diff options
author | Daniel Golle <daniel@makrotopia.org> | 2019-12-30 14:57:47 +0200 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2020-01-18 13:39:45 +0200 |
commit | 1321c1bd8fe921986c4eb39c3783ddd827b79543 (patch) | |
tree | 89c1af96541324a445e683ea978f8f4aede3f2ee /system-linux.c | |
parent | 64f4eb79fe2977320660f8940bc908fa4def807b (diff) |
add basic support for jail network namespaces
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).
Example /etc/config/network snippet:
config device 'veth0'
option type 'veth'
option name 'vhost0'
option peer_name 'virt0'
config interface 'virt'
option type 'bridge'
list ifname 'vhost0'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
config interface 'virt0'
option ifname 'virt0'
option proto 'static'
option ipaddr '10.0.0.2'
option netmask '255.255.255.0'
option gateway '10.0.0.1'
option dns '10.0.0.1'
option jail 'transmission'
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'system-linux.c')
-rw-r--r-- | system-linux.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/system-linux.c b/system-linux.c index acfd40e..d533be8 100644 --- a/system-linux.c +++ b/system-linux.c @@ -45,6 +45,8 @@ #include <linux/veth.h> #include <linux/version.h> +#include <sched.h> + #ifndef RTN_FAILED_POLICY #define RTN_FAILED_POLICY 12 #endif @@ -1243,6 +1245,25 @@ nla_put_failure: return -ENOMEM; } +int system_link_netns_move(const char *ifname, int netns_fd) +{ + struct nl_msg *msg; + struct ifinfomsg iim = { + .ifi_family = AF_UNSPEC, + .ifi_index = 0, + }; + + msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST); + + if (!msg) + return -1; + + nlmsg_append(msg, &iim, sizeof(iim), 0); + nla_put_string(msg, IFLA_IFNAME, ifname); + nla_put_u32(msg, IFLA_NET_NS_FD, netns_fd); + return system_rtnl_call(msg); +} + static int system_link_del(const char *ifname) { struct nl_msg *msg; @@ -1266,6 +1287,20 @@ int system_macvlan_del(struct device *macvlan) return system_link_del(macvlan->ifname); } +int system_netns_open(const pid_t target_ns) +{ + char pid_net_path[PATH_MAX]; + + snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%u/ns/net", target_ns); + + return open(pid_net_path, O_RDONLY); +} + +int system_netns_set(int netns_fd) +{ + return setns(netns_fd, CLONE_NEWNET); +} + int system_veth_add(struct device *veth, struct veth_config *cfg) { struct nl_msg *msg; |