm;
 	struct veth_pair *n;
@@ -491,6 +491,7 @@ static int veth_link_info(NetDeviceEntry *nde, struct newlink_req *req)
 
 static int venet_link_info(NetDeviceEntry *nde, struct newlink_req *req)
 {
+	int ns_fd = get_service_fd(NS_FD_OFF);
 	struct rtattr *venet_data;
 
 	BUG_ON(ns_fd < 0);
@@ -929,13 +930,15 @@ int prepare_net_ns(int pid)
 	if (!ret)
 		ret = restore_iptables(pid);
 
-	close(ns_fd);
+	close_service_fd(NS_FD_OFF);
 
 	return ret;
 }
 
 int netns_keep_nsfd(void)
 {
+	int ns_fd, ret;
+
 	if (!(root_ns_mask & CLONE_NEWNET))
 		return 0;
 
@@ -951,8 +954,14 @@ int netns_keep_nsfd(void)
 		return -1;
 	}
 
+	ret = install_service_fd(NS_FD_OFF, ns_fd);
+	if (ret < 0)
+		pr_err("Can't install ns net reference\n");
+	else
 		pr_info("Saved netns fd for links restore\n");
-	return 0;
+	close(ns_fd);
+
+	return ret >= 0 ? 0 : -1;
 }
 
 int network_lock(void)