summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@pm.me>2019-12-03 10:27:15 -0500
committerMatthew Heon <matthew.heon@pm.me>2019-12-03 10:27:15 -0500
commitb0b9103cca15278c064e058bbd96139d70acfcd5 (patch)
treea850354826544c3c736c1f416286c00ea82ea103
parentc9696c451df1efe181c103f9f227787af14dd7b1 (diff)
downloadpodman-b0b9103cca15278c064e058bbd96139d70acfcd5.tar.gz
podman-b0b9103cca15278c064e058bbd96139d70acfcd5.tar.bz2
podman-b0b9103cca15278c064e058bbd96139d70acfcd5.zip
Allow chained network namespace containers
The code currently assumes that the container we delegate network namespace to will never further delegate to another container, so when looking up things like /etc/hosts and /etc/resolv.conf we won't pull the correct files from the chained dependency. The changes to resolve this are relatively simple - just need to keep looking until we find a container without NetNsCtr set. Fixes #4626 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
-rw-r--r--libpod/container.go2
-rw-r--r--libpod/container_internal_linux.go21
2 files changed, 19 insertions, 4 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 4f7fc067e..d978e4e38 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -1146,7 +1146,7 @@ func (c *Container) NetworkDisabled() (bool, error) {
if err != nil {
return false, err
}
- return networkDisabled(container)
+ return container.NetworkDisabled()
}
return networkDisabled(c)
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 586de0776..1b0570998 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1016,9 +1016,24 @@ func (c *Container) makeBindMounts() error {
// We want /etc/resolv.conf and /etc/hosts from the
// other container. Unless we're not creating both of
// them.
- depCtr, err := c.runtime.state.Container(c.config.NetNsCtr)
- if err != nil {
- return errors.Wrapf(err, "error fetching dependency %s of container %s", c.config.NetNsCtr, c.ID())
+ var (
+ depCtr *Container
+ nextCtr string
+ )
+
+ // I don't like infinite loops, but I don't think there's
+ // a serious risk of looping dependencies - too many
+ // protections against that elsewhere.
+ nextCtr = c.config.NetNsCtr
+ for {
+ depCtr, err = c.runtime.state.Container(nextCtr)
+ if err != nil {
+ return errors.Wrapf(err, "error fetching dependency %s of container %s", c.config.NetNsCtr, c.ID())
+ }
+ nextCtr = depCtr.config.NetNsCtr
+ if nextCtr == "" {
+ break
+ }
}
// We need that container's bind mounts