From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Date: Mon, 23 Aug 2021 13:39:28 +0000 (+0200)
Subject: attach: allow LSM attach without new mnt namespace
X-Git-Tag: lxc-5.0.0~104^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b445fcb114a1753145d0d2dece74ab2cf055241c;p=thirdparty%2Flxc.git

attach: allow LSM attach without new mnt namespace

Currently, the -c command (to set the selinux context) seems to be
broken because lxc-attach expects that also a new mount namespace
is specified via command line. This commit remove the check for the new
mount namespace to fix this issue. Please note that the
--elevated-privileges option is not affected by this issue.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index aedd403ad..4bfdf23cf 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -165,8 +165,7 @@ static inline bool sync_wait_fd(int fd, int *fd_recv)
 
 static bool attach_lsm(lxc_attach_options_t *options)
 {
-	return (options->namespaces & CLONE_NEWNS) &&
-	       (options->attach_flags & (LXC_ATTACH_LSM | LXC_ATTACH_LSM_LABEL));
+	return (options->attach_flags & (LXC_ATTACH_LSM | LXC_ATTACH_LSM_LABEL));
 }
 
 static struct attach_context *alloc_attach_context(void)