[lxc-devel] [lxc/master] fix bug: unpriv lxc will run lxc.net.[i].script.up now

Sat Jun 9 09:09:05 UTC 2018

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 741 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180609/0bef7b3f/attachment.bin>
-------------- next part --------------
From b37084f12b861f7a1ce6c4076d42ad409732291c Mon Sep 17 00:00:00 2001
From: harryoooooooooo <ymsc27884 at gmail.com>
Date: Sat, 9 Jun 2018 16:51:38 +0800
Subject: [PATCH] fix bug: unpriv lxc will run lxc.net.[i].script.up now

---
 src/lxc/network.c | 20 +++++++++++++++++---
 src/lxc/network.h |  2 +-
 src/lxc/start.c   |  2 +-
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index b6aaa4621..5563b2bed 100755
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2097,7 +2097,7 @@ int lxc_find_gateway_addresses(struct lxc_handler *handler)
 
 #define LXC_USERNIC_PATH LIBEXECDIR "/lxc/lxc-user-nic"
 static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcname,
-					  struct lxc_netdev *netdev, pid_t pid)
+					  struct lxc_netdev *netdev, pid_t pid, unsigned int hooks_version)
 {
 	int ret;
 	pid_t child;
@@ -2242,6 +2242,20 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
 		return -1;
 	}
 
+	if (netdev->upscript) {
+		char *argv[] = {
+			"veth",
+			netdev->link,
+			netdev->priv.veth_attr.veth1,
+			NULL,
+		};
+
+		ret = run_script_argv(lxcname,
+				hooks_version, "net",
+				netdev->upscript, "up", argv);
+		if (ret < 0) return -1;
+    }
+
 	return 0;
 }
 
@@ -2499,7 +2513,7 @@ int lxc_network_move_created_netdev_priv(const char *lxcpath, const char *lxcnam
 }
 
 int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
-			      struct lxc_list *network, pid_t pid)
+			      struct lxc_list *network, pid_t pid, unsigned int hooks_version)
 {
 	struct lxc_list *iterator;
 
@@ -2525,7 +2539,7 @@ int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
 		if (netdev->mtu)
 			INFO("mtu ignored due to insufficient privilege");
 
-		if (lxc_create_network_unpriv_exec(lxcpath, lxcname, netdev, pid))
+		if (lxc_create_network_unpriv_exec(lxcpath, lxcname, netdev, pid, hooks_version))
 			return -1;
 	}
 
diff --git a/src/lxc/network.h b/src/lxc/network.h
index 9b9858a52..415d13502 100644
--- a/src/lxc/network.h
+++ b/src/lxc/network.h
@@ -263,7 +263,7 @@ extern int lxc_network_move_created_netdev_priv(const char *lxcpath,
 extern void lxc_delete_network(struct lxc_handler *handler);
 extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
 extern int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
-				     struct lxc_list *network, pid_t pid);
+				     struct lxc_list *network, pid_t pid, unsigned int hook_version);
 extern int lxc_requests_empty_network(struct lxc_handler *handler);
 extern int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler);
 extern int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf,
diff --git a/src/lxc/start.c b/src/lxc/start.c
index b222c847a..9477f2ce4 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1707,7 +1707,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 		}
 
 		ret = lxc_create_network_unpriv(handler->lxcpath, handler->name,
-						&conf->network, handler->pid);
+						&conf->network, handler->pid, conf->hooks_version);
 		if (ret < 0) {
 			ERROR("Failed to create the configured network");
 			goto out_delete_net;
