Merge pull request #469 from fajarnugraha/usernet-20150317

Allow veth that is not attached to a bridge on unprivileged container

Merge pull request #469 from fajarnugraha/usernet-20150317
0dbb4b2d · Stéphane Graber · 51eba2ce · cff7b5eb · 0dbb4b2d · 0dbb4b2d
Commit 0dbb4b2d authored Apr 06, 2015 by Stéphane Graber
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 13 deletions

conf.c src/lxc/conf.c +7 -1

lxc_user_nic.c src/lxc/lxc_user_nic.c +16 -12

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2979,6 +2979,7 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
 	int bytes, pipefd[2];
 	char *token, *saveptr = NULL;
 	char buffer[MAX_BUFFER_SIZE];
+	char netdev_link[IFNAMSIZ+1];

 	if (netdev->type != LXC_NET_VETH) {
 		ERROR("nic type %d not support for unprivileged use",
@@ -3008,7 +3009,12 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)

 		// Call lxc-user-nic pid type bridge
 		char pidstr[20];
-		char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev->link, netdev->name, NULL };
+		if (netdev->link) {
+			strncpy(netdev_link, netdev->link, IFNAMSIZ);
+		} else {
+			strncpy(netdev_link, "none", IFNAMSIZ);
+		}
+		char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev_link, netdev->name, NULL };
 		snprintf(pidstr, 19, "%lu", (unsigned long) pid);
 		pidstr[19] = '\0';
 		execvp(args[0], args);

--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -187,6 +187,8 @@ static bool nic_exists(char *nic)
 	int ret;
 	struct stat sb;

+	if (strcmp(nic, "none") == 0)
+		return true;
 	ret = snprintf(path, MAXPATHLEN, "/sys/class/net/%s", nic);
 	if (ret < 0 || ret >= MAXPATHLEN) // should never happen!
 		return false;
@@ -250,20 +252,22 @@ static bool create_nic(char *nic, char *br, int pid, char **cnic)
 		return false;
 	}

-	/* copy the bridge's mtu to both ends */
-	mtu = get_mtu(br);
-	if (mtu != -1) {
-		if (lxc_netdev_set_mtu(veth1buf, mtu) < 0 ||
-				lxc_netdev_set_mtu(veth2buf, mtu) < 0) {
-			fprintf(stderr, "Failed setting mtu\n");
-			goto out_del;
+	if (strcmp(br, "none") != 0) {
+		/* copy the bridge's mtu to both ends */
+		mtu = get_mtu(br);
+		if (mtu != -1) {
+			if (lxc_netdev_set_mtu(veth1buf, mtu) < 0 ||
+					lxc_netdev_set_mtu(veth2buf, mtu) < 0) {
+				fprintf(stderr, "Failed setting mtu\n");
+				goto out_del;
+			}
 		}
-	}

-	/* attach veth1 to bridge */
-	if (lxc_bridge_attach(br, veth1buf) < 0) {
-		fprintf(stderr, "Error attaching %s to %s\n", veth1buf, br);
-		goto out_del;
+		/* attach veth1 to bridge */
+		if (lxc_bridge_attach(br, veth1buf) < 0) {
+			fprintf(stderr, "Error attaching %s to %s\n", veth1buf, br);
+			goto out_del;
+		}
 	}

 	/* pass veth2 to target netns */