POTD skeleton #99.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2018-06-09 14:50:17 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2018-06-09 14:50:17 +0200
commit: ef10351f70c3d41e536c024b71d811bad6e98884 (patch)
tree: 81d38abf1e91f9ed9bde28453621f3a16467abba /src/jail.c
parent: 0e1a9f70b3e720b506d69db6c920ce017834ae94 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/jail.c b/src/jail.c
index cad4204..0419d34 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -253,7 +253,7 @@ static int jail_childfn(prisoner_process *ctx)
     const char *path_shell = "/bin/sh";
     int i, s, master_fd;
     int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|
-        CLONE_NEWNS|CLONE_NEWNET/*|CLONE_NEWUSER*/;
+        CLONE_NEWNS/*|CLONE_NEWUSER*/;
     //unsigned int ug_map[3] = { 0, 10000, 65535 };
     pid_t self_pid, child_pid;
     pseccomp_ctx *psc = NULL;
@@ -274,6 +274,11 @@ static int jail_childfn(prisoner_process *ctx)
     if (cgroups_activate())
         FATAL("Activating cgroups for pid %d", self_pid);
 
+    D2("Setup network namespace for pid %d", self_pid);
+    if (setup_network_namespace("default"))
+        if (switch_network_namespace("default"))
+            FATAL("Setup network namespace for pid %d", self_pid);
+
     caps_drop_dac_override(0);
     //caps_drop_all();
author	Toni Uhlig <matzeton@googlemail.com>	2018-06-09 14:50:17 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2018-06-09 14:50:17 +0200
commit	ef10351f70c3d41e536c024b71d811bad6e98884 (patch)
tree	81d38abf1e91f9ed9bde28453621f3a16467abba /src/jail.c
parent	0e1a9f70b3e720b506d69db6c920ce017834ae94 (diff)