lxccontainer: only attach netns on netdev detach

Detaching network namespaces as an unprivileged user is currently not possible and attaching to the user namespace will mean we are not allowed to move the network device into an ancestor network namespace. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: only attach netns on netdev detach
2e30119d · Christian Brauner · 6e41449a · 2e30119d
Unverified Commit 2e30119d authored Dec 10, 2017 by Christian Brauner
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

lxccontainer.c src/lxc/lxccontainer.c +7 -5

No files found.
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -4149,11 +4149,13 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, const char *ifna
 		return false;
 	}
-	if (pid == 0) { // child
+	if (pid == 0) { /* child */
-		int ret = 0;
+		pid_t init_pid;
-		if (!enter_net_ns(c)) {
-			ERROR("failed to enter namespace");
+		init_pid = do_lxcapi_init_pid(c);
-			exit(-1);
+		if (!switch_to_ns(init_pid, "net")) {
+			ERROR("Failed to enter network namespace");
+			exit(EXIT_FAILURE);
 		}
 		ret = lxc_netdev_isup(ifname);