From 07cdb12f96704d6b0581d9ddcaac76959256798d Mon Sep 17 00:00:00 2001
From: Sascha Silbe <sascha-pgp@silbe.org>
Date: Sat, 20 Mar 2010 15:53:27 +0000
Subject: don't fail on systems without CLONE_NEWNET support

Print only a warning when unshare(CLONE_NEWNET) fails with EINVAL.
This allows Rainbow to work on older kernels, albeit degraded.
---
diff --git a/rainbow/inject.py b/rainbow/inject.py
index 47d0cf9..9946644 100644
--- a/rainbow/inject.py
+++ b/rainbow/inject.py
@@ -1,3 +1,4 @@
+import errno
 import os
 from os import R_OK, W_OK, X_OK, fork, symlink, unlink, O_CREAT, O_EXCL, chown, chmod
 from os import setgroups, setgid, setuid, chdir, umask, execvpe, waitpid, WEXITSTATUS
@@ -12,7 +13,7 @@ from glob import glob
 import resource
 
 from rainbow.util import Checker, mount, make_dirs, get_fds, read_envdir
-from rainbow.util import unshare, CLONE_NEWNET
+from rainbow.util import unshare, CLONE_NEWNET, CError
 
 def reserve_elt(pool_dir, elt, max_elt, incr, elt_name):
     fd = None
@@ -268,7 +269,14 @@ def configure_xephyr(_, spool, owner_gid, uid, env, safe_fds):
 def configure_network(log, pset):
     log(1, "networking shared with parent: %s", pset.has_permission("network"))
     if not pset.has_permission("network"):
-        unshare(CLONE_NEWNET)
+        try:
+            unshare(CLONE_NEWNET)
+        except CError, e:
+            if e.errno == errno.EINVAL:
+                log(1, "Warning: CLONE_NEWNET not supported")
+                return
+
+            raise
 
 def check_uid(_, spool, owner_uid, uid):
     assert 10000 <= uid and uid <= 65534
--
cgit v0.9.1