From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 6 Oct 2015 08:01:02 +0000 (+0200)
Subject: preserve container namespace
X-Git-Tag: lxc-1.0.8~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=063a6e2312144e79993e4955d5f40ea01b10667d;p=thirdparty%2Flxc.git

preserve container namespace

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 59fa7dcbb..3cbb049c6 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -357,6 +357,7 @@ out_sigfd:
 
 struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char *lxcpath)
 {
+	int i;
 	struct lxc_handler *handler;
 
 	handler = malloc(sizeof(*handler));
@@ -369,6 +370,9 @@ struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char
 	handler->lxcpath = lxcpath;
 	handler->pinfd = -1;
 
+	for (i = 0; i < LXC_NS_MAX; i++)
+		handler->nsfd[i] = -1;
+
 	lsm_init();
 
 	handler->name = strdup(name);
@@ -464,10 +468,19 @@ out_free:
 
 static void lxc_fini(const char *name, struct lxc_handler *handler)
 {
+	int i;
+
 	/* The STOPPING state is there for future cleanup code
 	 * which can take awhile
 	 */
 	lxc_set_state(name, handler, STOPPING);
+
+	for (i = 0; i < LXC_NS_MAX; i++) {
+		if (handler->nsfd[i] != -1) {
+			close(handler->nsfd[i]);
+			handler->nsfd[i] = -1;
+		}
+	}
 	lxc_set_state(name, handler, STOPPED);
 
 	if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL))
@@ -897,6 +910,11 @@ static int lxc_spawn(struct lxc_handler *handler)
 		goto out_delete_net;
 	}
 
+	if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) {
+	    ERROR("failed to store namespace references");
+	    goto out_delete_net;
+	}
+
 	if (attach_ns(saved_ns_fd))
 		WARN("failed to restore saved namespaces");
 
diff --git a/src/lxc/start.h b/src/lxc/start.h
index ca7891cdd..7afa37a39 100644
--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@@ -72,6 +72,7 @@ struct lxc_handler {
 	int pinfd;
 	const char *lxcpath;
 	void *cgroup_data;
+	int nsfd[LXC_NS_MAX];
 };
 
 extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *, const char *);