[lxc-devel] [PATCH 3/4] Add lxc_setup_for_attach function

[Christian Seiler]

lxc_setup_for_attach changes the context of the current running process in
such a way that it matches that of the container it is supposed to attach to
(personality, capabilities).
---
 src/lxc/conf.c |   16 ++++++++++++++++
 src/lxc/conf.h |    2 ++
 2 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index d3c1052..24f10e8 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1945,3 +1945,19 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
 
 	return 0;
 }
+
+int lxc_setup_for_attach(const char *name, struct lxc_conf *lxc_conf, int keep_capabilities)
+{
+	if (setup_personality(lxc_conf->personality)) {
+		ERROR("failed to setup personality");
+		return -1;
+	}
+
+	if (!keep_capabilities && setup_caps(&lxc_conf->caps)) {
+		ERROR("failed to drop capabilities");
+		return -1;
+	}
+
+	return 0;
+}
+
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 973f694..745a840 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -232,4 +232,6 @@ extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
  */
 
 extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf);
+extern int lxc_setup_for_attach(const char *name, struct lxc_conf *lxc_conf, int keep_capabilities);
+
 #endif
-- 
1.7.2.5