From 080eac3d2a6d288dfa91aa34a06b4b66302e0574 Mon Sep 17 00:00:00 2001
From: Andrey Vagin <avagin@virtuozzo.com>
Date: Thu, 10 Mar 2016 08:43:09 -0500
Subject: [PATCH] nsexec: don't use CLONE_PARENT and CLONE_NEWPID together

The rhel6 kernel returns EINVAL in this case

Known issue:
* CT with userns doesn't work

This is a copy of
https://github.com/avagin/runc/commit/d31e97fa28345375b3f76bff64d12cdb07e03ba0
to address https://github.com/opencontainers/runc/issues/613

Signed-off-by: Andrey Vagin <avagin@virtuozzo.com>
Signed-off-by: Andrew Fernandes <andrew@fernandes.org>
---
 libcontainer/nsenter/nsexec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
index 3338108e..a52b7dc3 100644
--- a/libcontainer/nsenter/nsexec.c
+++ b/libcontainer/nsenter/nsexec.c
@@ -14,6 +14,7 @@
 #include <string.h>
 #include <sys/ioctl.h>
 #include <sys/types.h>
+#include <sys/prctl.h>
 #include <unistd.h>
 
 #include <bits/sockaddr.h>
@@ -84,6 +85,14 @@ static int clone_parent(jmp_buf *env, int flags)
 	ca.env = env;
 	child  = clone(child_func, ca.stack_ptr, CLONE_PARENT | SIGCHLD | flags,
 		      &ca);
+	if (child == -1 && errno == EINVAL) {
+		if (unshare(flags)) {
+			pr_perror("Unable to unshare namespaces");
+			return -1;
+		}
+		child  = clone(child_func, ca.stack_ptr, SIGCHLD | CLONE_PARENT,
+			      &ca);
+	}
 	return child;
 }