[lxc-devel] [lxc/lxc] 299d11: attach: correctly handle namespace inheritance

GitHub noreply at github.com
Mon Oct 30 18:14:41 UTC 2017


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 299d11981846980e50d0c6ea50c4a9e8c9bca6a3
      https://github.com/lxc/lxc/commit/299d11981846980e50d0c6ea50c4a9e8c9bca6a3
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-10-29 (Sun, 29 Oct 2017)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  attach: correctly handle namespace inheritance

When attaching to a container's namespaces we did not handle the case where we
inherited namespaces correctly. In essence, liblxc on start records the
namespaces the container was created with in the handler. But it only records
the clone flags that were passed to clone() and doesn't record the namespaces
we e.g. inherited from other containers. This means that attach only ever
attached to the clone flags. But this is only correct if all other namespaces
not recorded in the handler refer to the namespaces of the caller. However,
this need not be the case if the container has inherited namespaces from
another container. To handle this case we need to check whether caller and
container are in the same namespace. If they are, we know that things are all
good. If they aren't then we need to attach to these namespaces as well.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 2ba9ef6c89151a0810a0b01c5de81343e4735d46
      https://github.com/lxc/lxc/commit/2ba9ef6c89151a0810a0b01c5de81343e4735d46
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2017-10-30 (Mon, 30 Oct 2017)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  Merge pull request #1883 from brauner/2017-10-29/fix_namespace_inheritance_on_attach

attach: correctly handle namespace inheritance


Compare: https://github.com/lxc/lxc/compare/82df9e1e3ab5...2ba9ef6c8915


More information about the lxc-devel mailing list