Revert "libxl: fix build on rather old systems"

This reverts commit 1bce5f9baf0f4a4e50722f32b44afe4fdefc6b35.

This situation should be handled by disabling the dm restrict
feature, not silently falling back to lower protection.

Also this #ifdeffery is bad style.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>

diff --git a/tools/libxl/libxl_linux.c b/tools/libxl/libxl_linux.c
index a4c2f28dbfc61ede37d73911be4eecfdc9828cbf..6475cca64b9df62a43c00de8e6265afed8a3a6c8 100644 (file)
--- a/tools/libxl/libxl_linux.c
+++ b/tools/libxl/libxl_linux.c
@@ -334,24 +334,12 @@ int libxl__local_dm_preexec_restrict(libxl__gc *gc)
     unsigned i;
 
     /* Unshare mount and IPC namespaces.  These are unused by QEMU. */
-    r = unshare(CLONE_NEWNS);
+    r = unshare(CLONE_NEWNS | CLONE_NEWIPC);
     if (r) {
-        LOGE(ERROR, "libxl: Mount namespace unshare failed");
+        LOGE(ERROR, "libxl: Mount and IPC namespace unfailed");
         return ERROR_FAIL;
     }
 
-#ifndef CLONE_NEWIPC /* Available as of Linux 2.6.19 / glibc 2.8 */
-# define CLONE_NEWIPC 0x08000000
-#endif
-    r = unshare(CLONE_NEWIPC);
-    if (r) {
-        if (r && errno != EINVAL) {
-            LOGE(ERROR, "libxl: IPC namespace unshare failed");
-            return ERROR_FAIL;
-        }
-        LOG(WARN, "libxl: IPC namespace unshare unavailable");
-    }
-
     /* Set various "easy" rlimits */
     for (i = 0; rlimits[i].resource != RLIMIT_NLIMITS; i++) {
         struct rlimit rlim;