summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Holzinger <pholzing@redhat.com>2021-11-18 15:18:18 +0100
committerPaul Holzinger <pholzing@redhat.com>2021-11-18 17:34:06 +0100
commit62d6b6bf74e2d9be340ee2aaab02d7c54e42535e (patch)
tree030b3d6d0752e959aef567caa0c4b38eb0399e6d
parent9b964945d661d4f97b4a97f2f67d33f9dcd11e50 (diff)
downloadpodman-62d6b6bf74e2d9be340ee2aaab02d7c54e42535e.tar.gz
podman-62d6b6bf74e2d9be340ee2aaab02d7c54e42535e.tar.bz2
podman-62d6b6bf74e2d9be340ee2aaab02d7c54e42535e.zip
rootless netns, one netns per libpod tmp dir
The netns cleanup code is checking if there are running containers, this can fail if you run several libpod instances with diffrent root/runroot. To fix it we use one netns for each libpod instances. To prevent name conflicts we use a hash from the static dir as part of the name. Previously this worked because we would use the CNI files to check if the netns was still in use. but this is no longer possible with netavark. [NO NEW TESTS NEEDED] Fixes #12306 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
-rw-r--r--libpod/networking_linux.go20
1 files changed, 13 insertions, 7 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 9be600bb4..314a74427 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -4,6 +4,7 @@ package libpod
import (
"crypto/rand"
+ "crypto/sha1"
"fmt"
"io/ioutil"
"net"
@@ -400,10 +401,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
return nil, nil
}
var rootlessNetNS *RootlessNetNS
- runDir, err := util.GetRuntimeDir()
- if err != nil {
- return nil, err
- }
+ runDir := r.config.Engine.TmpDir
lfile := filepath.Join(runDir, "rootless-netns.lock")
lock, err := lockfile.GetLockfile(lfile)
@@ -429,7 +427,15 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
if err != nil {
return nil, err
}
- path := filepath.Join(nsDir, rootlessNetNsName)
+
+ // create a hash from the static dir
+ // the cleanup will check if there are running containers
+ // if you run a several libpod instances with different root/runroot directories this check will fail
+ // we want one netns for each libpod static dir so we use the hash to prevent name collisions
+ hash := sha1.Sum([]byte(r.config.Engine.StaticDir))
+ netnsName := fmt.Sprintf("%s-%x", rootlessNetNsName, hash[:10])
+
+ path := filepath.Join(nsDir, netnsName)
ns, err := ns.GetNS(path)
if err != nil {
if !new {
@@ -437,8 +443,8 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
return nil, errors.Wrap(err, "error getting rootless network namespace")
}
// create a new namespace
- logrus.Debug("creating rootless network namespace")
- ns, err = netns.NewNSWithName(rootlessNetNsName)
+ logrus.Debugf("creating rootless network namespace with name %q", netnsName)
+ ns, err = netns.NewNSWithName(netnsName)
if err != nil {
return nil, errors.Wrap(err, "error creating rootless network namespace")
}