summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Holzinger <paul.holzinger@web.de>2021-02-18 14:53:53 +0100
committerPaul Holzinger <paul.holzinger@web.de>2021-04-01 17:27:03 +0200
commit00b2ec5e6f8ad332411271df1bdd968493cab2c2 (patch)
tree69485fd451bdb144ce8914af23a746639b21a745
parent54b588c07d05858c9bbc523eeff0badb85d53f76 (diff)
downloadpodman-00b2ec5e6f8ad332411271df1bdd968493cab2c2.tar.gz
podman-00b2ec5e6f8ad332411271df1bdd968493cab2c2.tar.bz2
podman-00b2ec5e6f8ad332411271df1bdd968493cab2c2.zip
Add rootless support for cni and --uidmap
This is supported with the new rootless cni logic. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
-rw-r--r--libpod/container_internal.go4
-rw-r--r--libpod/networking_linux.go7
-rw-r--r--pkg/specgen/generate/namespaces.go3
-rw-r--r--test/e2e/run_networking_test.go20
4 files changed, 18 insertions, 16 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 106e2569b..a53027ab2 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -966,9 +966,7 @@ func (c *Container) completeNetworkSetup() error {
if err := c.syncContainer(); err != nil {
return err
}
- if rootless.IsRootless() {
- return c.runtime.setupRootlessNetNS(c)
- } else if c.config.NetMode.IsSlirp4netns() {
+ if c.config.NetMode.IsSlirp4netns() {
return c.runtime.setupSlirp4netns(c)
}
if err := c.runtime.setupNetNS(c); err != nil {
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index aac02d8cc..1bfb82cdb 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -972,8 +972,11 @@ func (r *Runtime) setupNetNS(ctr *Container) error {
if _, err := rand.Reader.Read(b); err != nil {
return errors.Wrapf(err, "failed to generate random netns name")
}
-
- nsPath := fmt.Sprintf("/run/netns/cni-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:])
+ nsPath, err := netns.GetNSRunDir()
+ if err != nil {
+ return err
+ }
+ nsPath = filepath.Join(nsPath, fmt.Sprintf("cni-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:]))
if err := os.MkdirAll(filepath.Dir(nsPath), 0711); err != nil {
return err
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index b87375a92..845dfdad7 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -236,9 +236,6 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
case specgen.Private:
fallthrough
case specgen.Bridge:
- if postConfigureNetNS && rootless.IsRootless() {
- return nil, errors.New("CNI networks not supported with user namespaces")
- }
portMappings, err := createPortMappings(ctx, s, img)
if err != nil {
return nil, err
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 0e6e636bc..43eb8fe4e 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -641,22 +641,26 @@ var _ = Describe("Podman run networking", func() {
Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
})
- It("podman rootless fails custom CNI network with --uidmap", func() {
- SkipIfNotRootless("The configuration works with rootless")
-
+ It("podman cni network works across user ns", func() {
netName := stringid.GenerateNonCryptoID()
create := podmanTest.Podman([]string{"network", "create", netName})
create.WaitWithDefaultTimeout()
Expect(create.ExitCode()).To(BeZero())
defer podmanTest.removeCNINetwork(netName)
- run := podmanTest.Podman([]string{"run", "--rm", "--net", netName, "--uidmap", "0:1:4096", ALPINE, "true"})
+ name := "nc-server"
+ run := podmanTest.Podman([]string{"run", "-d", "--name", name, "--net", netName, ALPINE, "nc", "-l", "-p", "8080"})
+ run.WaitWithDefaultTimeout()
+ Expect(run.ExitCode()).To(Equal(0))
+
+ run = podmanTest.Podman([]string{"run", "--rm", "--net", netName, "--uidmap", "0:1:4096", ALPINE, "sh", "-c", fmt.Sprintf("echo podman | nc -w 1 %s.dns.podman 8080", name)})
run.WaitWithDefaultTimeout()
- Expect(run.ExitCode()).To(Equal(125))
+ Expect(run.ExitCode()).To(Equal(0))
- remove := podmanTest.Podman([]string{"network", "rm", netName})
- remove.WaitWithDefaultTimeout()
- Expect(remove.ExitCode()).To(BeZero())
+ log := podmanTest.Podman([]string{"logs", name})
+ log.WaitWithDefaultTimeout()
+ Expect(log.ExitCode()).To(Equal(0))
+ Expect(log.OutputToString()).To(Equal("podman"))
})
It("podman run with new:pod and static-ip", func() {