[lxc-devel] [lxc/lxc] 042139: network: fix LXC_NET_NONE cleanup

Stéphane Graber noreply at github.com
Wed Dec 2 16:07:05 UTC 2020 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 04213960f7b7041f2d6b8d2868e4b7fa18eec59b
      https://github.com/lxc/lxc/commit/04213960f7b7041f2d6b8d2868e4b7fa18eec59b
  Author: Tycho Andersen <tycho at tycho.pizza>
  Date:   2020-12-02 (Wed, 02 Dec 2020)

  Changed paths:
    M src/lxc/network.c

  Log Message:
  -----------
  network: fix LXC_NET_NONE cleanup

We have a case where we have a nested container with LXC_NET_NONE run
inside a container that's *also* got no network namespace (run by
lxc-usernsexec).

The "am I root" check in this function then does not suffice, since the
euid of the task is 0 but it does not have privilege over its network
namespace, and thus cannot do any of the restore operations:

lxc foo 20201201232059.271 TRACE    network - network.c:lxc_restore_phys_nics_to_netns:3299 - Moving physical network devices back to parent network namespace
lxc foo 20201201232059.271 ERROR    network - network.c:lxc_restore_phys_nics_to_netns:3307 - Operation not permitted - Failed to enter network namespace
lxc foo 20201201232059.271 ERROR    start - start.c:__lxc_start:2045 - Failed to move physical network devices back to parent network namespace

Let's check that we indeed did clone the network namespace, and thus have
things to restore to their correct namespace before attempting to actually
restore them.

I suspect it's possible we can also get rid of some of the network namespace
preservation stuff in start.c in the LXC_NET_NONE case.

Signed-off-by: Tycho Andersen <tycho at tycho.pizza>


  Commit: 065d331af0f006e3cd1330eb6cbc064deeefcf9f
      https://github.com/lxc/lxc/commit/065d331af0f006e3cd1330eb6cbc064deeefcf9f
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2020-12-02 (Wed, 02 Dec 2020)

  Changed paths:
    M src/lxc/network.c

  Log Message:
  -----------
  Merge pull request #3589 from tych0/fix-nonet-cleanup

network: fix LXC_NET_NONE cleanup


Compare: https://github.com/lxc/lxc/compare/55f7e4d688bd...065d331af0f0

More information about the lxc-devel mailing list