diff options
| author | Gabi Beyer <gabrielle.n.beyer@intel.com> | 2019-06-12 17:31:18 +0000 |
|---|---|---|
| committer | gabi beyer <gabrielle.n.beyer@intel.com> | 2019-07-30 23:28:52 +0000 |
| commit | 80dcd4bebcdc8e280f6b43228561d09c194c328b (patch) | |
| tree | 8cbea1af853ef8d095e35f7f5831d2609c3d24e4 /libpod/container_internal_linux.go | |
| parent | ef8834aeab8df79452709c13ffbd0041e7cf7e81 (diff) | |
| download | podman-80dcd4bebcdc8e280f6b43228561d09c194c328b.tar.gz podman-80dcd4bebcdc8e280f6b43228561d09c194c328b.tar.bz2 podman-80dcd4bebcdc8e280f6b43228561d09c194c328b.zip | |
rootless: Rearrange setup of rootless containers
In order to run Podman with VM-based runtimes unprivileged, the
network must be set up prior to the container creation. Therefore
this commit modifies Podman to run rootless containers by:
1. create a network namespace
2. pass the netns persistent mount path to the slirp4netns
to create the tap inferface
3. pass the netns path to the OCI spec, so the runtime can
enter the netns
Closes #2897
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Diffstat (limited to 'libpod/container_internal_linux.go')
| -rw-r--r-- | libpod/container_internal_linux.go | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index afcf51a11..52eb24be5 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -63,12 +63,12 @@ func (c *Container) unmountSHM(mount string) error { // namespaces func (c *Container) prepare() (err error) { var ( - wg sync.WaitGroup - netNS ns.NetNS - networkStatus []*cnitypes.Result - createNetNSErr, mountStorageErr error - mountPoint string - tmpStateLock sync.Mutex + wg sync.WaitGroup + netNS ns.NetNS + networkStatus []*cnitypes.Result + createNetNSErr, mountStorageErr, rootlessSetupErr error + mountPoint string + tmpStateLock sync.Mutex ) wg.Add(2) @@ -87,6 +87,11 @@ func (c *Container) prepare() (err error) { c.state.NetNS = netNS c.state.NetworkStatus = networkStatus } + + // Setup rootless networking, requires c.state.NetNS to be set + if rootless.IsRootless() { + rootlessSetupErr = c.runtime.setupRootlessNetNS(c) + } } }() // Mount storage if not mounted @@ -132,6 +137,10 @@ func (c *Container) prepare() (err error) { return mountStorageErr } + if rootlessSetupErr != nil { + return rootlessSetupErr + } + // Save the container return c.save() } |