Implment network == none

When network == none, the container should only have a
loopback interface and that's it.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #176
Approved by: baude

5 files changed, 98 insertions, 64 deletions

diff --git a/Dockerfile.Fedora b/Dockerfile.Fedora
index 055d2b9e3..163f93ea0 100644
--- a/Dockerfile.Fedora
+++ b/Dockerfile.Fedora
@@ -1,7 +1,9 @@
 FROM registry.fedoraproject.org/fedora:27
 
 RUN dnf -y install btrfs-progs-devel \
+              atomic-registries \
               bzip2 \
+              conmon \
               device-mapper-devel \
               findutils \
               git \
@@ -19,9 +21,7 @@ RUN dnf -y install btrfs-progs-devel \
               python \
               which\
               golang-github-cpuguy83-go-md2man \
-              conmon \
               procps-ng \
-              atomic-registries \
               iptables && dnf clean all
 
 # install bats
@@ -33,7 +33,7 @@ RUN cd /tmp \
     && rm -fr /tmp/bats
 
 # Install CNI plugins
-ENV CNI_COMMIT 7480240de9749f9a0a5c8614b17f1f03e0c06ab9
+ENV CNI_COMMIT 412b6d31280682bb4fab4446f113c22ff1886554
 RUN set -x \
        && export GOPATH="$(mktemp -d)" \
        && git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \
@@ -55,6 +55,19 @@ RUN set -x \
        && export GOPATH=/go \
        && go get github.com/onsi/gomega/...
 
+# Install conmon
+ENV CRIO_COMMIT 814c6ab0913d827543696b366048056a31d9529c
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/kubernetes-incubator/cri-o.git "$GOPATH/src/github.com/kubernetes-incubator/cri-o.git" \
+	&& cd "$GOPATH/src/github.com/kubernetes-incubator/cri-o.git" \
+	&& git fetch origin --tags \
+	&& git checkout -q "$CRIO_COMMIT" \
+	&& mkdir bin \
+	&& make conmon \
+	&& install -D -m 755 bin/conmon /usr/libexec/crio/conmon \
+	&& rm -rf "$GOPATH"
+
 # Install cni config
 #RUN make install.cni
 RUN mkdir -p /etc/cni/net.d/
diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go
index d18da79ea..0b5a3c3e3 100644
--- a/cmd/podman/spec.go
+++ b/cmd/podman/spec.go
@@ -572,7 +572,8 @@ func (c *createConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er
 			return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer())
 		}
 		options = append(options, libpod.WithNetNSFrom(connectedCtr))
-	} else if !c.NetMode.IsHost() {
+	} else if !c.NetMode.IsHost() && !c.NetMode.IsNone() {
+		options = append(options, libpod.WithNetNS([]ocicni.PortMapping{}))
 		options = append(options, libpod.WithNetNS(portBindings))
 	}
 
