~serge-hallyn/ubuntu/quantal/lxc/lxc-user-ns

« back to all changes in this revision

Viewing changes to src/lxc/start.c

  • Committer: Serge Hallyn
  • Date: 2012-10-29 16:51:57 UTC
  • Revision ID: serge.hallyn@ubuntu.com-20121029165157-xw2nxym7eo0ocxu4
Add user namespaces patch.

Show diffs side-by-side

added added

removed removed

Lines of Context:
580
580
        if (lxc_sync_barrier_parent(handler, LXC_SYNC_CONFIGURE))
581
581
                return -1;
582
582
 
 
583
    /*
 
584
     * if we are in a new user namespace, become root there to have
 
585
     * privilege over our namespace
 
586
     */
 
587
    if (!lxc_list_empty(&handler->conf->id_map)) {
 
588
        NOTICE("switching to gid/uid 0");
 
589
        if (setgid(0)) {
 
590
            SYSERROR("setgid");
 
591
            exit(1);
 
592
        }
 
593
        if (setuid(0)) {
 
594
            SYSERROR("setuid");
 
595
            exit(1);
 
596
        }
 
597
    }
 
598
 
583
599
        if (handler->conf->need_utmp_watch) {
584
600
                if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
585
601
                        SYSERROR("failed to remove CAP_SYS_BOOT capability");
628
644
                return -1;
629
645
 
630
646
        clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
 
647
    if (!lxc_list_empty(&handler->conf->id_map)) {
 
648
        INFO("Cloning a new user namespace");
 
649
        clone_flags |= CLONE_NEWUSER;
 
650
    }
631
651
        if (!lxc_list_empty(&handler->conf->network)) {
632
652
 
633
653
                clone_flags |= CLONE_NEWNET;
678
698
        if (lxc_cgroup_create(name, handler->pid))
679
699
                goto out_delete_net;
680
700
 
 
701
        if (setup_cgroup(name, &handler->conf->cgroup)) {
 
702
                ERROR("failed to setup the cgroups for '%s'", name);
 
703
                goto out_delete_net;
 
704
        }
 
705
 
681
706
        if (failed_before_rename)
682
707
                goto out_delete_net;
683
708
 
689
714
                }
690
715
        }
691
716
 
 
717
        if (lxc_map_ids(&handler->conf->id_map, handler->pid)) {
 
718
                ERROR("failed to set up id mapping");
 
719
                goto out_delete_net;
 
720
        }
 
721
 
692
722
        /* Tell the child to continue its initialization and wait for
693
723
         * it to exec or return an error
694
724
         */