diff options
| author | Matthew Heon <matthew.heon@pm.me> | 2021-02-01 13:53:14 -0500 |
|---|---|---|
| committer | Matthew Heon <matthew.heon@pm.me> | 2021-02-02 10:35:23 -0500 |
| commit | 931ea939ac85bc0e64d12dc34ac920e9e91c4277 (patch) | |
| tree | e7949abd05b7f8256a23dfc6ba1c5ae1d81cbf4c /libpod/runtime_pod_infra_linux.go | |
| parent | 182e8414d406d3058e985104af98f30a9e8f56fa (diff) | |
| download | podman-931ea939ac85bc0e64d12dc34ac920e9e91c4277.tar.gz podman-931ea939ac85bc0e64d12dc34ac920e9e91c4277.tar.bz2 podman-931ea939ac85bc0e64d12dc34ac920e9e91c4277.zip | |
Allow pods to use --net=none
We need an extra field in the pod infra container config. We may
want to reevaluate that struct at some point, as storing network
modes as bools will rapidly become unsustainable, but that's a
discussion for another time. Otherwise, straightforward plumbing.
Fixes #9165
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Diffstat (limited to 'libpod/runtime_pod_infra_linux.go')
| -rw-r--r-- | libpod/runtime_pod_infra_linux.go | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index dd957527d..564851f4e 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -94,8 +94,16 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm } } - // Since user namespace sharing is not implemented, we only need to check if it's rootless - if !p.config.InfraContainer.HostNetwork { + switch { + case p.config.InfraContainer.HostNetwork: + if err := g.RemoveLinuxNamespace(string(spec.NetworkNamespace)); err != nil { + return nil, errors.Wrapf(err, "error removing network namespace from pod %s infra container", p.ID()) + } + case p.config.InfraContainer.NoNetwork: + // Do nothing - we have a network namespace by default, + // but should not configure slirp. + default: + // Since user namespace sharing is not implemented, we only need to check if it's rootless netmode := "bridge" if isRootless || p.config.InfraContainer.Slirp4netns { netmode = "slirp4netns" @@ -106,8 +114,6 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm // PostConfigureNetNS should not be set since user namespace sharing is not implemented // and rootless networking no longer supports post configuration setup options = append(options, WithNetNS(p.config.InfraContainer.PortBindings, false, netmode, p.config.InfraContainer.Networks)) - } else if err := g.RemoveLinuxNamespace(string(spec.NetworkNamespace)); err != nil { - return nil, errors.Wrapf(err, "error removing network namespace from pod %s infra container", p.ID()) } // For each option in InfraContainerConfig - if set, pass into |