From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
If we don't enable network namespace, we could shutdown host
inside container by command 'shutdown', which is unacceptable.
This patch will force users to enable network namespace
before they start container.
Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
---
src/lxc/lxc_container.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index c7a22ab..5631ad7 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1937,6 +1937,12 @@ int lxcContainerStart(virDomainDefPtr def,
if (lxcNeedNetworkNamespace(def)) {
VIR_DEBUG("Enable network namespaces");
cflags |= CLONE_NEWNET;
+ } else {
+ errno = EINVAL;
+
+ virReportSystemError(errno, "%s",
+ _("Network namespace needed"));
+ return -1;
}
pid = clone(lxcContainerChild, stacktop, cflags, &args);
--
1.7.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list