Quoting Christian Seiler (christ...@iwakd.de):
> +     int flags[] = { CLONE_NEWPID, CLONE_NEWNS, CLONE_NEWNET, CLONE_NEWIPC, 
> CLONE_NEWUTS };
...
> -static char *namespaces_list[] = {
> -     "MOUNT", "PID", "UTSNAME", "IPC",
> -     "USER", "NETWORK"
> -};
> -static int cloneflags_list[] = {
> -     CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUTS, CLONE_NEWIPC,
> -     CLONE_NEWUSER, CLONE_NEWNET
> -};

These should be commonized.  I'm surprised this patch worked for you, as
the indices for network don't match up.

CLONE_NEWUSER may be available pretty soon, no reason to blacklist it
in attach.  Just have it gracefully fail if unavailable, just as PID
still needs to do.

thanks,
-serge

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to