Refactor network device setup: rename functions, inline setup_network_device, and fix clippy lints

Signed-off-by: nayuta-ai <[email protected]>

Author: nayuta-ai

crates/libcontainer/src/network/network_device.rs

@@ -38,7 +38,7 @@ pub fn dev_change_net_namespace(
         .filter(|d| !d.is_empty())
         .map_or(name, |d| d);
 
-    let link = link_client.get_by_name(&name)?;
+    let link = link_client.get_by_name(name)?;
 
     let index = link.header.index;
 
@@ -51,7 +51,7 @@ pub fn dev_change_net_namespace(
     let addrs = addr_client.get_by_index(index)?;
 
     link_client
-        .set_ns_fd(index, &new_name, netns_file.as_raw_fd())
+        .set_ns_fd(index, new_name, netns_file.as_raw_fd())
         .map_err(|err| {
             tracing::error!(?err, "failed to set_ns_fd");
             err
@@ -63,32 +63,6 @@ pub fn dev_change_net_namespace(
     Ok(serialize_addrs)
 }
 
-/// setup_network_device sets up a network device in a new namespace.
-/// It moves the device to the new namespace and adds the IP addresses to the device.
-/// It also sets the device up.
-pub fn setup_network_device(
-    name: &str,
-    net_dev: &LinuxNetDevice,
-    serialize_addrs: Vec<SerializableAddress>,
-) -> Result<()> {
-    let mut link_client = LinkClient::new(create_network_client())?;
-    let mut addr_client = AddressClient::new(create_network_client())?;
-
-    let new_name = net_dev
-        .name()
-        .as_ref()
-        .filter(|d| !d.is_empty())
-        .map_or(name, |d| d);
-
-    let ns_link = link_client.get_by_name(&new_name)?;
-    let ns_index = ns_link.header.index;
-
-    setup_addresses_in_namespace(serialize_addrs, &new_name, ns_index, &mut addr_client)?;
-
-    link_client.set_up(ns_index)?;
-    Ok(())
-}
-
 /// Core logic for setting up addresses in the new namespace
 /// This function is extracted to make it testable without system calls
 pub fn setup_addresses_in_namespace(

crates/libcontainer/src/process/container_main_process.rs

@@ -3,7 +3,7 @@ use std::path::PathBuf;
 
 use nix::sys::wait::{waitpid, WaitStatus};
 use nix::unistd::Pid;
-use oci_spec::runtime::{Linux, LinuxNamespace, LinuxNamespaceType};
+use oci_spec::runtime::{Linux, LinuxNamespaceType};
 
 use crate::network::network_device::dev_change_net_namespace;
 use crate::network::serialize::SerializableAddress;
@@ -126,7 +126,7 @@ pub fn container_main_process(container_args: &ContainerArgs) -> Result<(Pid, bo
     let mut need_to_clean_up_intel_rdt_subdirectory = false;
 
     if let Some(linux) = container_args.spec.linux() {
-        setup_network_device(linux, init_pid, &mut main_receiver, &mut init_sender)?;
+        move_network_devices_to_container(linux, init_pid, &mut main_receiver, &mut init_sender)?;
     }
 
     if let Some(linux) = container_args.spec.linux() {
@@ -238,25 +238,28 @@ fn setup_mapping(config: &UserNamespaceConfig, pid: Pid) -> Result<()> {
     Ok(())
 }
 
-/// setup_network_device sets up and initializes any defined network interface inside the container.
-fn setup_network_device(
+/// Moves configured network devices from the host to the container's network namespace.
+/// This function waits for the init process to join its namespace, then transfers each
+/// configured device while preserving network addresses. Returns early if the container
+/// runs in the host network namespace.
+fn move_network_devices_to_container(
     linux: &Linux,
     init_pid: Pid,
     main_receiver: &mut channel::MainReceiver,
     init_sender: &mut channel::InitSender,
 ) -> Result<()> {
-    // host network pods does not move network devices.
     if let Some(namespaces) = linux.namespaces() {
+        // network devices are not moved for containers running in the host network.
         if !namespaces
             .iter()
             .any(|ns| ns.typ() == LinuxNamespaceType::Network)
         {
             return Ok(());
         }
 
