From acbfeda88b86990e2ded18ca4497637fb1b8738d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Sun, 10 Dec 2017 02:41:14 +0100 Subject: [PATCH] lxccontainer: only attach netns on netdev detach Detaching network namespaces as an unprivileged user is currently not possible and attaching to the user namespace will mean we are not allowed to move the network device into an ancestor network namespace. Signed-off-by: Christian Brauner --- src/lxc/lxccontainer.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 5256dd0f0..f23f03d15 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -4450,10 +4450,12 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, const char *ifna } if (pid == 0) { /* child */ - int ret = 0; - if (!enter_net_ns(c)) { - ERROR("failed to enter namespace"); - exit(-1); + pid_t init_pid; + + init_pid = do_lxcapi_init_pid(c); + if (!switch_to_ns(init_pid, "net")) { + ERROR("Failed to enter network namespace"); + exit(EXIT_FAILURE); } ret = lxc_netdev_isup(ifname);