network: handle name collisions when renaming network devices

LXC moves network devices into the target namespace based on their created name. The created name can either be randomly generated for e.g. veth devices or it can be the name of the existing device in the server's namespaces. This is e.g. the case when moving physical devices. However this can lead to weird clashes. Consider we have a network namespace that has the following devices: 4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10 altname enp7s0 5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae altname enp8s0 and the user generates the following network config for their container: lxc.net.0.type = phys lxc.net.0.name = eth1 lxc.net.0.link = eth2 lxc.net.1.type = phys lxc.net.1.name = eth2 lxc.net.1.link = eth1 This would cause LXC to move the devices eth1 and eth2 from the server's network namespace into the container's network namespace: 24: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10 altname enp7s0 25: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae altname enp8s0 According to the network config above we now need to rename the network devices in the container's network namespace. Let's say we start with renaming eth2 to eth1. This would immediately lead to a clash since the container's network namespace already contains a network device with that name. Renaming the other device would have the same problem. There are multiple ways to fix this but I'm concerned with keeping the logic somewhat reasonable which is why we simply start creating transient device names that are unique which we'll use to move and rename the network device in the container's network namespace at the same time. And then we rename based on those random devices names to the target name. Fixes: #3696 Reported-by: Sam Boyles <sam.boyles@alliedtelesis.co.nz> Reported-by: Blair Steven <blair.steven@alliedtelesis.co.nz> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: handle name collisions when renaming network devices
fdd6be55 · Christian Brauner · 3392d379 · fdd6be55 · fdd6be55
Unverified Commit fdd6be55 authored Feb 26, 2021 by Christian Brauner
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

network.c src/lxc/network.c +0 -0

network.h src/lxc/network.h +1 -0

No files found.
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
--- a/src/lxc/network.h
+++ b/src/lxc/network.h
@@ -165,6 +165,7 @@ struct lxc_netdev {
 	bool l2proxy;
 	char name[IFNAMSIZ];
 	char created_name[IFNAMSIZ];
+	char transient_name[IFNAMSIZ];
 	char *hwaddr;
 	char *mtu;
 	union netdev_p priv;