[lxc-devel] [lxc/master] start: unify network creation

Mon Jul 1 15:56:56 UTC 2019

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 651 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190701/845a1790/attachment.bin>
-------------- next part --------------
From 99010e05ad287b92d10b9b7e1ec8911bb6ca06f3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 1 Jul 2019 17:55:16 +0200
Subject: [PATCH] start: unify network creation

Make sure that network creation happens at the same time for containers started
by privileged and unprivileged users. The only reason we didn't do this so far
was to avoid sending network device ifindices around in the privileged case.

Link: https://github.com/lxc/lxc/issues/3066
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/network.c |  3 ---
 src/lxc/start.c   | 21 ++++++++++++++++++++-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 0a78adc208..f41d887778 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -3746,9 +3746,6 @@ int lxc_network_send_veth_names_to_child(struct lxc_handler *handler)
 	struct lxc_list *network = &handler->conf->network;
 	int data_sock = handler->data_sock[0];
 
-	if (handler->am_root)
-		return 0;
-
 	lxc_list_for_each(iterator, network) {
 		int ret;
 		struct lxc_netdev *netdev = iterator->elem;
diff --git a/src/lxc/start.c b/src/lxc/start.c
index eaec20f964..16b4bbda38 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1847,6 +1847,24 @@ static int lxc_spawn(struct lxc_handler *handler)
 
 	/* Create the network configuration. */
 	if (handler->ns_clone_flags & CLONE_NEWNET) {
+		/*
+		 * Find gateway addresses from the link device, which is
+		 * no longer accessible inside the container. Do this
+		 * before creating network interfaces, since goto
+		 * out_delete_net does not work before lxc_clone.
+		 */
+		ret = lxc_find_gateway_addresses(handler);
+		if (ret < 0) {
+			ERROR("Failed to find gateway addresses");
+			goto out_delete_net;
+		}
+
+		ret = lxc_create_network_priv(handler);
+		if (ret < 0) {
+			ERROR("Failed to create the network");
+			goto out_delete_net;
+		}
+
 		ret = lxc_network_move_created_netdev_priv(handler->lxcpath,
 							   handler->name,
 							   &conf->network,
@@ -1857,7 +1875,8 @@ static int lxc_spawn(struct lxc_handler *handler)
 		}
 
 		ret = lxc_create_network_unpriv(handler->lxcpath, handler->name,
-						&conf->network, handler->pid, conf->hooks_version);
+						&conf->network, handler->pid,
+						conf->hooks_version);
 		if (ret < 0) {
 			ERROR("Failed to create the configured network");
 			goto out_delete_net;
