lxccontainer: only attach netns on netdev detach

Detaching network namespaces as an unprivileged user is currently not possible
and attaching to the user namespace will mean we are not allowed to move the
network device into an ancestor network namespace.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index b45f996435120781f2115ba9467a81441e12f493..e34f51d080f0d36f4c80a2d20dbc41e062bd60c3 100644 (file)
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -4149,11 +4149,13 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, const char *ifna
                return false;
        }
 
-       if (pid == 0) { // child
-               int ret = 0;
-               if (!enter_net_ns(c)) {
-                       ERROR("failed to enter namespace");
-                       exit(-1);
+       if (pid == 0) { /* child */
+               pid_t init_pid;
+
+               init_pid = do_lxcapi_init_pid(c);
+               if (!switch_to_ns(init_pid, "net")) {
+                       ERROR("Failed to enter network namespace");
+                       exit(EXIT_FAILURE);
                }
 
                ret = lxc_netdev_isup(ifname);