c/r: populate clone flags on restore

Since attach asks the restore process what the clone flags were, if we forgot
to set them then the attach command ran in the hosts namespaces instead of the
containers, which is a Very Bad Thing :). Instead, we remember to set the clone
flags in the restore process' handler, so that we report them correctly to any
attach processes who ask.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 0d81552ce4a0f29aeb38db153a951d99e549bdde..3c3ff3365e52ba3e26c6748e245a8a4c0de6f886 100644 (file)
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -4149,6 +4149,8 @@ static void do_restore(struct lxc_container *c, int pipe, char *directory, bool
                goto out_fini_handler;
        }
 
+       resolve_clone_flags(handler);
+
        pid = fork();
        if (pid < 0)
                goto out_fini_handler;

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 70e46937424a831b1525d8e2ba115097dfc2db3d..d6153759b9bcafb734c10233e79eeaad16419cb4 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -840,6 +840,35 @@ static int recv_ttys_from_child(struct lxc_handler *handler)
        return 0;
 }
 
+void resolve_clone_flags(struct lxc_handler *handler)
+{
+       handler->clone_flags = CLONE_NEWPID | CLONE_NEWNS;
+
+       if (!lxc_list_empty(&handler->conf->id_map)) {
+               INFO("Cloning a new user namespace");
+               handler->clone_flags |= CLONE_NEWUSER;
+       }
+
+       if (handler->conf->inherit_ns_fd[LXC_NS_NET] == -1) {
+               if (!lxc_requests_empty_network(handler))
+                       handler->clone_flags |= CLONE_NEWNET;
+       } else {
+               INFO("Inheriting a net namespace");
+       }
+
+       if (handler->conf->inherit_ns_fd[LXC_NS_IPC] == -1) {
+               handler->clone_flags |= CLONE_NEWIPC;
+       } else {
+               INFO("Inheriting an IPC namespace");
+       }
+
+       if (handler->conf->inherit_ns_fd[LXC_NS_UTS] == -1) {
+               handler->clone_flags |= CLONE_NEWUTS;
+       } else {
+               INFO("Inheriting a UTS namespace");
+       }
+}
+
 static int lxc_spawn(struct lxc_handler *handler)
 {
        int failed_before_rename = 0;
@@ -858,21 +887,14 @@ static int lxc_spawn(struct lxc_handler *handler)
        if (lxc_sync_init(handler))
                return -1;
 
-       handler->clone_flags = CLONE_NEWPID|CLONE_NEWNS;
-       if (!lxc_list_empty(&handler->conf->id_map)) {
-               INFO("Cloning a new user namespace");
-               handler->clone_flags |= CLONE_NEWUSER;
-       }
-
        if (socketpair(AF_UNIX, SOCK_DGRAM, 0, handler->ttysock) < 0) {
                lxc_sync_fini(handler);
                return -1;
        }
 
-       if (handler->conf->inherit_ns_fd[LXC_NS_NET] == -1) {
-               if (!lxc_requests_empty_network(handler))
-                       handler->clone_flags |= CLONE_NEWNET;
+       resolve_clone_flags(handler);
 
+       if (handler->clone_flags & CLONE_NEWNET) {
                if (!lxc_list_empty(&handler->conf->network)) {
 
                        /* Find gateway addresses from the link device, which is
@@ -899,23 +921,8 @@ static int lxc_spawn(struct lxc_handler *handler)
                        ERROR("failed to save physical nic info");
                        goto out_abort;
                }
-       } else {
-               INFO("Inheriting a net namespace");
        }
 
-       if (handler->conf->inherit_ns_fd[LXC_NS_IPC] == -1) {
-               handler->clone_flags |= CLONE_NEWIPC;
-       } else {
-               INFO("Inheriting an IPC namespace");
-       }
-
-       if (handler->conf->inherit_ns_fd[LXC_NS_UTS] == -1) {
-               handler->clone_flags |= CLONE_NEWUTS;
-       } else {
-               INFO("Inheriting a UTS namespace");
-       }
-
-
        if (!cgroup_init(handler)) {
                ERROR("failed initializing cgroup support");
                goto out_delete_net;

diff --git a/src/lxc/start.h b/src/lxc/start.h
index 2c6fc0d818a47f02ef651a1f01254d66097b2a1c..aab063a1e6661aeb914f50eccefbcf941cc3b2f2 100644 (file)
--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@@ -87,5 +87,6 @@ extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int fd_to_i
 int __lxc_start(const char *, struct lxc_conf *, struct lxc_operations *,
                void *, const char *);
 
+extern void resolve_clone_flags(struct lxc_handler *handler);
 #endif