mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-07 14:23:19 +00:00
389de87aed
Added extra option to enable unprivileged containers. This includes a patch to remove the hard-coded path to `lxc-user-nic` and a new security wrapper to set SUID to `lxc-user-nic`.
14 lines
488 B
Diff
14 lines
488 B
Diff
diff --git a/src/lxc/network.c b/src/lxc/network.c
|
|
index 0a99d32..850e975 100644
|
|
--- a/src/lxc/network.c
|
|
+++ b/src/lxc/network.c
|
|
@@ -2940,7 +2940,7 @@ int lxc_find_gateway_addresses(struct lxc_handler *handler)
|
|
|
|
#ifdef IN_LIBLXC
|
|
|
|
-#define LXC_USERNIC_PATH LIBEXECDIR "/lxc/lxc-user-nic"
|
|
+#define LXC_USERNIC_PATH "/run/wrappers/bin/lxc-user-nic"
|
|
static int lxc_create_network_unpriv_exec(const char *lxcpath,
|
|
const char *lxcname,
|
|
struct lxc_netdev *netdev, pid_t pid,
|