X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=src%2Fplanetlab.c;h=b931e812d13ab2e66d1c08fb6a7aef61353e0821;hb=361e96e42610e4f7600ae1175617f110874f563e;hp=5d0199eaab285f1ef65d1a988e88307efe3128e0;hpb=a62c3cce0b26881bdcc7eb5c592ad27926f6e9a4;p=util-vserver-pl.git

diff --git a/src/planetlab.c b/src/planetlab.c
index 5d0199e..b931e81 100644
--- a/src/planetlab.c
+++ b/src/planetlab.c
@@ -61,12 +61,11 @@ POSSIBILITY OF SUCH DAMAGE.
 #endif
 
 static int
-create_context(xid_t ctx, uint64_t bcaps)
+create_context(xid_t ctx, uint64_t bcaps, uint32_t unshare_flags)
 {
   struct vc_ctx_caps   vc_caps;
   struct vc_net_flags  vc_nf;
   struct vc_net_caps   vc_ncaps;
-  uint32_t unshare_mask;
 
   /* Create network context */
   if (vc_net_create(ctx) == VC_NOCTX) {
@@ -98,11 +97,11 @@ process:
   if (vc_ctx_create(ctx, 0) == VC_NOCTX)
     return -1;
 
-  /* Unshare the net namespace if the slice if requested in the local slice configuration */
-  unshare_mask = get_space_flag(ctx);
-  if (unshare_mask != 0) {
-      unshare(unshare_mask);
-      vc_set_namespace(ctx, unshare_mask);
+  if (unshare_flags != 0) {
+      unshare(unshare_flags);
+      unshare_flags |= vc_get_space_mask();
+      //printf("vc_set_namespace(%d, %X)\n", ctx, unshare_flags);
+      //vc_set_namespace(ctx, unshare_flags);
   }
 
   /* Set capabilities - these don't take effect until SETUP flag is unset */
@@ -140,11 +139,12 @@ pl_setup_done(xid_t ctx)
 #define RETRY_LIMIT  10
 
 int
-pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr)
+pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr, 
+	     int unshare_netns)
 {
   int  retry_count = 0;
   int  net_migrated = 0;
-
+  
   if (pl_set_ulimits(slr) != 0)
     return -1;
 
@@ -154,11 +154,15 @@ pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr)
 
       if (vc_get_cflags(ctx, &vc_flags))
 	{
+	  uint32_t unshare_flags;
 	  if (errno != ESRCH)
 	    return -1;
 
+	  /* Always unshare the net namespace for a new context */
+	  unshare_flags = CLONE_NEWNET;
+
 	  /* context doesn't exist - create it */
-	  if (create_context(ctx, bcaps))
+	  if (create_context(ctx, bcaps, unshare_flags))
 	    {
 	      if (errno == EEXIST)
 		/* another process beat us in a race */
@@ -190,12 +194,16 @@ pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr)
     migrate:
       if (net_migrated || !vc_net_migrate(ctx))
 	{
-        uint32_t unshare_mask;
-      /* Unshare the net namespace if the slice if requested in the local slice configuration */
-      unshare_mask = get_space_flag(ctx);
-      if (unshare_mask != 0) {
-          vc_enter_namespace(ctx, unshare_mask);
-      }
+	  uint32_t unshare_flags;
+
+	  /* Unshare the net namespace if requested in the slice config */
+	  unshare_flags = unshare_netns ? CLONE_NEWNET : 0;
+
+	  if (unshare_flags != 0) {
+	    unshare_flags |=vc_get_space_mask();
+	    //printf("vc_enter_namespace(%d, %X)\n", ctx, unshare_flags);
+	    //vc_enter_namespace(ctx, unshare_flags);
+	  }
 
 	  if (!vc_tag_migrate(ctx) && !vc_ctx_migrate(ctx, 0))
 	    break;  /* done */