lxccontainer: only attach netns on netdev detach

Detaching network namespaces as an unprivileged user is currently not possible and attaching to the user namespace will mean we are not allowed to move the network device into an ancestor network namespace. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: only attach netns on netdev detach
d9ef2141 · Christian Brauner · a477a368 · d9ef2141
Unverified Commit d9ef2141 authored Dec 10, 2017 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

lxccontainer.c src/lxc/lxccontainer.c +6 -4

No files found.
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -4320,10 +4320,12 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, const char *ifna
 	}
 	if (pid == 0) { /* child */
-		int ret = 0;
+		pid_t init_pid;
-		if (!enter_net_ns(c)) {
-			ERROR("failed to enter namespace");
+		init_pid = do_lxcapi_init_pid(c);
-			exit(-1);
+		if (!switch_to_ns(init_pid, "net")) {
+			ERROR("Failed to enter network namespace");
+			exit(EXIT_FAILURE);
 		}
 		ret = lxc_netdev_isup(ifname);