lxcsu-internal to call capsh with --user=<slicename>

[lxc-userspace.git] / lxcsu-internal

diff --git a/lxcsu-internal b/lxcsu-internal
index a670d62..9dbb9ef 100755 (executable)
--- a/lxcsu-internal
+++ b/lxcsu-internal
@@ -142,6 +142,9 @@ def main ():
 
     setns.chcontext('/proc/%s/ns/uts'%pid)
     setns.chcontext('/proc/%s/ns/ipc'%pid)
+    
+    if (not args.pidns):
+        setns.chcontext('/proc/%s/ns/pid'%pid)
 
     if (not args.netns):
         setns.chcontext('/proc/%s/ns/net'%pid)
@@ -149,8 +152,7 @@ def main ():
     if (not args.mntns):
         setns.chcontext('/proc/%s/ns/mnt'%pid)
 
-    if (not args.pidns):
-        setns.chcontext('/proc/%s/ns/pid'%pid)
+    
 
     proc_mounted = False
     if (not os.access('/proc/self',0)):
@@ -179,8 +181,7 @@ def main ():
         cap_arg = '--drop='+drop_capabilities
 
         if (not args.root):
-            exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--','--login']+args.command_to_run
-# Thierry's suggestion:exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run
+            exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run
         else:
             exec_args = [arch,'/usr/sbin/capsh','--','--login']+args.command_to_run