proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 12:37:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

network: refuse to create unsupported net types

Browse Source 
Containers setup by unprivileged users are only able to create veth network
types.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2017-06-18 12:24:38 +02:00
parent e337179a0e
commit d1826cf12d
No known key found for this signature in database
GPG Key ID: 7B3C391EFEA93624
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/lxc/conf.c
View File

@ -2329,8 +2329,9 @@ static int setup_ipv6_addr(struct lxc_list *ip, int ifindex)
static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev) static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev)
{ {
char ifname[IFNAMSIZ]; char ifname[IFNAMSIZ];
char *current_ifname = ifname;
int err; int err;
const char *net_type_name;
char *current_ifname = ifname;
/* empty network namespace */ /* empty network namespace */
if (!netdev->ifindex) { if (!netdev->ifindex) {
@ -2342,8 +2343,21 @@ static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev)
return -1; return -1;
} }
} }
if (netdev->type != LXC_NET_VETH)
if (netdev->type == LXC_NET_EMPTY)
return 0; return 0;
if (netdev->type == LXC_NET_NONE)
return 0;
if (netdev->type != LXC_NET_VETH) {
net_type_name = lxc_net_type_to_str(netdev->type);
ERROR("%s networks are not supported for containers "
"not setup up by privileged users",
net_type_name);
return -1;
}
netdev->ifindex = if_nametoindex(netdev->name); netdev->ifindex = if_nametoindex(netdev->name);
} }