--- /dev/null
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include "vserver.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <pwd.h>
+
+#ifdef CLONE_NEWNET
+# define DECLARE_NS(X,Y) { #X, CLONE_NEW##X }
+#else
+# warning CLONE_NEWNET not defined, using memorized value
+# define DECLARE_NS(X,Y) { #X, Y }
+#endif
+
+#define SPACE_DIR "pl_spaces"
+
+static struct {
+ const char * const id;
+ unsigned char bit;
+} const NS2BIT[] = {
+ DECLARE_NS(NET, 32)
+
+ /* All entries between FIRST_NS and the last defined namespace
+ * must be filled in */
+ #define FIRST_NS 32
+};
+
+int
+text2ns(const char *str)
+{
+ size_t i;
+ for (i=0; i<sizeof(NS2BIT)/sizeof(NS2BIT[0]); ++i)
+ if (strcmp(NS2BIT[i].id, str)==0) return NS2BIT[i].bit;
+
+ return -1;
+}
+
+const char *
+ns2text(unsigned int bit)
+{
+ if ((size_t)bit>=sizeof(NS2BIT)/sizeof(NS2BIT[0])) return 0;
+ return NS2BIT[bit - FIRST_NS].id;
+}
+
+#define VSERVERCONF "/etc/vservers/"
+
+uint32_t
+get_space_flag(xid_t xid) {
+ char *ctx_space_dir, *space_name;
+ struct passwd *slice_user;
+ FILE *fp_in;
+ unsigned int bit;
+
+ slice_user = get_pwuid(xid);
+
+ if (!slice_user)
+ goto out_err1;
+
+ ctx_space_dir=(char *) malloc(sizeof(VSERVERCONF "/" SPACE_DIR "Z")+strlen(slice_user->pw_name));
+ if (!ctx_space_dir)
+ goto out_err1;
+
+ sprintf(ctx_space_dir,VSERVERCONF "%s/" SPACE_DIR, slice_user->pw_name);
+
+ fp_in = fopen(ctx_space_dir,"r");
+
+ if (!fp_in)
+ goto out_dontcare;
+
+ space_name=(char *) malloc(sizeof("GOBBLEDYGOOKZ"));
+
+ if (!space_name) {
+ goto out_err2;
+ }
+
+ fgets(space_name,sizeof("GOBBLEDYGOOKZ"),fp_in);
+
+ bit = text2ns(space_name);
+
+ free(space_name);
+ free(ctx_space_dir);
+ close(fp_in);
+
+ return ((1<<bit)>>1);
+
+out_err2:
+ free(ctx_space_dir);
+ close(fp_in);
+
+out_err1:
+ return 0;
+
+out_dontcare:
+ free(ctx_space_dir);
+ return 0;
+
+}
struct vc_ctx_caps vc_caps;
struct vc_net_flags vc_nf;
struct vc_net_caps vc_ncaps;
+ uint32_t unshare_mask;
/* Create network context */
if (vc_net_create(ctx) == VC_NOCTX) {
return -1;
process:
+
/*
* Create context info - this sets the STATE_SETUP and STATE_INIT flags.
*/
if (vc_ctx_create(ctx, 0) == VC_NOCTX)
return -1;
+ /* Unshare the NET namespace if the slice if requested in the local slice configuration */
+ unshare_mask = get_space_flag(ctx);
+ if (unshare_mask != 0) {
+ sys_unshare(unshare_mask);
+ }
+
/* Set capabilities - these don't take effect until SETUP flag is unset */
vc_caps.bcaps = bcaps;
vc_caps.bmask = ~0ULL; /* currently unused */
if (index < len) index++; else goto out;
#define VSERVERCONF "/etc/vservers/"
+
void
pl_get_limits(const char *context, struct sliver_resources *slr)
{