-        // get the namespace defined by the config and fall back
-        // to the one created by youki to run the container process.
-        let fallback_ns_path = PathBuf::from(format!("/proc/{}/ns/net", init_pid.as_raw()));
+        // the container init process has already joined the provided net namespace,
+        // so we can use the process's net ns path directly.
+        let default_ns_path = PathBuf::from(format!("/proc/{}/ns/net", init_pid.as_raw()));
         let ns_path = namespaces
             .iter()
             .find_map(|ns| {
@@ -266,7 +269,7 @@ fn setup_network_device(
                     None
                 }
             })
-            .unwrap_or_else(|| &fallback_ns_path);
+            .unwrap_or_else(|| &default_ns_path);
 
         // If moving any of the network devices fails, we return an error immediately.
         // The runtime spec requires that the kernel handles moving back any devices
@@ -278,7 +281,7 @@ fn setup_network_device(
                 .iter()
                 .map(|(name, net_dev)| {
                     let addrs =
-                        dev_change_net_namespace(name, ns_path, net_dev).map_err(|err| {
+                        dev_change_net_namespace(name, &ns_path, net_dev).map_err(|err| {
                             tracing::error!("failed to dev_change_net_namespace: {}", err);
                             err
                         })?;

crates/libcontainer/src/process/init/process.rs

@@ -18,7 +18,10 @@ use super::error::InitProcessError;
 use super::Result;
 use crate::error::MissingSpecError;
 use crate::namespaces::Namespaces;
-use crate::network::network_device::setup_network_device;
+use crate::network::address::AddressClient;
+use crate::network::link::LinkClient;
+use crate::network::network_device::setup_addresses_in_namespace;
+use crate::network::wrapper::create_network_client;
 use crate::process::args::{ContainerArgs, ContainerType};
 use crate::process::channel;
 use crate::rootfs::RootFS;
@@ -281,10 +284,12 @@ pub fn container_init_process(
     // This is done here before dropping capabilities because we need to be able to add IP addresses to the device
     // and set up the device.
     if let Some(network_devices) = ctx.linux.net_devices() {
-        setup_net_devices(network_devices, main_sender, init_receiver).map_err(|err| {
-            tracing::error!(?err, "failed to setup net_device");
-            err
-        })?;
+        configure_container_network_devices(network_devices, main_sender, init_receiver).map_err(
+            |err| {
+                tracing::error!(?err, "failed to setup net_device");
+                err
+            },
+        )?;
     }
 
     // Without no new privileges, seccomp is a privileged operation. We have to
@@ -872,7 +877,7 @@ fn sync_seccomp(
     Ok(())
 }
 
-fn setup_net_devices(
+fn configure_container_network_devices(
     net_device: &HashMap<String, LinuxNetDevice>,
     main_sender: &mut channel::MainSender,
     init_receiver: &mut channel::InitReceiver,
@@ -882,8 +887,45 @@ fn setup_net_devices(
     let addrs_map = init_receiver.wait_for_move_network_device()?;
     for (name, net_dev) in net_device {
         if let Some(serialize_addrs) = addrs_map.get(name) {
-            setup_network_device(name, net_dev, serialize_addrs.clone()).map_err(|err| {
-                tracing::error!(?err, "failed to setup_network_device");
+            // Get the device's final name (use configured name if provided, otherwise use original name)
+            let new_name = net_dev
+                .name()
+                .as_ref()
+                .filter(|d| !d.is_empty())
+                .map_or(name.as_str(), |d| d);
+
+            // Create network clients
+            let mut link_client = LinkClient::new(create_network_client()).map_err(|err| {
+                tracing::error!(?err, "failed to create link client");
+                err
+            })?;
+            let mut addr_client = AddressClient::new(create_network_client()).map_err(|err| {
+                tracing::error!(?err, "failed to create address client");
+                err
+            })?;
+
+            // Get the device index
+            let ns_link = link_client.get_by_name(new_name).map_err(|err| {
+                tracing::error!(?err, "failed to get device by name: {}", new_name);
+                err
+            })?;
+            let ns_index = ns_link.header.index;
+
+            // Assign IP addresses to the device
+            setup_addresses_in_namespace(
+                serialize_addrs.clone(),
+                new_name,
+                ns_index,
+                &mut addr_client,
+            )
+            .map_err(|err| {
+                tracing::error!(?err, "failed to setup addresses for device: {}", new_name);
+                err
+            })?;
+
+            // Bring the device up
+            link_client.set_up(ns_index).map_err(|err| {
+                tracing::error!(?err, "failed to bring up device: {}", new_name);
                 err
             })?;
         }