Allow veth that is not attached to a bridge on unprivileged container

Signed-off-by: Fajar A. Nugraha <github@fajar.net>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 286870861564deaa7d5599db8cf4312fabe84d93..ec13684f56471c3bf93450d5487a46b8d3ef97dc 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2979,6 +2979,7 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
        int bytes, pipefd[2];
        char *token, *saveptr = NULL;
        char buffer[MAX_BUFFER_SIZE];
+       char netdev_link[IFNAMSIZ+1];
 
        if (netdev->type != LXC_NET_VETH) {
                ERROR("nic type %d not support for unprivileged use",
@@ -3008,7 +3009,12 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
 
                // Call lxc-user-nic pid type bridge
                char pidstr[20];
-               char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev->link, netdev->name, NULL };
+               if (netdev->link) {
+                       strncpy(netdev_link, netdev->link, IFNAMSIZ);
+               } else {
+                       strncpy(netdev_link, "none", IFNAMSIZ);
+               }
+               char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev_link, netdev->name, NULL };
                snprintf(pidstr, 19, "%lu", (unsigned long) pid);
                pidstr[19] = '\0';
                execvp(args[0], args);

diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 6622db0dbd3425ee83b0d7ce199c8f9011269101..c7016ffe726a846f80bc9cc57999b6f6f4c92fe5 100644 (file)
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -187,6 +187,8 @@ static bool nic_exists(char *nic)
        int ret;
        struct stat sb;
 
+       if (strcmp(nic, "none") == 0)
+               return true;
        ret = snprintf(path, MAXPATHLEN, "/sys/class/net/%s", nic);
        if (ret < 0 || ret >= MAXPATHLEN) // should never happen!
                return false;
@@ -250,20 +252,22 @@ static bool create_nic(char *nic, char *br, int pid, char **cnic)
                return false;
        }
 
-       /* copy the bridge's mtu to both ends */
-       mtu = get_mtu(br);
-       if (mtu != -1) {
-               if (lxc_netdev_set_mtu(veth1buf, mtu) < 0 ||
-                               lxc_netdev_set_mtu(veth2buf, mtu) < 0) {
-                       fprintf(stderr, "Failed setting mtu\n");
-                       goto out_del;
+       if (strcmp(br, "none") != 0) {
+               /* copy the bridge's mtu to both ends */
+               mtu = get_mtu(br);
+               if (mtu != -1) {
+                       if (lxc_netdev_set_mtu(veth1buf, mtu) < 0 ||
+                                       lxc_netdev_set_mtu(veth2buf, mtu) < 0) {
+                               fprintf(stderr, "Failed setting mtu\n");
+                               goto out_del;
+                       }
                }
-       }
 
-       /* attach veth1 to bridge */
-       if (lxc_bridge_attach(br, veth1buf) < 0) {
-               fprintf(stderr, "Error attaching %s to %s\n", veth1buf, br);
-               goto out_del;
+               /* attach veth1 to bridge */
+               if (lxc_bridge_attach(br, veth1buf) < 0) {
+                       fprintf(stderr, "Error attaching %s to %s\n", veth1buf, br);
+                       goto out_del;
+               }
        }
 
        /* pass veth2 to target netns */