Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSascha Silbe <sascha-pgp@silbe.org>2010-03-20 15:53:27 (GMT)
committer Sascha Silbe <sascha-pgp@silbe.org>2010-07-21 17:36:14 (GMT)
commit07cdb12f96704d6b0581d9ddcaac76959256798d (patch)
treea7204ccdcfe64f346c11eb6b3ef882f17f65fa4c
parent5ab8ddb8ddb8dc6925cb3bb5f52e0a06b7a1c439 (diff)
don't fail on systems without CLONE_NEWNET support
Print only a warning when unshare(CLONE_NEWNET) fails with EINVAL. This allows Rainbow to work on older kernels, albeit degraded.
-rw-r--r--rainbow/inject.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/rainbow/inject.py b/rainbow/inject.py
index 47d0cf9..9946644 100644
--- a/rainbow/inject.py
+++ b/rainbow/inject.py
@@ -1,3 +1,4 @@
+import errno
import os
from os import R_OK, W_OK, X_OK, fork, symlink, unlink, O_CREAT, O_EXCL, chown, chmod
from os import setgroups, setgid, setuid, chdir, umask, execvpe, waitpid, WEXITSTATUS
@@ -12,7 +13,7 @@ from glob import glob
import resource
from rainbow.util import Checker, mount, make_dirs, get_fds, read_envdir
-from rainbow.util import unshare, CLONE_NEWNET
+from rainbow.util import unshare, CLONE_NEWNET, CError
def reserve_elt(pool_dir, elt, max_elt, incr, elt_name):
fd = None
@@ -268,7 +269,14 @@ def configure_xephyr(_, spool, owner_gid, uid, env, safe_fds):
def configure_network(log, pset):
log(1, "networking shared with parent: %s", pset.has_permission("network"))
if not pset.has_permission("network"):
- unshare(CLONE_NEWNET)
+ try:
+ unshare(CLONE_NEWNET)
+ except CError, e:
+ if e.errno == errno.EINVAL:
+ log(1, "Warning: CLONE_NEWNET not supported")
+ return
+
+ raise
def check_uid(_, spool, owner_uid, uid):
assert 10000 <= uid and uid <= 65534