On Sun, Jan 29, 2017 at 8:44 PM, Serge Hallyn
<email address hidden> wrote:
> Thanks, Christian. Is there a reason why you don't set fret to -1 if
> the final setns fails?
If the setns() back to the original namespace fails but everything
else succeeded I didn't take it to be a security issue. lxc-user-nic
is pretty short-lived and we don't perform any interesting operations
in the namespace after rename_in_ns() succeeded. We rather exit right
away:
/* Now rename the link. */
if (rename_in_ns(pid, cnic, &vethname) < 0) { usernic_error("%s", "Failed to rename the link.\n"); exit(EXIT_FAILURE);
}
/* Write the name of the interface pair to the stdout - like
* eth0:veth9MT2L4.
*/
fprintf(stdout, "%s:%s\n", vethname, nicname);
exit(EXIT_SUCCESS);
On Sun, Jan 29, 2017 at 8:44 PM, Serge Hallyn
<email address hidden> wrote:
> Thanks, Christian. Is there a reason why you don't set fret to -1 if
> the final setns fails?
If the setns() back to the original namespace fails but everything
else succeeded I didn't take it to be a security issue. lxc-user-nic
is pretty short-lived and we don't perform any interesting operations
in the namespace after rename_in_ns() succeeded. We rather exit right
away:
/* Now rename the link. */
usernic_ error(" %s", "Failed to rename the link.\n");
exit(EXIT_ FAILURE) ;
if (rename_in_ns(pid, cnic, &vethname) < 0) {
}
/* Write the name of the interface pair to the stdout - like
* eth0:veth9MT2L4.
*/
fprintf(stdout, "%s:%s\n", vethname, nicname);
exit(EXIT_SUCCESS);