Comment 16 for bug 1654676
Revision history for this message
| Christian Brauner (cbrauner) wrote Re: [Bug 1654676] Re: lxc-user-nic does not ensure that target netns is caller-owned | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
On Sun, Jan 29, 2017 at 8:44 PM, Serge Hallyn
<email address hidden> wrote:
> Thanks, Christian. Is there a reason why you don't set fret to -1 if
> the final setns fails?
If the setns() back to the original namespace fails but everything
else succeeded I didn't take it to be a security issue. lxc-user-nic
is pretty short-lived and we don't perform any interesting operations
in the namespace after rename_in_ns() succeeded. We rather exit right
away:
/* Now rename the link. */
if (rename_in_ns(pid, cnic, &vethname) < 0) {
}
/* Write the name of the interface pair to the stdout - like
* eth0:veth9MT2L4.
*/
fprintf(stdout, "%s:%s\n", vethname, nicname);
exit(EXIT_SUCCESS);