[lxc-devel] [PATCH 1/1] conf.c: fix unprivileged network case
Stéphane Graber
stgraber at ubuntu.com
Thu Dec 19 22:24:29 UTC 2013
On Thu, Dec 19, 2013 at 03:33:22PM -0600, Serge Hallyn wrote:
> If unprivileged users are using a veth nic, then ifindex is still 0
> at lxc_assign_network() (because lxc_create_network() was skipped).
> So check for that case before we use lxc->ifindex to decide if we
> have an empty network namespace.
>
> We probably should change the !netdev->ifindex check to a
> netdev->type == LXC_NET_EMPTY check, but I've been making enough
> mistakes today not to risk that.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Haha, good old 0 based index :)
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/conf.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 69f90d0..a08273f 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -3075,16 +3075,17 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
>
> netdev = iterator->elem;
>
> - /* empty network namespace, nothing to move */
> - if (!netdev->ifindex)
> - continue;
> - if (!am_root) {
> + if (netdev->type == LXC_NET_VETH && !am_root) {
> if (unpriv_assign_nic(netdev, pid))
> return -1;
> // TODO fill in netdev->ifindex and name
> continue;
> }
>
> + /* empty network namespace, nothing to move */
> + if (!netdev->ifindex)
> + continue;
> +
> err = lxc_netdev_move_by_index(netdev->ifindex, pid);
> if (err) {
> ERROR("failed to move '%s' to the container : %s",
> --
> 1.8.5.2
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131219/a620a9cc/attachment.pgp>
More information about the lxc-devel
mailing list