diff options
author | Paul Holzinger <pholzing@redhat.com> | 2021-11-05 14:52:08 +0100 |
---|---|---|
committer | Paul Holzinger <pholzing@redhat.com> | 2021-11-05 15:41:04 +0100 |
commit | 58f8c3d743cfe837c9228819436df294fddf408d (patch) | |
tree | 1a6b9ace35bd18b98448f41b2b86b0ba30619b65 | |
parent | 614c6f59708090d3cde868891c3bb8e0e667e086 (diff) | |
download | podman-58f8c3d743cfe837c9228819436df294fddf408d.tar.gz podman-58f8c3d743cfe837c9228819436df294fddf408d.tar.bz2 podman-58f8c3d743cfe837c9228819436df294fddf408d.zip |
mount full XDG_RUNTIME_DIR in rootless cni ns
We should mount the full runtime directory into the namespace instead of
just the netns dir. This allows more use cases.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
-rw-r--r-- | libpod/networking_linux.go | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index bf527a81a..29d51f96c 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -161,7 +161,7 @@ func (r *RootlessCNI) Do(toRun func() error) error { // Because the plugins also need access to XDG_RUNTIME_DIR/netns some special setup is needed. // The following bind mounts are needed - // 1. XDG_RUNTIME_DIR/netns -> XDG_RUNTIME_DIR/rootless-cni/XDG_RUNTIME_DIR/netns + // 1. XDG_RUNTIME_DIR -> XDG_RUNTIME_DIR/rootless-cni/XDG_RUNTIME_DIR // 2. /run/systemd -> XDG_RUNTIME_DIR/rootless-cni/run/systemd (only if it exists) // 3. XDG_RUNTIME_DIR/rootless-cni/resolv.conf -> /etc/resolv.conf or XDG_RUNTIME_DIR/rootless-cni/run/symlink/target // 4. XDG_RUNTIME_DIR/rootless-cni/var/lib/cni -> /var/lib/cni (if /var/lib/cni does not exists use the parent dir) @@ -174,16 +174,16 @@ func (r *RootlessCNI) Do(toRun func() error) error { return errors.Wrapf(err, "cannot create a new mount namespace") } - netNsDir, err := netns.GetNSRunDir() + xdgRuntimeDir, err := util.GetRuntimeDir() if err != nil { - return errors.Wrap(err, "could not get network namespace directory") + return errors.Wrap(err, "could not get runtime directory") } - newNetNsDir := r.getPath(netNsDir) + newXDGRuntimeDir := r.getPath(xdgRuntimeDir) // 1. Mount the netns into the new run to keep them accessible. // Otherwise cni setup will fail because it cannot access the netns files. - err = unix.Mount(netNsDir, newNetNsDir, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "") + err = unix.Mount(xdgRuntimeDir, newXDGRuntimeDir, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "") if err != nil { - return errors.Wrap(err, "failed to mount netns directory for rootless cni") + return errors.Wrap(err, "failed to mount runtime directory for rootless cni") } // 2. Also keep /run/systemd if it exists. |