From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Tue, 10 Nov 2015 00:17:31 +0000 (-0600)
Subject: attach: unshare cgroupns if possible
X-Git-Tag: lxc-2.0.0.beta2~70^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cee93ac80c10ac664cedce1d3ff4a7e43516ec9;p=thirdparty%2Flxc.git

attach: unshare cgroupns if possible

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
Changelog 20160104: only try if kernel supports cgns.
---

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 13989e863..2dc9a0725 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -957,6 +957,13 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
 		WARN("could not change directory to '%s'", new_cwd);
 	free(cwd);
 
+	if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported()) {
+		if (unshare(CLONE_NEWCGROUP) != 0) {
+			SYSERROR("cgroupns unshare: permission denied");
+			rexit(-1);
+		}
+	}
+
 	/* now create the real child process */
 	{
 		struct attach_clone_payload payload = {