From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 10 Dec 2017 01:41:14 +0000 (+0100)
Subject: lxccontainer: only attach netns on netdev detach
X-Git-Tag: lxc-2.0.10~483
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e30119da71ebb9c8fbcde6ecf4f9d5b042c9974;p=thirdparty%2Flxc.git

lxccontainer: only attach netns on netdev detach

Detaching network namespaces as an unprivileged user is currently not possible
and attaching to the user namespace will mean we are not allowed to move the
network device into an ancestor network namespace.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index b45f99643..e34f51d08 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -4149,11 +4149,13 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, const char *ifna
 		return false;
 	}
 
-	if (pid == 0) { // child
-		int ret = 0;
-		if (!enter_net_ns(c)) {
-			ERROR("failed to enter namespace");
-			exit(-1);
+	if (pid == 0) { /* child */
+		pid_t init_pid;
+
+		init_pid = do_lxcapi_init_pid(c);
+		if (!switch_to_ns(init_pid, "net")) {
+			ERROR("Failed to enter network namespace");
+			exit(EXIT_FAILURE);
 		}
 
 		ret = lxc_netdev_isup(ifname);