From: Thomas Parrott <thomas.parrott@canonical.com>
Date: Wed, 15 May 2019 14:54:12 +0000 (+0100)
Subject: network: move phys netdevs back to monitor's net ns rather than pid 1's
X-Git-Tag: lxc-3.2.0~50^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0037ab49d61e150e2cb5a93b8a0194d4f2687065;p=thirdparty%2Flxc.git

network: move phys netdevs back to monitor's net ns rather than pid 1's

Updates lxc_restore_phys_nics_to_netns() to move phys netdevs back to the monitor's network namespace rather than the previously hardcoded PID 1 net ns.

This is to fix instances where LXC is started inside a net ns different from PID 1 and physical devices are moved back to a different net ns when the container is shutdown than the net ns than where the container was started from.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
---

diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 042e239a7..288f5a8e6 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -261,6 +261,10 @@ extern int __build_bug_on_failed;
 #define IFLA_NET_NS_PID 19
 #endif
 
+#ifndef IFLA_NET_NS_FD
+#define IFLA_NET_NS_FD 28
+#endif
+
 #ifndef IFLA_INFO_KIND
 #define IFLA_INFO_KIND 1
 #endif
diff --git a/src/lxc/network.c b/src/lxc/network.c
index 954d8b275..a77266d63 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -883,6 +883,46 @@ static  instantiate_cb netdev_deconf[LXC_NET_MAXCONFTYPE + 1] = {
 	[LXC_NET_NONE]    = shutdown_none,
 };
 
+static int lxc_netdev_move_by_index_fd(int ifindex, int fd, const char *ifname)
+{
+	int err;
+	struct nl_handler nlh;
+	struct ifinfomsg *ifi;
+	struct nlmsg *nlmsg = NULL;
+
+	err = netlink_open(&nlh, NETLINK_ROUTE);
+	if (err)
+		return err;
+
+	err = -ENOMEM;
+	nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
+	if (!nlmsg)
+		goto out;
+
+	nlmsg->nlmsghdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+	nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
+
+	ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+	if (!ifi)
+		goto out;
+	ifi->ifi_family = AF_UNSPEC;
+	ifi->ifi_index = ifindex;
+
+	if (nla_put_u32(nlmsg, IFLA_NET_NS_FD, fd))
+		goto out;
+
+	if (ifname != NULL) {
+		if (nla_put_string(nlmsg, IFLA_IFNAME, ifname))
+			goto out;
+	}
+
+	err = netlink_transaction(&nlh, nlmsg, nlmsg);
+out:
+	netlink_close(&nlh);
+	nlmsg_free(nlmsg);
+	return err;
+}
+
 int lxc_netdev_move_by_index(int ifindex, pid_t pid, const char *ifname)
 {
 	int err;
@@ -3306,7 +3346,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler)
 
 	TRACE("Moving physical network devices back to parent network namespace");
 
-	oldfd = lxc_preserve_ns(lxc_raw_getpid(), "net");
+	oldfd = lxc_preserve_ns(handler->monitor_pid, "net");
 	if (oldfd < 0) {
 		SYSERROR("Failed to preserve network namespace");
 		return -1;
@@ -3334,7 +3374,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler)
 			continue;
 		}
 
-		ret = lxc_netdev_move_by_name(ifname, 1, netdev->link);
+		ret = lxc_netdev_move_by_index_fd(netdev->ifindex, oldfd, netdev->link);
 		if (ret < 0)
 			WARN("Error moving network device \"%s\" back to "
 			     "network namespace", ifname);