net: handle a case when --empty net is set only for criu dump

The origin idea was to set --empty net for criu dump and criu restore, but before cde33dcb ("empty-ns: Don't C/R iptables too (v2)"), criu restore worked without --empty net and we didn't notice that docker doesn't set this option on restore. After a small brainstorm, we decided that it is better to remove this requirement. Docker has to set this option, but with this changes, the docker issue will be less urgent. https://github.com/checkpoint-restore/criu/issues/393

net: handle a case when --empty net is set only for criu dump
The origin idea was to set --empty net for criu dump and criu restore, but before cde33dcb ("empty-ns: Don't C/R iptables too (v2)"), criu restore worked without --empty net and we didn't notice that docker doesn't set this option on restore. After a small brainstorm, we decided that it is better to remove this requirement. Docker has to set this option, but with this changes, the docker issue will be less urgent. https://github.com/checkpoint-restore/criu/issues/393
832dfed7 · Andrei Vagin · 91bc6e07 · 832dfed7
Commit 832dfed7 authored Oct 05, 2017 by Andrei Vagin
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 3 deletions

net.c criu/net.c +8 -3

No files found.
--- a/criu/net.c
+++ b/criu/net.c
@@ -1541,13 +1541,18 @@ static inline int restore_iptables(int pid)
 	struct cr_img *img;
 	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
-	if (img) {
+	if (img == NULL)
+		return -1;
+	if (empty_image(img)) {
+		ret = 0;
+		goto ipt6;
+	}
 	ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
 	close_image(img);
-	}
 	if (ret)
 		return ret;
+ipt6:
 	img = open_image(CR_FD_IP6TABLES, O_RSTR, pid);
 	if (img == NULL)
 		return -1;