From d9ef2141a9a99a9c5cb2f6915541cfa942f8492d Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 10 Dec 2017 02:41:14 +0100
Subject: [PATCH] lxccontainer: only attach netns on netdev detach

Detaching network namespaces as an unprivileged user is currently not possible
and attaching to the user namespace will mean we are not allowed to move the
network device into an ancestor network namespace.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/lxccontainer.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index f8b0f67d3..b0fcec53a 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -4320,10 +4320,12 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, const char *ifna
 	}
 
 	if (pid == 0) { /* child */
-		int ret = 0;
-		if (!enter_net_ns(c)) {
-			ERROR("failed to enter namespace");
-			exit(-1);
+		pid_t init_pid;
+
+		init_pid = do_lxcapi_init_pid(c);
+		if (!switch_to_ns(init_pid, "net")) {
+			ERROR("Failed to enter network namespace");
+			exit(EXIT_FAILURE);
 		}
 
 		ret = lxc_netdev_isup(ifname);
-- 
2.47.3