diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-04-20 18:59:19 +0200 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-05-04 17:15:55 +0000 |
| commit | 73078fabcfd2420c47e41843da71dd993f9a0a3e (patch) | |
| tree | 1c98d8ae433c5f148c7af5184777d2348b5b2540 /libpod/container_internal.go | |
| parent | b51d7379987581da82902027fe91cdf298047bc0 (diff) | |
| download | podman-73078fabcfd2420c47e41843da71dd993f9a0a3e.tar.gz podman-73078fabcfd2420c47e41843da71dd993f9a0a3e.tar.bz2 podman-73078fabcfd2420c47e41843da71dd993f9a0a3e.zip | |
networking, userNS: configure the network namespace after create
so that the OCI runtime creates the network namespace from the correct
userNS.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #690
Approved by: mheon
Diffstat (limited to 'libpod/container_internal.go')
| -rw-r--r-- | libpod/container_internal.go | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 73095316e..18b56e23c 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -416,6 +416,16 @@ func (c *Container) checkDependenciesRunningLocked(depCtrs map[string]*Container return notRunning, nil } +func (c *Container) completeNetworkSetup() error { + if !c.config.PostConfigureNetNS { + return nil + } + if err := c.syncContainer(); err != nil { + return err + } + return c.runtime.setupNetNS(c) +} + // Initialize a container, creating it in the runtime func (c *Container) init(ctx context.Context) error { if err := c.makeBindMounts(); err != nil { @@ -442,7 +452,11 @@ func (c *Container) init(ctx context.Context) error { c.state.State = ContainerStateCreated - return c.save() + if err := c.save(); err != nil { + return err + } + + return c.completeNetworkSetup() } // Reinitialize a container @@ -626,7 +640,7 @@ func (c *Container) prepare() (err error) { } // Set up network namespace if not already set up - if c.config.CreateNetNS && c.state.NetNS == nil { + if c.config.CreateNetNS && c.state.NetNS == nil && !c.config.PostConfigureNetNS { if err := c.runtime.createNetNS(c); err != nil { // Tear down storage before exiting to make sure we // don't leak mounts @@ -913,7 +927,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { // If network namespace was requested, add it now if c.config.CreateNetNS { - g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()) + if c.config.PostConfigureNetNS { + g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, "") + } else { + g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()) + } } // Remove the default /dev/shm mount to ensure we overwrite it |