Merge pull request #8489 from ashley-cui/commonslirp

 Add ability to set system wide options for slirp4netns

9 files changed, 85 insertions, 62 deletions

diff --git a/go.mod b/go.mod
index e594930fa..9abfc6dc9 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/containernetworking/cni v0.8.0
 	github.com/containernetworking/plugins v0.8.7
 	github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c
-	github.com/containers/common v0.29.0
+	github.com/containers/common v0.30.0
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.8.1
 	github.com/containers/psgo v1.5.1
diff --git a/go.sum b/go.sum
index 3a146c617..44365d442 100644
--- a/go.sum
+++ b/go.sum
@@ -95,6 +95,8 @@ github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c h1:vyc2iYz9b
 github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c/go.mod h1:B+0OkXUogxdwsEy4ax3a5/vDtJjL6vCisiV6frQZJ4A=
 github.com/containers/common v0.29.0 h1:hTMC+urdkk5bKfhL/OgCixIX5xjJgQ2l2jPG745ECFQ=
 github.com/containers/common v0.29.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
+github.com/containers/common v0.30.0 h1:yKhrhnOxIymtMk+oLJMKEbG/VkYyU0DRJWSdCT0LhOY=
+github.com/containers/common v0.30.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.8.1 h1:aHW8a/Kd0dTJ7PTL/fc6y12sJqHxWgqilu+XyHfjD8Q=
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 15e470c80..463378af7 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -245,7 +245,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 // setupSlirp4netns can be called in rootful as well as in rootless
 func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	path := r.config.Engine.NetworkCmdPath
-
+	slirpOptions := r.config.Engine.NetworkCmdOptions
 	if path == "" {
 		var err error
 		path, err = exec.LookPath("slirp4netns")
@@ -273,68 +273,69 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	outboundAddr6 := ""
 
 	if ctr.config.NetworkOptions != nil {
-		slirpOptions := ctr.config.NetworkOptions["slirp4netns"]
-		for _, o := range slirpOptions {
-			parts := strings.SplitN(o, "=", 2)
-			if len(parts) < 2 {
-				return errors.Errorf("unknown option for slirp4netns: %q", o)
+		slirpOptions = append(slirpOptions, ctr.config.NetworkOptions["slirp4netns"]...)
+	}
+
+	for _, o := range slirpOptions {
+		parts := strings.SplitN(o, "=", 2)
+		if len(parts) < 2 {
+			return errors.Errorf("unknown option for slirp4netns: %q", o)
+		}
+		option, value := parts[0], parts[1]
+		switch option {
+		case "cidr":
+			ipv4, _, err := net.ParseCIDR(value)
+			if err != nil || ipv4.To4() == nil {
+				return errors.Errorf("invalid cidr %q", value)
 			}
-			option, value := parts[0], parts[1]
-			switch option {
-			case "cidr":
-				ipv4, _, err := net.ParseCIDR(value)
-				if err != nil || ipv4.To4() == nil {
-					return errors.Errorf("invalid cidr %q", value)
-				}
-				cidr = value
-			case "port_handler":
-				switch value {
-				case "slirp4netns":
-					isSlirpHostForward = true
-				case "rootlesskit":
-					isSlirpHostForward = false
-				default:
-					return errors.Errorf("unknown port_handler for slirp4netns: %q", value)
-				}
-			case "allow_host_loopback":
-				switch value {
-				case "true":
-					disableHostLoopback = false
-				case "false":
-					disableHostLoopback = true
-				default:
-					return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value)
-				}
-			case "enable_ipv6":
-				switch value {
-				case "true":
-					enableIPv6 = true
-				case "false":
-					enableIPv6 = false
-				default:
-					return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value)
-				}
-			case "outbound_addr":
-				ipv4 := net.ParseIP(value)
-				if ipv4 == nil || ipv4.To4() == nil {
-					_, err := net.InterfaceByName(value)
-					if err != nil {
-						return errors.Errorf("invalid outbound_addr %q", value)
-					}
+			cidr = value
+		case "port_handler":
+			switch value {
+			case "slirp4netns":
+				isSlirpHostForward = true
+			case "rootlesskit":
+				isSlirpHostForward = false
+			default:
+				return errors.Errorf("unknown port_handler for slirp4netns: %q", value)
+			}
+		case "allow_host_loopback":
+			switch value {
+			case "true":
+				disableHostLoopback = false
+			case "false":
+				disableHostLoopback = true
+			default:
+				return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value)
+			}
+		case "enable_ipv6":
+			switch value {
+			case "true":
+				enableIPv6 = true
+			case "false":
+				enableIPv6 = false
+			default:
+				return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value)
+			}
+		case "outbound_addr":
+			ipv4 := net.ParseIP(value)
+			if ipv4 == nil || ipv4.To4() == nil {
+				_, err := net.InterfaceByName(value)
+				if err != nil {
+					return errors.Errorf("invalid outbound_addr %q", value)
 				}
-				outboundAddr = value
-			case "outbound_addr6":
-				ipv6 := net.ParseIP(value)
-				if ipv6 == nil || ipv6.To4() != nil {
-					_, err := net.InterfaceByName(value)
-					if err != nil {
-						return errors.Errorf("invalid outbound_addr6: %q", value)
-					}
+			}
+			outboundAddr = value
+		case "outbound_addr6":
+			ipv6 := net.ParseIP(value)
+			if ipv6 == nil || ipv6.To4() != nil {
+				_, err := net.InterfaceByName(value)
+				if err != nil {
+					return errors.Errorf("invalid outbound_addr6: %q", value)
 				}
-				outboundAddr6 = value
-			default:
-				return errors.Errorf("unknown option for slirp4netns: %q", o)
 			}
+			outboundAddr6 = value
+		default:
+			return errors.Errorf("unknown option for slirp4netns: %q", o)
 		}
 	}
 
diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf
index 5f852468d..35153ba05 100644
--- a/test/e2e/config/containers.conf
+++ b/test/e2e/config/containers.conf
@@ -52,3 +52,7 @@ dns_options=[ "debug", ]
 tz = "Pacific/Honolulu"
 
 umask = "0002"
+
+[engine]
+
+network_cmd_options=["allow_host_loopback=true"]
diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go
index 866162f7f..28672cfc6 100644
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@@ -258,6 +258,12 @@ var _ = Describe("Podman run", func() {
 		Expect(session.OutputToString()).To(Equal("0002"))
 	})
 
+	It("podman set network cmd options slirp options to allow host loopback", func() {
+		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "ping", "-c1", "10.0.2.2"})
+		session.Wait(30)
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
 	It("podman-remote test localcontainers.conf versus remote containers.conf", func() {
 		if !IsRemote() {
 			Skip("this test is only for remote")
@@ -311,4 +317,5 @@ var _ = Describe("Podman run", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.OutputToString()).To(Equal("0022"))
 	})
+
 })
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 2769781f2..6a44d353a 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -268,6 +268,10 @@ type EngineConfig struct {
 	// NetworkCmdPath is the path to the slirp4netns binary.
 	NetworkCmdPath string `toml:"network_cmd_path,omitempty"`
 
+	// NetworkCmdOptions is the default options to pass to the slirp4netns binary.
+	// For example "allow_host_loopback=true"
+	NetworkCmdOptions []string `toml:"network_cmd_options,omitempty"`
+
 	// NoPivotRoot sets whether to set no-pivot-root in the OCI runtime.
 	NoPivotRoot bool `toml:"no_pivot_root,omitempty"`
 
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index ed7c91931..5b5d3f9b6 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -348,6 +348,11 @@ default_sysctls = [
 #
 # network_cmd_path=""
 
+# Default options to pass to the slirp4netns binary.
+# For example "allow_host_loopback=true"
+#
+# network_cmd_options=[]
+
 # Whether to use chroot instead of pivot_root in the runtime
 #
 # no_pivot_root = false
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index 72f4e00f7..141168961 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.29.0"
+const Version = "0.30.0"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 19a87d31d..43c8ebb95 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -86,7 +86,7 @@ github.com/containers/buildah/pkg/parse
 github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/supplemented
 github.com/containers/buildah/util
-# github.com/containers/common v0.29.0
+# github.com/containers/common v0.30.0
 github.com/containers/common/pkg/apparmor
 github.com/containers/common/pkg/apparmor/internal/supported
 github.com/containers/common/pkg/auth