From de7215310b459bac3471991612e1e9a0b0ae347c Mon Sep 17 00:00:00 2001
From: Sapan Bhatia <sapanb@cs.princeton.edu>
Date: Mon, 6 Oct 2008 21:38:12 +0000
Subject: [PATCH] Unshare netns for VINI.

---
 src/namespaces.c | 102 +++++++++++++++++++++++++++++++++++++++++++++++
 src/planetlab.c  |   9 +++++
 2 files changed, 111 insertions(+)
 create mode 100644 src/namespaces.c

diff --git a/src/namespaces.c b/src/namespaces.c
new file mode 100644
index 0000000..9f89bcd
--- /dev/null
+++ b/src/namespaces.c
@@ -0,0 +1,102 @@
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif
+
+#include "vserver.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <pwd.h>
+
+#ifdef CLONE_NEWNET
+#  define DECLARE_NS(X,Y) { #X, CLONE_NEW##X }
+#else
+#  warning CLONE_NEWNET not defined, using memorized value
+#  define DECLARE_NS(X,Y) { #X, Y }
+#endif
+
+#define     SPACE_DIR       "pl_spaces"
+
+static struct {
+    const char * const		id;
+    unsigned char		bit;
+} const NS2BIT[] = {
+    DECLARE_NS(NET,             32)
+
+    /* All entries between FIRST_NS and the last defined namespace
+     * must be filled in */
+    #define     FIRST_NS        32
+};
+
+int
+text2ns(const char *str)
+{
+  size_t	i;
+  for (i=0; i<sizeof(NS2BIT)/sizeof(NS2BIT[0]); ++i)
+    if (strcmp(NS2BIT[i].id, str)==0) return NS2BIT[i].bit;
+
+  return -1;
+}
+
+const char *
+ns2text(unsigned int bit)
+{
+  if ((size_t)bit>=sizeof(NS2BIT)/sizeof(NS2BIT[0])) return 0;
+  return NS2BIT[bit - FIRST_NS].id;
+}
+
+#define VSERVERCONF "/etc/vservers/"
+
+uint32_t
+get_space_flag(xid_t xid) {
+    char *ctx_space_dir, *space_name;
+    struct passwd *slice_user;
+    FILE *fp_in;
+    unsigned int bit;
+
+    slice_user = get_pwuid(xid);
+
+    if (!slice_user)
+        goto out_err1;
+
+    ctx_space_dir=(char *) malloc(sizeof(VSERVERCONF "/" SPACE_DIR "Z")+strlen(slice_user->pw_name));
+    if (!ctx_space_dir)
+        goto out_err1;
+
+    sprintf(ctx_space_dir,VSERVERCONF "%s/" SPACE_DIR, slice_user->pw_name);
+
+    fp_in = fopen(ctx_space_dir,"r");
+
+    if (!fp_in)
+        goto out_dontcare;
+
+    space_name=(char *) malloc(sizeof("GOBBLEDYGOOKZ"));
+
+    if (!space_name) {
+        goto out_err2;
+    }
+
+    fgets(space_name,sizeof("GOBBLEDYGOOKZ"),fp_in);
+
+    bit = text2ns(space_name);
+
+    free(space_name);
+    free(ctx_space_dir);
+    close(fp_in);
+
+    return ((1<<bit)>>1);
+
+out_err2:
+    free(ctx_space_dir);
+    close(fp_in);
+
+out_err1:
+    return 0;
+
+out_dontcare:
+    free(ctx_space_dir);
+    return 0;
+
+}
diff --git a/src/planetlab.c b/src/planetlab.c
index 15cc7e5..824039b 100644
--- a/src/planetlab.c
+++ b/src/planetlab.c
@@ -64,6 +64,7 @@ create_context(xid_t ctx, uint64_t bcaps)
   struct vc_ctx_caps   vc_caps;
   struct vc_net_flags  vc_nf;
   struct vc_net_caps   vc_ncaps;
+  uint32_t unshare_mask;
 
   /* Create network context */
   if (vc_net_create(ctx) == VC_NOCTX) {
@@ -88,12 +89,19 @@ tag:
     return -1;
 
 process:
+
   /*
    * Create context info - this sets the STATE_SETUP and STATE_INIT flags.
    */
   if (vc_ctx_create(ctx, 0) == VC_NOCTX)
     return -1;
 
+  /* Unshare the NET namespace if the slice if requested in the local slice configuration */
+  unshare_mask = get_space_flag(ctx);
+  if (unshare_mask != 0) {
+      sys_unshare(unshare_mask);
+  }
+
   /* Set capabilities - these don't take effect until SETUP flag is unset */
   vc_caps.bcaps = bcaps;
   vc_caps.bmask = ~0ULL;  /* currently unused */
@@ -251,6 +259,7 @@ struct pl_resources {
 	if (index < len) index++; else goto out;
 
 #define VSERVERCONF "/etc/vservers/"
+
 void
 pl_get_limits(const char *context, struct sliver_resources *slr)
 {
-- 
2.43.0