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go
index 95b9def77..aaad97447 100644
--- a/test/e2e/libpod_suite_test.go
+++ b/test/e2e/libpod_suite_test.go
@@ -158,7 +158,7 @@ func (p *PodmanTest) Podman(args []string) *PodmanSession {
 func (p *PodmanTest) Cleanup() {
 	// Remove all containers
 	session := p.Podman([]string{"rm", "-fa"})
-	session.Wait(60)
+	session.Wait(90)
 	// Nuke tempdir
 	if err := os.RemoveAll(p.TempDir); err != nil {
 		fmt.Printf("%q\n", err)
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
new file mode 100644
index 000000000..e60da148d
--- /dev/null
+++ b/test/e2e/run_networking_test.go
@@ -0,0 +1,79 @@
+package integration
+
+import (
+	"os"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Podman rmi", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest PodmanTest
+	)
+
+	BeforeEach(func() {
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanCreate(tempdir)
+		podmanTest.RestoreAllArtifacts()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+
+	})
+
+	It("podman run network connection with default bridge", func() {
+		session := podmanTest.Podman([]string{"run", "-dt", ALPINE, "wget", "www.projectatomic.io"})
+		session.Wait(90)
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
+	It("podman run network connection with host", func() {
+		session := podmanTest.Podman([]string{"run", "-dt", "--network", "host", ALPINE, "wget", "www.projectatomic.io"})
+		session.Wait(90)
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
+	It("podman run network connection with loopback", func() {
+		session := podmanTest.Podman([]string{"run", "-dt", "--network", "host", ALPINE, "wget", "www.projectatomic.io"})
+		session.Wait(90)
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
+	It("podman run network expose port 222", func() {
+		session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", ALPINE, "/bin/sh"})
+		session.Wait(30)
+		Expect(session.ExitCode()).To(Equal(0))
+		results := podmanTest.SystemExec("iptables", []string{"-t", "nat", "-L"})
+		results.Wait(30)
+		Expect(results.ExitCode()).To(Equal(0))
+		Expect(results.OutputToString()).To(ContainSubstring("222"))
+		Expect(results.OutputToString()).To(ContainSubstring("223"))
+	})
+
+	It("podman run network expose host port 80 to container port 8000", func() {
+		session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"})
+		session.Wait(30)
+		Expect(session.ExitCode()).To(Equal(0))
+		results := podmanTest.SystemExec("iptables", []string{"-t", "nat", "-L"})
+		results.Wait(30)
+		Expect(results.ExitCode()).To(Equal(0))
+		Expect(results.OutputToString()).To(ContainSubstring("8000"))
+	})
+
+	It("podman run network expose ports in image metadata", func() {
+		session := podmanTest.Podman([]string{"run", "-dt", "-P", "docker.io/library/nginx:latest"})
+		session.Wait(90)
+		Expect(session.ExitCode()).To(Equal(0))
+		results := podmanTest.Podman([]string{"inspect", "-l"})
+		results.Wait(30)
+		Expect(results.ExitCode()).To(Equal(0))
+		Expect(results.OutputToString()).To(ContainSubstring(": 80,"))
+	})
+})
diff --git a/test/podman_networking.bats b/test/podman_networking.bats
deleted file mode 100644
index b27c16634..000000000
--- a/test/podman_networking.bats
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/env bats
-
-load helpers
-
-function teardown() {
-    cleanup_test
-}
-
-function setup() {
-    copy_images
-}
-
-@test "test network connection with default bridge" {
-    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt ${ALPINE} wget www.yahoo.com
-    echo "$output"
-    [ "$status" -eq 0 ]
-    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} wait --latest
-    echo "$output"
-    [ "$status" -eq 0 ]
-}
-
-@test "test network connection with host" {
-    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt --network host ${ALPINE} wget www.yahoo.com
-    echo "$output"
-    [ "$status" -eq 0 ]
-    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} wait --latest
-    echo "$output"
-    [ "$status" -eq 0 ]
-}
-
-@test "expose port 222" {
-    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt --expose 222-223 ${ALPINE} /bin/sh
-    echo "$output"
-    [ "$status" -eq 0 ]
-    run bash -c "iptables -t nat -L"
-    echo "$output"
-    [ "$status" -eq 0 ]
-    run bash -c "iptables -t nat -L | grep 223"
-    echo "$output"
-    [ "$status" -eq 0 ]
-}
-
-@test "expose host port 80 to container port 8000" {
-    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt -p 80:8000 ${ALPINE} /bin/sh
-    echo "$output"
-    [ "$status" -eq 0 ]
-    run bash -c "iptables -t nat -L | grep 8000"
-    echo "$output"
-    [ "$status" -eq 0 ]
-}
-
-@test "expose ports in image" {
-    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt -P docker.io/library/nginx:latest
-    echo "$output"
-    [ "$status" -eq 0 ]
-    run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect -l | grep ': 80,'"
-    echo "$output"
-    [ "$status" -eq 0 ]
-}