Re: [PATCH v2 10/10] Allow --userns when pasta spawns a command

10 Sep 2022

On Fri, Sep 09, 2022 at 04:34:25PM +0200, Stefano Brivio wrote:
...
On Thu,  8 Sep 2022 13:59:07 +1000
David Gibson  wrote:
...
Currently --userns is only allowed when pasta is attaching to an existing
netns or PID, and is prohibited when creating a new netns by spawning a
command or shell.
With the new handling of userns, this check isn't neccessary.  I'm not sure
if there's any use case for --userns with a spawned command, but it's
strictly more flexible and requires zero extra code, so we might as well.
I think it's helpful because one might not be able to join a network
namespace without first joining a given user namespace.
Well.. this is strictly for the spawning command case, so we're
creating the network ns rather than joining one.
...
So, if you want to run any network-ish command in such a network
namespace, using pasta instead of nsenter for whatever reason, this
possibility might be practical.
...
Signed-off-by: David Gibson 
---
 conf.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/conf.c b/conf.c
index 27d520e..ec191c2 100644
--- a/conf.c
+++ b/conf.c
@@ -561,11 +561,6 @@ static int conf_pasta_ns(int *netns_only, char *userns, char *netns,
      }
  }
-	if (*userns && !*netns) {
-		err("--userns requires --netns or PID");
-		return -EINVAL;
-	}
I guess we should now drop this sentence about --userns from the man
page:
This option requires --netns or a PID to be specified.
...either drop it, or clarify that a command might also be given
instead, I'm not sure.
Good point, I'll adjust.

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

    