-
lxc-user-nic: test privilege over netns on delete · 1bd8d726Christian Brauner authored
When lxc-user-nic is called with the "delete" subcommand we need to make sure that we are actually privileged over the network namespace for which we are supposed to delete devices on the host. To this end we require that path to the affected network namespace is passed. We then setns() to the network namespace and drop privilege to the caller's real user id. Then we try to delete the loopback interface which is not possible. If we are privileged over the network namespace this operation will fail with ENOTSUP. If we are not privileged over the network namespace we will get EPERM. This is the first part of the commit. As of now nothing guarantees that the caller does not just give us a random path to a network namespace it is privileged over. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
1bd8d726
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| include | Loading commit data... | |
| lua-lxc | Loading commit data... | |
| lxc | Loading commit data... | |
| python-lxc | Loading commit data... | |
| tests | Loading commit data... | |
| Makefile.am | Loading commit data... |