diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-07-25 15:15:13 +0200 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-07-31 13:39:29 +0000 |
| commit | cfcd92847684fc65949350b7cdc4769ad1099d46 (patch) | |
| tree | afb9f946fb54fc990d83b9814b77e522b9bd4221 /libpod/networking_linux.go | |
| parent | 5b9c60cc10f7dec6d0b030ad16646728f30a67e9 (diff) | |
| download | podman-cfcd92847684fc65949350b7cdc4769ad1099d46.tar.gz podman-cfcd92847684fc65949350b7cdc4769ad1099d46.tar.bz2 podman-cfcd92847684fc65949350b7cdc4769ad1099d46.zip | |
network: add support for rootless network with slirp4netns
slirp4netns is required to setup the network namespace:
https://github.com/rootless-containers/slirp4netns
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1156
Approved by: rhatdan
Diffstat (limited to 'libpod/networking_linux.go')
| -rw-r--r-- | libpod/networking_linux.go | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index dbc68e04b..2186b4ac9 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -6,9 +6,11 @@ import ( "crypto/rand" "fmt" "os" + "os/exec" "path/filepath" "strconv" "strings" + "syscall" cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" @@ -93,6 +95,42 @@ func (r *Runtime) createNetNS(ctr *Container) (err error) { return r.configureNetNS(ctr, ctrNS) } +// Configure the network namespace for a rootless container +func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { + defer ctr.rootlessSlirpSyncR.Close() + defer ctr.rootlessSlirpSyncW.Close() + + path, err := exec.LookPath("slirp4netns") + if err != nil { + logrus.Errorf("could not find slirp4netns, the network namespace won't be configured: %v", err) + return nil + } + + syncR, syncW, err := os.Pipe() + if err != nil { + return errors.Wrapf(err, "failed to open pipe") + } + defer syncR.Close() + defer syncW.Close() + + cmd := exec.Command(path, "-c", "-e", "3", "-r", "4", fmt.Sprintf("%d", ctr.state.PID), "tap0") + + cmd.SysProcAttr = &syscall.SysProcAttr{ + Setpgid: true, + } + cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncR, syncW) + + if err := cmd.Start(); err != nil { + return errors.Wrapf(err, "failed to start process") + } + + b := make([]byte, 16) + if _, err := syncR.Read(b); err != nil { + return errors.Wrapf(err, "failed to read from sync pipe") + } + return nil +} + // Configure the network namespace using the container process func (r *Runtime) setupNetNS(ctr *Container) (err error) { nsProcess := fmt.Sprintf("/proc/%d/ns/net", ctr.state.PID) |