nsexec: don't use CLONE_PARENT and CLONE_NEWPID together

The rhel6 kernel returns EINVAL in this case Known issue: * CT with userns doesn't work This is a copy of d31e97fa28 to address https://github.com/opencontainers/runc/issues/613 Signed-off-by: Andrey Vagin <avagin@virtuozzo.com> Signed-off-by: Andrew Fernandes <andrew@fernandes.org>
2016-03-10 08:43:09 -05:00 · 2016-03-10 08:43:09 -05:00 · 080eac3d2a
parent fb79eacb64
commit 080eac3d2a
1 changed files with 9 additions and 0 deletions
--- a/libcontainer/nsenter/nsexec.c
+++ b/libcontainer/nsenter/nsexec.c
@ -14,6 +14,7 @@
 #include <string.h>
 #include <sys/ioctl.h>
 #include <sys/types.h>
+#include <sys/prctl.h>
 #include <unistd.h>

 #include <bits/sockaddr.h>
@ -84,6 +85,14 @@ static int clone_parent(jmp_buf *env, int flags)
 	ca.env = env;
 	child  = clone(child_func, ca.stack_ptr, CLONE_PARENT | SIGCHLD | flags,
 		      &ca);
+	if (child == -1 && errno == EINVAL) {
+		if (unshare(flags)) {
+			pr_perror("Unable to unshare namespaces");
+			return -1;
+		}
+		child  = clone(child_func, ca.stack_ptr, SIGCHLD | CLONE_PARENT,
+			      &ca);
+	}
 	return child;
 }