[lxc-devel] [lxc/master] start: call lxc_find_gateway_addresses early

Fri Jul 5 09:16:31 UTC 2019

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 1002 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190705/c96aaa33/attachment.bin>
-------------- next part --------------
From 03ca4af8fa4bf68239b78217b5b0da24f3ae4565 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 4 Jul 2019 22:38:23 +0100
Subject: [PATCH] start: call lxc_find_gateway_addresses early

This restores the lxc.net.x.ipv4.gateway = auto and
lxc.net.x.ipv6.gateway = auto functionality.

When the child is created the parent and child have different views of
struct lxc_handler since - obviously - virtual memory is duplicated. So any
changes to done by the parent that the child should see need to be IPCed to it.
For any non-actual device creation stuff this does not make much sense. This
includes finding gateway addresses. Move it back prior to clone().

Fixes #3078

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
[christian.brauner at ubuntu.com: non-functional changes and update commit message]
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/network.c | 23 +++++------------------
 src/lxc/start.c   |  8 ++++++++
 2 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index dcedc01507..f9b8974703 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2473,8 +2473,7 @@ int lxc_find_gateway_addresses(struct lxc_handler *handler)
 			continue;
 
 		if (netdev->type != LXC_NET_VETH && netdev->type != LXC_NET_MACVLAN) {
-			ERROR("Automatic gateway detection is only supported "
-			      "for veth and macvlan");
+			ERROR("Automatic gateway detection is only supported for veth and macvlan");
 			return -1;
 		}
 
@@ -2489,16 +2488,16 @@ int lxc_find_gateway_addresses(struct lxc_handler *handler)
 
 		if (netdev->ipv4_gateway_auto) {
 			if (lxc_ipv4_addr_get(link_index, &netdev->ipv4_gateway)) {
-				ERROR("Failed to automatically find ipv4 gateway "
-				      "address from link interface \"%s\"", netdev->link);
+				ERROR("Failed to automatically find ipv4 gateway address from link interface \"%s\"",
+				      netdev->link);
 				return -1;
 			}
 		}
 
 		if (netdev->ipv6_gateway_auto) {
 			if (lxc_ipv6_addr_get(link_index, &netdev->ipv6_gateway)) {
-				ERROR("Failed to automatically find ipv6 gateway "
-				      "address from link interface \"%s\"", netdev->link);
+				ERROR("Failed to automatically find ipv6 gateway address from link interface \"%s\"",
+				      netdev->link);
 				return -1;
 			}
 		}
@@ -4036,18 +4035,6 @@ int lxc_create_network(struct lxc_handler *handler)
 {
 	int ret;
 
-	/*
-	 * Find gateway addresses from the link device, which is no longer
-	 * accessible inside the container. Do this before creating network
-	 * interfaces, since goto out_delete_net does not work before
-	 * lxc_clone.
-	 */
-	ret = lxc_find_gateway_addresses(handler);
-	if (ret) {
-		ERROR("Failed to find gateway addresses");
-		return -1;
-	}
-
 	if (handler->am_root) {
 		ret = lxc_create_network_priv(handler);
 		if (ret)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 1e559f887a..e3f32f4cb8 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1697,6 +1697,14 @@ static int lxc_spawn(struct lxc_handler *handler)
 	if (ret < 0)
 		goto out_sync_fini;
 
+	if (handler->ns_clone_flags & CLONE_NEWNET) {
+		ret = lxc_find_gateway_addresses(handler);
+		if (ret) {
+			ERROR("Failed to find gateway addresses");
+			goto out_sync_fini;
+		}
+	}
+
 	if (!cgroup_ops->payload_create(cgroup_ops, handler)) {
 		ERROR("Failed creating cgroups");
 		goto out_delete_net;
