use rootless netns from c/common

Use the new rootlessnetns logic from c/common, drop the podman code
here and make use of the new much simpler API.

ref: https://github.com/containers/common/pull/1761

[NO NEW TESTS NEEDED]

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

vendor/github.com/containers/common/pkg/netns/netns_linux.go

@@ -32,10 +32,12 @@ import (
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/unshare"
-	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
+// threadNsPath is the /proc path to the current netns handle for the current thread
+const threadNsPath = "/proc/thread-self/ns/net"
+
 // GetNSRunDir returns the dir of where to create the netNS. When running
 // rootless, it needs to be at a location writable by user.
 func GetNSRunDir() (string, error) {
@@ -49,6 +51,10 @@ func GetNSRunDir() (string, error) {
 	return "/run/netns", nil
 }
 
+func NewNSAtPath(nsPath string) (ns.NetNS, error) {
+	return newNSPath(nsPath)
+}
+
 // NewNS creates a new persistent (bind-mounted) network namespace and returns
 // an object representing that namespace, without switching to it.
 func NewNS() (ns.NetNS, error) {
@@ -111,8 +117,12 @@ func NewNSWithName(name string) (ns.NetNS, error) {
 		}
 	}
 
-	// create an empty file at the mount point
 	nsPath := path.Join(nsRunDir, name)
+	return newNSPath(nsPath)
+}
+
+func newNSPath(nsPath string) (ns.NetNS, error) {
+	// create an empty file at the mount point
 	mountPointFd, err := os.OpenFile(nsPath, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o600)
 	if err != nil {
 		return nil, err
@@ -140,24 +150,10 @@ func NewNSWithName(name string) (ns.NetNS, error) {
 		// Don't unlock. By not unlocking, golang will kill the OS thread when the
 		// goroutine is done (for go1.10+)
 
-		threadNsPath := getCurrentThreadNetNSPath()
-
-		var origNS ns.NetNS
-		origNS, err = ns.GetNS(threadNsPath)
-		if err != nil {
-			logrus.Warnf("Cannot open current network namespace %s: %q", threadNsPath, err)
-			return
-		}
-		defer func() {
-			if err := origNS.Close(); err != nil {
-				logrus.Errorf("Unable to close namespace: %q", err)
-			}
-		}()
-
 		// create a new netns on the current thread
 		err = unix.Unshare(unix.CLONE_NEWNET)
 		if err != nil {
-			logrus.Warnf("Cannot create a new network namespace: %q", err)
+			err = fmt.Errorf("unshare network namespace: %w", err)
 			return
 		}
 
@@ -181,13 +177,8 @@ func NewNSWithName(name string) (ns.NetNS, error) {
 
 // UnmountNS unmounts the given netns path
 func UnmountNS(nsPath string) error {
-	nsRunDir, err := GetNSRunDir()
-	if err != nil {
-		return err
-	}
-
 	// Only unmount if it's been bind-mounted (don't touch namespaces in /proc...)
-	if strings.HasPrefix(nsPath, nsRunDir) {
+	if !strings.HasPrefix(nsPath, "/proc/") {
 		if err := unix.Unmount(nsPath, unix.MNT_DETACH); err != nil {
 			return fmt.Errorf("failed to unmount NS: at %s: %v", nsPath, err)
 		}
@@ -199,11 +190,3 @@ func UnmountNS(nsPath string) error {
 
 	return nil
 }
-
-// getCurrentThreadNetNSPath copied from pkg/ns
-func getCurrentThreadNetNSPath() string {
-	// /proc/self/ns/net returns the namespace of the main thread, not
-	// of whatever thread this goroutine is running on.  Make sure we
-	// use the thread's net namespace since the thread is switching around
-	return fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), unix.Gettid())
-}