diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-04-15 14:16:34 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-08-19 16:16:06 +0200 |
| commit | 99983e20bbd6af8b88ae11ba53110438d666046b (patch) | |
| tree | 895c7029f2924621cf028ace13cff182e20124a5 /libpod/networking_linux.go | |
| parent | bd0b05f13860b62de389ec67eadd0df6b44d4f4f (diff) | |
| download | podman-99983e20bbd6af8b88ae11ba53110438d666046b.tar.gz podman-99983e20bbd6af8b88ae11ba53110438d666046b.tar.bz2 podman-99983e20bbd6af8b88ae11ba53110438d666046b.zip | |
networking: use firewall plugin
drop the pkg/firewall module and start using the firewall CNI plugin.
It requires an updated package for CNI plugins.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/networking_linux.go')
| -rw-r--r-- | libpod/networking_linux.go | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index bef3f7739..fd14b2f73 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -17,7 +17,6 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" "github.com/containers/libpod/pkg/errorhandling" - "github.com/containers/libpod/pkg/firewall" "github.com/containers/libpod/pkg/netns" "github.com/containers/libpod/pkg/rootless" "github.com/cri-o/ocicni/pkg/ocicni" @@ -86,18 +85,6 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS ns.NetNS) ([]*cnitypes.Re networkStatus = append(networkStatus, resultCurrent) } - // Add firewall rules to ensure the container has network access. - // Will not be necessary once CNI firewall plugin merges upstream. - // https://github.com/containernetworking/plugins/pull/75 - for _, netStatus := range networkStatus { - firewallConf := &firewall.FirewallNetConf{ - PrevResult: netStatus, - } - if err := r.firewallBackend.Add(firewallConf); err != nil { - return nil, errors.Wrapf(err, "error adding firewall rules for container %s", ctr.ID()) - } - } - return networkStatus, nil } @@ -390,26 +377,12 @@ func (r *Runtime) closeNetNS(ctr *Container) error { } // Tear down a network namespace, undoing all state associated with it. -// The CNI firewall rules will be removed, the namespace will be unmounted, -// and the file descriptor associated with it closed. func (r *Runtime) teardownNetNS(ctr *Container) error { if ctr.state.NetNS == nil { // The container has no network namespace, we're set return nil } - // Remove firewall rules we added on configuring the container. - // Will not be necessary once CNI firewall plugin merges upstream. - // https://github.com/containernetworking/plugins/pull/75 - for _, netStatus := range ctr.state.NetworkStatus { - firewallConf := &firewall.FirewallNetConf{ - PrevResult: netStatus, - } - if err := r.firewallBackend.Del(firewallConf); err != nil { - return errors.Wrapf(err, "error removing firewall rules for container %s", ctr.ID()) - } - } - logrus.Debugf("Tearing down network namespace at %s for container %s", ctr.state.NetNS.Path(), ctr.ID()) var requestedIP net.IP |