fix bug: unpriv lxc will run lxc.net.[i].script.up now

Signed-off-by: harryoooooooooo <ymsc27884@gmail.com>

diff --git a/src/lxc/network.c b/src/lxc/network.c
index b6aaa46218de506bff1ff3b658d79d633338af28..e8473f7f91a5994ef0e744c5ce4810905eaed561 100755 (executable)
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2097,7 +2097,7 @@ int lxc_find_gateway_addresses(struct lxc_handler *handler)
 
 #define LXC_USERNIC_PATH LIBEXECDIR "/lxc/lxc-user-nic"
 static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcname,
-                                         struct lxc_netdev *netdev, pid_t pid)
+                                         struct lxc_netdev *netdev, pid_t pid, unsigned int hooks_version)
 {
        int ret;
        pid_t child;
@@ -2242,6 +2242,21 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
                return -1;
        }
 
+       if (netdev->upscript) {
+               char *argv[] = {
+                       "veth",
+                       netdev->link,
+                       netdev->priv.veth_attr.veth1,
+                       NULL,
+               };
+
+               ret = run_script_argv(lxcname,
+                               hooks_version, "net",
+                               netdev->upscript, "up", argv);
+               if (ret < 0)
+                       return -1;
+    }
+
        return 0;
 }
 
@@ -2499,7 +2514,7 @@ int lxc_network_move_created_netdev_priv(const char *lxcpath, const char *lxcnam
 }
 
 int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
-                             struct lxc_list *network, pid_t pid)
+                             struct lxc_list *network, pid_t pid, unsigned int hooks_version)
 {
        struct lxc_list *iterator;
 
@@ -2525,7 +2540,7 @@ int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
                if (netdev->mtu)
                        INFO("mtu ignored due to insufficient privilege");
 
-               if (lxc_create_network_unpriv_exec(lxcpath, lxcname, netdev, pid))
+               if (lxc_create_network_unpriv_exec(lxcpath, lxcname, netdev, pid, hooks_version))
                        return -1;
        }
 

diff --git a/src/lxc/network.h b/src/lxc/network.h
index 9b9858a52881297b9259233f99b36176cce4f56c..415d13502bd5b6593d61365624ac759e4b357af9 100644 (file)
--- a/src/lxc/network.h
+++ b/src/lxc/network.h
@@ -263,7 +263,7 @@ extern int lxc_network_move_created_netdev_priv(const char *lxcpath,
 extern void lxc_delete_network(struct lxc_handler *handler);
 extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
 extern int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
-                                    struct lxc_list *network, pid_t pid);
+                                    struct lxc_list *network, pid_t pid, unsigned int hook_version);
 extern int lxc_requests_empty_network(struct lxc_handler *handler);
 extern int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler);
 extern int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf,

diff --git a/src/lxc/start.c b/src/lxc/start.c
index b222c847aa583c1f8f1a0ffd80400c4ce4ee6ff1..9477f2ce4624a6dab07f51a99d53231446095bbd 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1707,7 +1707,7 @@ static int lxc_spawn(struct lxc_handler *handler)
                }
 
                ret = lxc_create_network_unpriv(handler->lxcpath, handler->name,
-                                               &conf->network, handler->pid);
+                                               &conf->network, handler->pid, conf->hooks_version);
                if (ret < 0) {
                        ERROR("Failed to create the configured network");
                        goto out_delete_net;