[lxc-devel] [PATCH 1/1] conf.c: fix unprivileged network case
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Dec 19 21:33:22 UTC 2013
If unprivileged users are using a veth nic, then ifindex is still 0
at lxc_assign_network() (because lxc_create_network() was skipped).
So check for that case before we use lxc->ifindex to decide if we
have an empty network namespace.
We probably should change the !netdev->ifindex check to a
netdev->type == LXC_NET_EMPTY check, but I've been making enough
mistakes today not to risk that.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/conf.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 69f90d0..a08273f 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3075,16 +3075,17 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
netdev = iterator->elem;
- /* empty network namespace, nothing to move */
- if (!netdev->ifindex)
- continue;
- if (!am_root) {
+ if (netdev->type == LXC_NET_VETH && !am_root) {
if (unpriv_assign_nic(netdev, pid))
return -1;
// TODO fill in netdev->ifindex and name
continue;
}
+ /* empty network namespace, nothing to move */
+ if (!netdev->ifindex)
+ continue;
+
err = lxc_netdev_move_by_index(netdev->ifindex, pid);
if (err) {
ERROR("failed to move '%s' to the container : %s",
--
1.8.5.2
More information about the lxc-devel
mailing list