conf.c: fix unprivileged network case

If unprivileged users are using a veth nic, then ifindex is still 0
at lxc_assign_network() (because lxc_create_network() was skipped).
So check for that case before we use lxc->ifindex to decide if we
have an empty network namespace.

We probably should change the !netdev->ifindex check to a
netdev->type == LXC_NET_EMPTY check, but I've been making enough
mistakes today not to risk that.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index fb0c593f5a14cd7196467d6addae5aee4d33d53b..0e5b6f687edf8ed5a51802c60072e6ea1f9f785c 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3076,16 +3076,17 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
 
                netdev = iterator->elem;
 
-               /* empty network namespace, nothing to move */
-               if (!netdev->ifindex)
-                       continue;
-               if (!am_root) {
+               if (netdev->type == LXC_NET_VETH && !am_root) {
                        if (unpriv_assign_nic(netdev, pid))
                                return -1;
                        // TODO fill in netdev->ifindex and name
                        continue;
                }
 
+               /* empty network namespace, nothing to move */
+               if (!netdev->ifindex)
+                       continue;
+
                err = lxc_netdev_move_by_index(netdev->ifindex, pid);
                if (err) {
                        ERROR("failed to move '%s' to the container : %s",