Merge pull request #7460 from AkihiroSuda/allow-rootless-cni

rootless: support `podman network create` (CNI-in-slirp4netns)
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2020-09-10 14:00:49 -0400
committer: GitHub <noreply@github.com> 2020-09-10 14:00:49 -0400
commit: 2f0e803e7605570cd073ddffc8110a6b9d466a17 (patch)
tree: a08b56eea43da3fa92f0cb88b48606a9f7f014b4 /libpod/networking_linux.go
parent: 8d78605929fc7251e31aee35fcc166afe03a2a80 (diff)
parent: f82abc774a70419bc7a2ff444a323110e1d9d938 (diff)
download: podman-2f0e803e7605570cd073ddffc8110a6b9d466a17.tar.gz
podman-2f0e803e7605570cd073ddffc8110a6b9d466a17.tar.bz2
podman-2f0e803e7605570cd073ddffc8110a6b9d466a17.zip
1 files changed, 23 insertions, 1 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 6f266e5d6..c0508ce39 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -4,6 +4,7 @@ package libpod
 
 import (
 	"bytes"
+	"context"
 	"crypto/rand"
 	"fmt"
 	"io"
@@ -208,6 +209,20 @@ func checkSlirpFlags(path string) (*slirpFeatures, error) {
 
 // Configure the network namespace for a rootless container
 func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
+	if ctr.config.NetMode.IsSlirp4netns() {
+		return r.setupSlirp4netns(ctr)
+	}
+	if len(ctr.config.Networks) > 0 {
+		// set up port forwarder for CNI-in-slirp4netns
+		netnsPath := ctr.state.NetNS.Path()
+		// TODO: support slirp4netns port forwarder as well
+		return r.setupRootlessPortMappingViaRLK(ctr, netnsPath)
+	}
+	return nil
+}
+
+// setupSlirp4netns can be called in rootful as well as in rootless
+func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	path := r.config.Engine.NetworkCmdPath
 
 	if path == "" {
@@ -711,7 +726,7 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
 
 	logrus.Debugf("Tearing down network namespace at %s for container %s", ctr.state.NetNS.Path(), ctr.ID())
 
-	// rootless containers do not use the CNI plugin
+	// rootless containers do not use the CNI plugin directly
 	if !rootless.IsRootless() && !ctr.config.NetMode.IsSlirp4netns() {
 		var requestedIP net.IP
 		if ctr.requestedIP != nil {
@@ -738,6 +753,13 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
 		}
 	}
 
+	// CNI-in-slirp4netns
+	if rootless.IsRootless() && len(ctr.config.Networks) != 0 {
+		if err := DeallocRootlessCNI(context.Background(), ctr); err != nil {
+			return errors.Wrapf(err, "error tearing down CNI-in-slirp4netns for container %s", ctr.ID())
+		}
+	}
+
 	// First unmount the namespace
 	if err := netns.UnmountNS(ctr.state.NetNS); err != nil {
 		return errors.Wrapf(err, "error unmounting network namespace for container %s", ctr.ID())
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2020-09-10 14:00:49 -0400
committer	GitHub <noreply@github.com>	2020-09-10 14:00:49 -0400
commit	2f0e803e7605570cd073ddffc8110a6b9d466a17 (patch)
tree	a08b56eea43da3fa92f0cb88b48606a9f7f014b4 /libpod/networking_linux.go
parent	8d78605929fc7251e31aee35fcc166afe03a2a80 (diff)
parent	f82abc774a70419bc7a2ff444a323110e1d9d938 (diff)
download	podman-2f0e803e7605570cd073ddffc8110a6b9d466a17.tar.gz podman-2f0e803e7605570cd073ddffc8110a6b9d466a17.tar.bz2 podman-2f0e803e7605570cd073ddffc8110a6b9d466a17.zip