diff options
| author | Matthew Heon <matthew.heon@gmail.com> | 2017-12-06 16:43:23 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-12-14 23:59:21 +0000 |
| commit | ff9c965335af0258bd34edae31699a87a03689a9 (patch) | |
| tree | 71e308867fe885a2c94181e8631c9c9cf8793f7d | |
| parent | 0ff92f8e20edb46eb8a9d82b929e153bcdaa3044 (diff) | |
| download | podman-ff9c965335af0258bd34edae31699a87a03689a9.tar.gz podman-ff9c965335af0258bd34edae31699a87a03689a9.tar.bz2 podman-ff9c965335af0258bd34edae31699a87a03689a9.zip | |
Create new network namespaces when initializing containers
Also fix a few lingering lint issues
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #109
Approved by: mheon
| -rw-r--r-- | libpod/container.go | 18 | ||||
| -rw-r--r-- | libpod/networking.go | 8 | ||||
| -rw-r--r-- | libpod/sql_state.go | 2 |
3 files changed, 23 insertions, 5 deletions
diff --git a/libpod/container.go b/libpod/container.go index ada037531..15ad1f49a 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -551,6 +551,20 @@ func (c *Container) Init() (err error) { return err } + // Make a network namespace for the container + if c.config.CreateNetNS && c.state.NetNS == nil { + if err := c.runtime.createNetNS(c); err != nil { + return err + } + } + defer func() { + if err != nil { + if err2 := c.runtime.teardownNetNS(c); err2 != nil { + logrus.Errorf("Error tearing down network namespace for container %s: %v", c.ID(), err2) + } + } + }() + // If the OCI spec already exists, we need to replace it // Cannot guarantee some things, e.g. network namespaces, have the same // paths @@ -580,6 +594,10 @@ func (c *Container) Init() (err error) { // Save OCI spec to disk g := generate.NewFromSpec(c.config.Spec) + // If network namespace was requested, add it now + if c.config.CreateNetNS { + g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()) + } // Mount ShmDir from host into container g.AddBindMount(c.config.ShmDir, "/dev/shm", []string{"rw"}) // Bind mount resolv.conf diff --git a/libpod/networking.go b/libpod/networking.go index f613ad5f8..24e6339d7 100644 --- a/libpod/networking.go +++ b/libpod/networking.go @@ -20,19 +20,19 @@ func getPodNetwork(id, name, nsPath string, ports []ocicni.PortMapping) ocicni.P // Create and configure a new network namespace for a container func (r *Runtime) createNetNS(ctr *Container) (err error) { - ns, err := ns.NewNS() + ctrNS, err := ns.NewNS() if err != nil { return errors.Wrapf(err, "error creating network namespace for container %s", ctr.ID()) } defer func() { if err != nil { - if err2 := ns.Close(); err2 != nil { + if err2 := ctrNS.Close(); err2 != nil { logrus.Errorf("Error closing partially created network namespace for container %s: %v", ctr.ID(), err2) } } }() - podNetwork := getPodNetwork(ctr.ID(), ctr.Name(), ns.Path(), ctr.config.PortMappings) + podNetwork := getPodNetwork(ctr.ID(), ctr.Name(), ctrNS.Path(), ctr.config.PortMappings) if err := r.netPlugin.SetUpPod(podNetwork); err != nil { return errors.Wrapf(err, "error configuring network namespace for container %s", ctr.ID()) @@ -40,7 +40,7 @@ func (r *Runtime) createNetNS(ctr *Container) (err error) { // TODO hostport mappings for forwarded ports - ctr.state.NetNS = ns + ctr.state.NetNS = ctrNS return nil } diff --git a/libpod/sql_state.go b/libpod/sql_state.go index 97df749e9..5248ee87a 100644 --- a/libpod/sql_state.go +++ b/libpod/sql_state.go @@ -482,7 +482,7 @@ func (s *SQLState) UpdateContainer(ctr *Container) error { } newState.NetNS = ns } - } else { + } else { // The container no longer has a network namespace // Tear down the old one if err := s.runtime.teardownNetNS(ctr); err != nil { |