net: redirect nftables stdout and stderr to log CRIU's log file

When using the nftables network locking backend and restoring a process
a second time the network locking has already been deleted by the first
restore. The second restore will print out to the console text like:

Error: Could not process rule: No such file or directory
delete table inet CRIU-202621

With this change CRIU's log FD is used by linbftables stdout and stderr.

Signed-off-by: Adrian Reber <[email protected]>

criu/net.c

@@ -3073,6 +3073,7 @@ static inline int nftables_lock_network_internal(void)
 	int ret = 0;
 	char table[32];
 	char buf[128];
+	FILE *fp;
 
 	if (nftables_get_table(table, sizeof(table)))
 		return -1;
@@ -3081,6 +3082,14 @@ static inline int nftables_lock_network_internal(void)
 	if (!nft)
 		return -1;
 
+	fp = fdopen(log_get_fd(), "w");
+	if (!fp) {
+		pr_perror("fdopen() failed");
+		goto err3;
+	}
+	nft_ctx_set_output(nft, fp);
+	nft_ctx_set_error(nft, fp);
+
 	snprintf(buf, sizeof(buf), "create table %s", table);
 	if (NFT_RUN_CMD(nft, buf))
 		goto err2;
@@ -3107,6 +3116,9 @@ static inline int nftables_lock_network_internal(void)
 	snprintf(buf, sizeof(buf), "delete table %s", table);
 	NFT_RUN_CMD(nft, buf);
 err2:
+	fflush(fp);
+	fclose(fp);
+err3:
 	ret = -1;
 	pr_err("Locking network failed using nftables\n");
 out:
@@ -3171,6 +3183,7 @@ static inline int nftables_network_unlock(void)
 	struct nft_ctx *nft;
 	char table[32];
 	char buf[128];
+	FILE *fp;
 
 	if (nftables_get_table(table, sizeof(table)))
 		return -1;
@@ -3179,10 +3192,21 @@ static inline int nftables_network_unlock(void)
 	if (!nft)
 		return -1;
 
+	fp = fdopen(log_get_fd(), "w");
+	if (!fp) {
+		pr_perror("fdopen() failed");
+		nft_ctx_free(nft);
+		return -1;
+	}
+	nft_ctx_set_output(nft, fp);
+	nft_ctx_set_error(nft, fp);
+
 	snprintf(buf, sizeof(buf), "delete table %s", table);
 	if (NFT_RUN_CMD(nft, buf))
 		ret = -1;
 
+	fflush(fp);
+	fclose(fp);
 	nft_ctx_free(nft);
 	return ret;
 #else