From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 6 Oct 2015 08:01:02 +0000 (+0200)
Subject: preserve container namespace
X-Git-Tag: lxc-2.0.0.beta1~102
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6b2b194a8cac6a58ab5bcee8d8af92b1a3b6642;p=thirdparty%2Flxc.git

preserve container namespace

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index adbd9b8f8..b7982b6c8 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -379,6 +379,7 @@ out_sigfd:
 
 struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char *lxcpath)
 {
+	int i;
 	struct lxc_handler *handler;
 
 	handler = malloc(sizeof(*handler));
@@ -392,6 +393,9 @@ struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char
 	handler->lxcpath = lxcpath;
 	handler->pinfd = -1;
 
+	for (i = 0; i < LXC_NS_MAX; i++)
+		handler->nsfd[i] = -1;
+
 	lsm_init();
 
 	handler->name = strdup(name);
@@ -482,10 +486,19 @@ out_free:
 
 void lxc_fini(const char *name, struct lxc_handler *handler)
 {
+	int i;
+
 	/* The STOPPING state is there for future cleanup code
 	 * which can take awhile
 	 */
 	lxc_set_state(name, handler, STOPPING);
+
+	for (i = 0; i < LXC_NS_MAX; i++) {
+		if (handler->nsfd[i] != -1) {
+			close(handler->nsfd[i]);
+			handler->nsfd[i] = -1;
+		}
+	}
 	lxc_set_state(name, handler, STOPPED);
 
 	if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL))
@@ -996,6 +1009,11 @@ static int lxc_spawn(struct lxc_handler *handler)
 		goto out_delete_net;
 	}
 
+	if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) {
+	    ERROR("failed to store namespace references");
+	    goto out_delete_net;
+	}
+
 	if (attach_ns(saved_ns_fd))
 		WARN("failed to restore saved namespaces");
 
diff --git a/src/lxc/start.h b/src/lxc/start.h
index f1a41f59a..86b19a243 100644
--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@@ -75,6 +75,7 @@ struct lxc_handler {
 	void *cgroup_data;
 	int ttysock[2]; // socketpair for child->parent tty fd passing
 	bool backgrounded; // indicates whether should we close std{in,out,err} on start
+	int nsfd[LXC_NS_MAX];
 };