Allow veth that is not attached to a bridge on unprivileged container

Signed-off-by: Fajar A. Nugraha <github@fajar.net>

Allow veth that is not attached to a bridge on unprivileged container
cff7b5eb · Fajar A. Nugraha · d3b63011 · cff7b5eb · cff7b5eb
Commit cff7b5eb authored Mar 17, 2015 by Fajar A. Nugraha
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 13 deletions

conf.c src/lxc/conf.c +7 -1

lxc_user_nic.c src/lxc/lxc_user_nic.c +16 -12

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2979,6 +2979,7 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
 	int bytes, pipefd[2];
 	char *token, *saveptr = NULL;
 	char buffer[MAX_BUFFER_SIZE];
+	char netdev_link[IFNAMSIZ+1];
 	if (netdev->type != LXC_NET_VETH) {
 		ERROR("nic type %d not support for unprivileged use",
@@ -3008,7 +3009,12 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
 		// Call lxc-user-nic pid type bridge
 		char pidstr[20];
-		char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev->link, netdev->name, NULL };
+		if (netdev->link) {
+			strncpy(netdev_link, netdev->link, IFNAMSIZ);
+		} else {
+			strncpy(netdev_link, "none", IFNAMSIZ);
+		}
+		char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev_link, netdev->name, NULL };
 		snprintf(pidstr, 19, "%lu", (unsigned long) pid);
 		pidstr[19] = '\0';
 		execvp(args[0], args);

--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -187,6 +187,8 @@ static bool nic_exists(char *nic)
 	int ret;
 	struct stat sb;
+	if (strcmp(nic, "none") == 0)
+		return true;
 	ret = snprintf(path, MAXPATHLEN, "/sys/class/net/%s", nic);
 	if (ret < 0 || ret >= MAXPATHLEN) // should never happen!
 		return false;
@@ -250,20 +252,22 @@ static bool create_nic(char *nic, char *br, int pid, char **cnic)
 		return false;
 	}
-	/* copy the bridge's mtu to both ends */
+	if (strcmp(br, "none") != 0) {
-	mtu = get_mtu(br);
+		/* copy the bridge's mtu to both ends */
-	if (mtu != -1) {
+		mtu = get_mtu(br);
-		if (lxc_netdev_set_mtu(veth1buf, mtu) < 0 ||
+		if (mtu != -1) {
-				lxc_netdev_set_mtu(veth2buf, mtu) < 0) {
+			if (lxc_netdev_set_mtu(veth1buf, mtu) < 0 ||
-			fprintf(stderr, "Failed setting mtu\n");
+					lxc_netdev_set_mtu(veth2buf, mtu) < 0) {
-			goto out_del;
+				fprintf(stderr, "Failed setting mtu\n");
+				goto out_del;
+			}
 		}
-	}
-	/* attach veth1 to bridge */
+		/* attach veth1 to bridge */
-	if (lxc_bridge_attach(br, veth1buf) < 0) {
+		if (lxc_bridge_attach(br, veth1buf) < 0) {
-		fprintf(stderr, "Error attaching %s to %s\n", veth1buf, br);
+			fprintf(stderr, "Error attaching %s to %s\n", veth1buf, br);
-		goto out_del;
+			goto out_del;
+		}
 	}
 	/* pass veth2 to target netns */