attach: call lxc_container_new() earlier

We will reuse the newly initialized container for PR_SET_NO_NEW_PRIVS.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 0d9e3d047895313a39c4eb802f537cb45d2a6991..813d04984dee318366bed485c847a4f99279a4e7 100644 (file)
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -657,8 +657,8 @@ static int attach_child_main(void* data);
 /* define default options if no options are supplied by the user */
 static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
 
-static bool fetch_seccomp(const char *name, const char *lxcpath,
-               struct lxc_proc_context_info *i, lxc_attach_options_t *options)
+static bool fetch_seccomp(struct lxc_proc_context_info *i,
+                         lxc_attach_options_t *options)
 {
        struct lxc_container *c;
        char *path;
@@ -666,10 +666,7 @@ static bool fetch_seccomp(const char *name, const char *lxcpath,
        if (!(options->namespaces & CLONE_NEWNS) || !(options->attach_flags & LXC_ATTACH_LSM))
                return true;
 
-       c = lxc_container_new(name, lxcpath);
-       if (!c)
-               return false;
-       i->container = c;
+       c = i->container;
 
        /* Initialize an empty lxc_conf */
        if (!c->set_config_item(c, "lxc.seccomp", "")) {
@@ -744,7 +741,11 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
        }
        init_ctx->personality = personality;
 
-       if (!fetch_seccomp(name, lxcpath, init_ctx, options))
+       init_ctx->container = lxc_container_new(name, lxcpath);
+       if (!init_ctx->container)
+               return -1;
+
+       if (!fetch_seccomp(init_ctx, options))
                WARN("Failed to get seccomp policy");
 
        cwd = getcwd(NULL, 0);