...because we can't restore network devices in private
namespaces anyway. This leaves userspace to set up
network devices however it wants at restart, and leaves
it free to restart the application either in the global
or a private (configured) network namespace.
Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
---
kernel/nsproxy.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index c91b725..851777a 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -291,6 +291,13 @@ static int do_checkpoint_ns(struct ckpt_ctx *ctx, struct nsproxy *nsproxy)
/* TODO: Write other namespaces here */
+ /* We do not support >1 private netns */
+ ret = -EINVAL;
+ if (nsproxy->net_ns != ctx->root_nsproxy->net_ns) {
+ ckpt_err(ctx, ret, "%(T)Nested net_ns unsupported\n");
+ goto out;
+ }
+
ret = ckpt_write_obj(ctx, &h->h);
out:
ckpt_hdr_put(ctx, h);
--
1.6.1
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
