From e50e99bb8b367dd0e07530f76b618fedcf764709 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 3 Mar 2014 14:41:38 -0800
Subject: [PATCH 1/4] libcontainer/network: add netns strategy

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 libcontainer/network/netns.go    | 42 ++++++++++++++++++++++++++++++++
 libcontainer/network/strategy.go |  2 ++
 2 files changed, 44 insertions(+)
 create mode 100644 libcontainer/network/netns.go

diff --git a/libcontainer/network/netns.go b/libcontainer/network/netns.go
new file mode 100644
index 0000000..3eb8ee5
--- /dev/null
+++ b/libcontainer/network/netns.go
@@ -0,0 +1,42 @@
+package network
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/system"
+)
+
+//  crosbymichael: could make a network strategy that instead of returning veth pair names it returns a pid to an existing network namespace
+type NetNS struct {
+}
+
+func (v *NetNS) Create(n *libcontainer.Network, nspid int, context libcontainer.Context) error {
+	nsname, exists := n.Context["nsname"]
+
+	if !exists {
+		return fmt.Errorf("nspath does not exist in network context")
+	}
+
+	context["nspath"] = fmt.Sprintf("/var/run/netns/%s", nsname)
+	return nil
+}
+
+func (v *NetNS) Initialize(config *libcontainer.Network, context libcontainer.Context) error {
+	nspath, exists := context["nspath"]
+	if !exists {
+		return fmt.Errorf("nspath does not exist in network context")
+	}
+
+	f, err := os.OpenFile(nspath, os.O_RDONLY, 0)
+	if err != nil {
+		return fmt.Errorf("failed get network namespace fd: %v", err)
+	}
+
+	if err := system.Setns(f.Fd(), syscall.CLONE_NEWNET); err != nil {
+		return fmt.Errorf("failed to setns current network namespace: %v", err)
+	}
+	return nil
+}
diff --git a/libcontainer/network/strategy.go b/libcontainer/network/strategy.go
index 693790d..e41ecc3 100644
--- a/libcontainer/network/strategy.go
+++ b/libcontainer/network/strategy.go
@@ -2,6 +2,7 @@ package network
 
 import (
 	"errors"
+
 	"github.com/dotcloud/docker/pkg/libcontainer"
 )
 
@@ -12,6 +13,7 @@ var (
 var strategies = map[string]NetworkStrategy{
 	"veth":     &Veth{},
 	"loopback": &Loopback{},
+	"netns":    &NetNS{},
 }
 
 // NetworkStrategy represents a specific network configuration for

From 76d3c99530ab5b2bac27bc02f1e54789c5ad379e Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 3 Mar 2014 21:46:49 -0800
Subject: [PATCH 2/4] libcontainer/nsinit/init: move mount namespace after
 network

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 libcontainer/nsinit/init.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/libcontainer/nsinit/init.go b/libcontainer/nsinit/init.go
index 117ae87..c39928d 100644
--- a/libcontainer/nsinit/init.go
+++ b/libcontainer/nsinit/init.go
@@ -4,6 +4,9 @@ package nsinit
 
 import (
 	"fmt"
+	"os"
+	"syscall"
+
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
 	"github.com/dotcloud/docker/pkg/libcontainer/capabilities"
@@ -11,8 +14,6 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer/utils"
 	"github.com/dotcloud/docker/pkg/system"
 	"github.com/dotcloud/docker/pkg/user"
-	"os"
-	"syscall"
 )
 
 // Init is the init process that first runs inside a new namespace to setup mounts, users, networking,
@@ -56,13 +57,13 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := system.ParentDeathSignal(uintptr(syscall.SIGTERM)); err != nil {
 		return fmt.Errorf("parent death signal %s", err)
 	}
+	if err := setupNetwork(container, context); err != nil {
+		return fmt.Errorf("setup networking %s", err)
+	}
 	ns.logger.Println("setup mount namespace")
 	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
 	}
-	if err := setupNetwork(container, context); err != nil {
-		return fmt.Errorf("setup networking %s", err)
-	}
 	if err := system.Sethostname(container.Hostname); err != nil {
 		return fmt.Errorf("sethostname %s", err)
 	}

From fc0982872a1b7941f1c8c973a86be2e3ed6fe857 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 3 Mar 2014 21:47:03 -0800
Subject: [PATCH 3/4] libcontainer: goimports

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 libcontainer/nsinit/exec.go        | 7 ++++---
 libcontainer/nsinit/nsinit/main.go | 8 ++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/libcontainer/nsinit/exec.go b/libcontainer/nsinit/exec.go
index 61286cc..6e902d1 100644
--- a/libcontainer/nsinit/exec.go
+++ b/libcontainer/nsinit/exec.go
@@ -3,12 +3,13 @@
 package nsinit
 
 import (
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/libcontainer/network"
-	"github.com/dotcloud/docker/pkg/system"
 	"os"
 	"os/exec"
 	"syscall"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/network"
+	"github.com/dotcloud/docker/pkg/system"
 )
 
 // Exec performes setup outside of a namespace so that a container can be
diff --git a/libcontainer/nsinit/nsinit/main.go b/libcontainer/nsinit/nsinit/main.go
index df32d0b..3725fb5 100644
--- a/libcontainer/nsinit/nsinit/main.go
+++ b/libcontainer/nsinit/nsinit/main.go
@@ -3,14 +3,18 @@ package main
 import (
 	"encoding/json"
 	"flag"
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
 	"strconv"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 )
 
 var (

From b00757fda634c5d90aa8556e84a0ef2ef3a5edfa Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Tue, 18 Mar 2014 16:25:26 -0700
Subject: [PATCH 4/4] libcontainer: remove duplicate imports

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 libcontainer/nsinit/nsinit/main.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/libcontainer/nsinit/nsinit/main.go b/libcontainer/nsinit/nsinit/main.go
index 3725fb5..37aa784 100644
--- a/libcontainer/nsinit/nsinit/main.go
+++ b/libcontainer/nsinit/nsinit/main.go
@@ -12,9 +12,6 @@ import (
 
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
-
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 )
 
 var (