proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 06:21:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

network: refuse to create unsupported net types

Browse Source 
Containers setup by unprivileged users are only able to create veth network
types.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2017-06-18 12:24:38 +02:00
parent e337179a0e
commit d1826cf12d
No known key found for this signature in database
GPG Key ID: 7B3C391EFEA93624
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/lxc/conf.c
View File

@ -2329,8 +2329,9 @@ static int setup_ipv6_addr(struct lxc_list *ip, int ifindex)
static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev)
{
char ifname[IFNAMSIZ];
char *current_ifname = ifname;
int err;
const char *net_type_name;
char *current_ifname = ifname;
/* empty network namespace */
if (!netdev->ifindex) {
@ -2342,8 +2343,21 @@ static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev)
return -1;
}
}
if (netdev->type != LXC_NET_VETH)
if (netdev->type == LXC_NET_EMPTY)
return 0;
if (netdev->type == LXC_NET_NONE)
return 0;
if (netdev->type != LXC_NET_VETH) {
net_type_name = lxc_net_type_to_str(netdev->type);
ERROR("%s networks are not supported for containers "
"not setup up by privileged users",
net_type_name);
return -1;
}
netdev->ifindex = if_nametoindex(netdev->name);
}