[lxc-devel] [PATCH 4/3] start: use lxc-user-nic if we are not root
Stéphane Graber
stgraber at ubuntu.com
Wed Oct 23 23:14:01 UTC 2013
On Wed, Oct 23, 2013 at 10:52:37AM -0500, Serge Hallyn wrote:
> Note this results in nics named things like 'lxcuser-0p'. We'll
> likely want to pass the requested name to lxc-user-nic, but let's
> do that in a separate patch.
>
> If we're not root, we can't create new network itnerfaces to pass
> into the container. Instead wait until the container is started,
> and call lxc-user-nic to create and assign the nics.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/conf.c | 39 +++++++++++++++++++++++++++++++++++++++
> 1 file changed, 39 insertions(+)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index bba6379..75d6cbf 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2687,6 +2687,10 @@ int lxc_create_network(struct lxc_handler *handler)
> struct lxc_list *network = &handler->conf->network;
> struct lxc_list *iterator;
> struct lxc_netdev *netdev;
> + int am_root = (getuid() == 0);
> +
> + if (!am_root)
> + return 0;
>
> lxc_list_for_each(iterator, network) {
>
> @@ -2738,16 +2742,51 @@ void lxc_delete_network(struct lxc_handler *handler)
> }
> }
>
> +int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
> +{
> + pid_t child;
> +
> + if (netdev->type != LXC_NET_VETH) {
> + ERROR("nic type %d not support for unprivileged use",
> + netdev->type);
> + return -1;
> + }
> +
> + if ((child = fork()) < 0) {
> + SYSERROR("fork");
> + return -1;
> + }
> +
> + if (child > 0)
> + return wait_for_pid(child);
> +
> + // Call lxc-user-nic pid type bridge
> + char pidstr[20];
> + char *args[] = { "lxc-user-nic", pidstr, "veth", netdev->link, NULL };
> + snprintf(pidstr, 19, "%lu", (unsigned long) pid);
> + pidstr[19] = '\0';
> + execvp("lxc-user-nic", args);
> + SYSERROR("execvp lxc-user-nic");
> + exit(1);
> +}
> +
> int lxc_assign_network(struct lxc_list *network, pid_t pid)
> {
> struct lxc_list *iterator;
> struct lxc_netdev *netdev;
> + int am_root = (getuid() == 0);
> int err;
>
> lxc_list_for_each(iterator, network) {
>
> netdev = iterator->elem;
>
> + if (!am_root) {
> + if (unpriv_assign_nic(netdev, pid))
> + return -1;
> + // TODO fill in netdev->ifindex and name
> + continue;
> + }
> /* empty network namespace, nothing to move */
> if (!netdev->ifindex)
> continue;
> --
> 1.8.3.2
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131023/d232a178/attachment.pgp>
More information about the lxc-devel
mailing list