giuseppe
diff --git a/‎Makefile.am‎
Lines changed: 2 additions & 0 deletions b/‎Makefile.am‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/libcrun/container.c‎
Lines changed: 4 additions & 0 deletions b/‎src/libcrun/container.c‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/libcrun/linux.c‎
Lines changed: 31 additions & 0 deletions b/‎src/libcrun/linux.c‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎src/libcrun/linux.h‎
Lines changed: 2 additions & 0 deletions b/‎src/libcrun/linux.h‎
Lines changed: 2 additions & 0 deletions
@@ -69,6 +69,7 @@ libcrun_SOURCES = src/libcrun/utils.c \
 		src/libcrun/seccomp_notify.c \
 		src/libcrun/signals.c \
 		src/libcrun/status.c \
+		src/libcrun/net_device.c \
 		src/libcrun/terminal.c
 
 if HAVE_EMBEDDED_YAJL
@@ -157,6 +158,7 @@ EXTRA_DIST = COPYING COPYING.libcrun README.md NEWS SECURITY.md rpm/crun.spec au
 	src/libcrun/linux.h src/libcrun/utils.h src/libcrun/error.h src/libcrun/criu.h \
 	src/libcrun/scheduler.h src/libcrun/status.h src/libcrun/terminal.h \
 	src/libcrun/mount_flags.h src/libcrun/intelrdt.h src/libcrun/ring_buffer.h src/libcrun/string_map.h \
+	src/libcrun/net_device.h \
 	crun.1.md crun.1 libcrun.lds \
 	krun.1.md krun.1 \
 	lua/luacrun.rockspec
 
@@ -2633,6 +2633,10 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_
   if (UNLIKELY (ret < 0))
     goto fail;
 
+  ret = libcrun_move_network_devices (container, pid, err);
+  if (UNLIKELY (ret < 0))
+    goto fail;
+
   /* sync send own pid.  */
   ret = TEMP_FAILURE_RETRY (write (sync_socket, &pid, sizeof (pid)));
   if (UNLIKELY (ret != sizeof (pid)))
 
@@ -52,6 +52,7 @@
 #include "scheduler.h"
 #include "intelrdt.h"
 #include "io_priority.h"
+#include "net_device.h"
 
 #include <sys/socket.h>
 #include <libgen.h>
@@ -6059,3 +6060,33 @@ libcrun_destroy_runtime_mounts (libcrun_container_t *container arg_unused, libcr
 
   return run_in_container_namespace (status, do_umount_in_a_container, &args, err);
 }
+
+int
+libcrun_move_network_devices (libcrun_container_t *container, pid_t pid, libcrun_error_t *err)
+{
+  runtime_spec_schema_config_schema *def = container->container_def;
+  cleanup_close int netns_fd = -1;
+  char ns_file[64];
+  size_t i;
+  int ret;
+
+  if (def == NULL || def->linux == NULL || def->linux->net_devices == NULL)
+    return 0;
+
+  snprintf (ns_file, sizeof (ns_file), "/proc/%d/ns/net", pid);
+
+  netns_fd = open (ns_file, O_RDONLY);
+  if (UNLIKELY (netns_fd < 0))
+    return crun_make_error (err, errno, "open `%s`", ns_file);
+
+  for (i = 0; i < def->linux->net_devices->len; i++)
+    {
+      const char *new_name = def->linux->net_devices->values[i]->name ?: def->linux->net_devices->keys[i];
+
+      ret = move_network_device (def->linux->net_devices->keys[i], new_name, netns_fd, err);
+      if (UNLIKELY (ret < 0))
+        return ret;
+    }
+
+  return 0;
+}
@@ -141,6 +141,8 @@ const char *libcrun_get_intelrdt_name (const char *ctr_name, libcrun_container_t
 
 int libcrun_apply_intelrdt (const char *ctr_name, libcrun_container_t *container, pid_t pid, int actions, libcrun_error_t *err);
 
+int libcrun_move_network_devices (libcrun_container_t *container, pid_t pid, libcrun_error_t *err);
+
 int libcrun_destroy_intelrdt (const char *name, libcrun_error_t *err);
 
 int libcrun_update_intel_rdt (const char *ctr_name, libcrun_container_t *container, const char *l3_cache_schema, const char *mem_bw_schema, char *const *schemata, libcrun_error_t *err);