Add support for slirp network for pods

flag --network=slirp4netns[options] for root and rootless pods

Signed-off-by: Ashley Cui <acui@redhat.com>

5 files changed, 29 insertions, 2 deletions

diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go
index 60e19fe05..a4115eb92 100644
--- a/libpod/define/pod_inspect.go
+++ b/libpod/define/pod_inspect.go
@@ -89,6 +89,8 @@ type InspectPodInfraConfig struct {
 	HostAdd []string
 	// Networks is a list of CNI networks the pod will join.
 	Networks []string
+	// NetworkOptions are additional options for each network
+	NetworkOptions map[string][]string
 }
 
 // InspectPodContainerInfo contains information on a container in a pod.
diff --git a/libpod/options.go b/libpod/options.go
index f7b3419e5..f7190d0e3 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -2203,3 +2203,23 @@ func WithPodInfraExitCommand(exitCmd []string) PodCreateOption {
 		return nil
 	}
 }
+
+// WithPodSlirp4netns tells the pod to use slirp4netns.
+func WithPodSlirp4netns(networkOptions map[string][]string) PodCreateOption {
+	return func(pod *Pod) error {
+		if pod.valid {
+			return define.ErrPodFinalized
+		}
+
+		if !pod.config.InfraContainer.HasInfraContainer {
+			return errors.Wrapf(define.ErrInvalidArg, "cannot configure pod networking as no infra container is being created")
+		}
+		if pod.config.InfraContainer.HostNetwork {
+			return errors.Wrapf(define.ErrInvalidArg, "cannot set both HostNetwork and Slirp4netns")
+		}
+		pod.config.InfraContainer.Slirp4netns = true
+		pod.config.InfraContainer.NetworkOptions = networkOptions
+
+		return nil
+	}
+}
diff --git a/libpod/pod.go b/libpod/pod.go
index 709184008..a5a0532be 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -107,6 +107,8 @@ type InfraContainerConfig struct {
 	ExitCommand        []string             `json:"exitCommand,omitempty"`
 	InfraImage         string               `json:"infraImage,omitempty"`
 	InfraCommand       []string             `json:"infraCommand,omitempty"`
+	Slirp4netns        bool                 `json:"slirp4netns,omitempty"`
+	NetworkOptions     map[string][]string  `json:"network_options,omitempty"`
 }
 
 // ID retrieves the pod's ID
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index ec4cc08f7..0ae180356 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -584,7 +584,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
 			infraConfig.Networks = make([]string, 0, len(p.config.InfraContainer.Networks))
 			infraConfig.Networks = append(infraConfig.Networks, p.config.InfraContainer.Networks...)
 		}
-
+		infraConfig.NetworkOptions = p.config.InfraContainer.NetworkOptions
 		infraConfig.PortBindings = makeInspectPortBindings(p.config.InfraContainer.PortBindings)
 	}
 
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index 164068638..e8e71afd1 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -77,8 +77,11 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 		// Since user namespace sharing is not implemented, we only need to check if it's rootless
 		if !p.config.InfraContainer.HostNetwork {
 			netmode := "bridge"
-			if isRootless {
+			if isRootless || p.config.InfraContainer.Slirp4netns {
 				netmode = "slirp4netns"
+				if len(p.config.InfraContainer.NetworkOptions) != 0 {
+					options = append(options, WithNetworkOptions(p.config.InfraContainer.NetworkOptions))
+				}
 			}
 			// PostConfigureNetNS should not be set since user namespace sharing is not implemented
 			// and rootless networking no longer supports post configuration setup