if (vc_ctx_create(ctx, 0) == VC_NOCTX)
return -1;
- if (unshare_flags != 0) {
+ if (unshare_flags != 0) {
unshare(unshare_flags);
unshare_flags |= vc_get_space_mask();
- vc_set_namespace(ctx, unshare_flags);
+ //printf("vc_set_namespace(%d, %X)\n", ctx, unshare_flags);
+ //vc_set_namespace(ctx, unshare_flags);
}
/* Set capabilities - these don't take effect until SETUP flag is unset */
#define RETRY_LIMIT 10
int
-pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr)
+pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr,
+ int unshare_netns)
{
int retry_count = 0;
int net_migrated = 0;
-
+
if (pl_set_ulimits(slr) != 0)
return -1;
if (vc_get_cflags(ctx, &vc_flags))
{
- uint32_t unshare_flags;
+ uint32_t unshare_flags;
if (errno != ESRCH)
return -1;
- /* Unshare the net namespace if the slice if requested in the local slice configuration */
- unshare_flags = get_space_flag(ctx);
+ /* Always unshare the net namespace for a new context */
+ unshare_flags = CLONE_NEWNET;
/* context doesn't exist - create it */
if (create_context(ctx, bcaps, unshare_flags))
migrate:
if (net_migrated || !vc_net_migrate(ctx))
{
- uint32_t unshare_flags;
- /* Unshare the net namespace if the slice if requested in the local slice configuration */
- unshare_flags = get_space_flag(ctx);
- if (unshare_flags != 0) {
- unshare_flags |=vc_get_space_mask();
- vc_enter_namespace(ctx, unshare_flags);
- }
+ uint32_t unshare_flags;
+
+ /* Unshare the net namespace if requested in the slice config */
+ unshare_flags = unshare_netns ? CLONE_NEWNET : 0;
+
+ if (unshare_flags != 0) {
+ unshare_flags |=vc_get_space_mask();
+ //printf("vc_enter_namespace(%d, %X)\n", ctx, unshare_flags);
+ //vc_enter_namespace(ctx, unshare_flags);
+ }
if (!vc_tag_migrate(ctx) && !vc_ctx_migrate(ctx, 0))
break; /* done */