From: Serge Hallyn Date: Thu, 19 Dec 2013 21:33:22 +0000 (-0600) Subject: conf.c: fix unprivileged network case X-Git-Tag: lxc-1.0.0.beta2~128 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbb162594867de669301e989441cfe451752e40a;p=thirdparty%2Flxc.git conf.c: fix unprivileged network case If unprivileged users are using a veth nic, then ifindex is still 0 at lxc_assign_network() (because lxc_create_network() was skipped). So check for that case before we use lxc->ifindex to decide if we have an empty network namespace. We probably should change the !netdev->ifindex check to a netdev->type == LXC_NET_EMPTY check, but I've been making enough mistakes today not to risk that. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- diff --git a/src/lxc/conf.c b/src/lxc/conf.c index fb0c593f5..0e5b6f687 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -3076,16 +3076,17 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid) netdev = iterator->elem; - /* empty network namespace, nothing to move */ - if (!netdev->ifindex) - continue; - if (!am_root) { + if (netdev->type == LXC_NET_VETH && !am_root) { if (unpriv_assign_nic(netdev, pid)) return -1; // TODO fill in netdev->ifindex and name continue; } + /* empty network namespace, nothing to move */ + if (!netdev->ifindex) + continue; + err = lxc_netdev_move_by_index(netdev->ifindex, pid); if (err) { ERROR("failed to move '%s' to the container : %s",