network: move phys netdevs back to monitor's net ns rather than pid 1's

Updates lxc_restore_phys_nics_to_netns() to move phys netdevs back to the monitor's network namespace rather than the previously hardcoded PID 1 net ns.

This is to fix instances where LXC is started inside a net ns different from PID 1 and physical devices are moved back to a different net ns when the container is shutdown than the net ns than where the container was started from.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 042e239a71a3dfd708916f55e295ff5a87483dd4..288f5a8e6fe4483373fe50d669b19a2e16601961 100644 (file)
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -261,6 +261,10 @@ extern int __build_bug_on_failed;
 #define IFLA_NET_NS_PID 19
 #endif
 
+#ifndef IFLA_NET_NS_FD
+#define IFLA_NET_NS_FD 28
+#endif
+
 #ifndef IFLA_INFO_KIND
 #define IFLA_INFO_KIND 1
 #endif

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 954d8b275bd87c39b7e11984e3f51ddb4cbfc1c7..a77266d63c6e320056869091f91737d1bf135787 100644 (file)
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -883,6 +883,46 @@ static  instantiate_cb netdev_deconf[LXC_NET_MAXCONFTYPE + 1] = {
        [LXC_NET_NONE]    = shutdown_none,
 };
 
+static int lxc_netdev_move_by_index_fd(int ifindex, int fd, const char *ifname)
+{
+       int err;
+       struct nl_handler nlh;
+       struct ifinfomsg *ifi;
+       struct nlmsg *nlmsg = NULL;
+
+       err = netlink_open(&nlh, NETLINK_ROUTE);
+       if (err)
+               return err;
+
+       err = -ENOMEM;
+       nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
+       if (!nlmsg)
+               goto out;
+
+       nlmsg->nlmsghdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+       nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
+
+       ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi)
+               goto out;
+       ifi->ifi_family = AF_UNSPEC;
+       ifi->ifi_index = ifindex;
+
+       if (nla_put_u32(nlmsg, IFLA_NET_NS_FD, fd))
+               goto out;
+
+       if (ifname != NULL) {
+               if (nla_put_string(nlmsg, IFLA_IFNAME, ifname))
+                       goto out;
+       }
+
+       err = netlink_transaction(&nlh, nlmsg, nlmsg);
+out:
+       netlink_close(&nlh);
+       nlmsg_free(nlmsg);
+       return err;
+}
+
 int lxc_netdev_move_by_index(int ifindex, pid_t pid, const char *ifname)
 {
        int err;
@@ -3306,7 +3346,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler)
 
        TRACE("Moving physical network devices back to parent network namespace");
 
-       oldfd = lxc_preserve_ns(lxc_raw_getpid(), "net");
+       oldfd = lxc_preserve_ns(handler->monitor_pid, "net");
        if (oldfd < 0) {
                SYSERROR("Failed to preserve network namespace");
                return -1;
@@ -3334,7 +3374,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler)
                        continue;
                }
 
-               ret = lxc_netdev_move_by_name(ifname, 1, netdev->link);
+               ret = lxc_netdev_move_by_index_fd(netdev->ifindex, oldfd, netdev->link);
                if (ret < 0)
                        WARN("Error moving network device \"%s\" back to "
                             "network namespace", ifname);