summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorPaul Holzinger <paul.holzinger@web.de>2021-03-29 18:57:54 +0200
committerPaul Holzinger <paul.holzinger@web.de>2021-04-07 15:54:12 +0200
commit0a39ad196cf4af601b0ea32b2c0e0490c9079377 (patch)
treebb13c7343185c3c42356b16a4e9f55508ea6f786 /libpod
parent0e67053b9a26f20e5ccbffdcc5e7a84254ca16b8 (diff)
downloadpodman-0a39ad196cf4af601b0ea32b2c0e0490c9079377.tar.gz
podman-0a39ad196cf4af601b0ea32b2c0e0490c9079377.tar.bz2
podman-0a39ad196cf4af601b0ea32b2c0e0490c9079377.zip
podman unshare: add --rootless-cni to join the ns
Add a new --rootless-cni option to podman unshare to also join the rootless-cni network namespace. This is useful if you want to connect to a rootless container via IP address. This is only possible from the rootless-cni namespace and not from the host namespace. This option also helps to debug problems in the rootless-cni namespace. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/networking_linux.go27
1 files changed, 16 insertions, 11 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 3c4014c73..6e2c2880f 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -105,13 +105,13 @@ func (r *Runtime) getPodNetwork(id, name, nsPath string, networks []string, port
return ctrNetwork
}
-type rootlessCNI struct {
+type RootlessCNI struct {
ns ns.NetNS
dir string
lock lockfile.Locker
}
-func (r *rootlessCNI) Do(toRun func() error) error {
+func (r *RootlessCNI) Do(toRun func() error) error {
err := r.ns.Do(func(_ ns.NetNS) error {
// before we can run the given function
// we have to setup all mounts correctly
@@ -174,9 +174,14 @@ func (r *rootlessCNI) Do(toRun func() error) error {
return err
}
-// cleanup the rootless cni namespace if needed
+// Cleanup the rootless cni namespace if needed
// check if we have running containers with the bridge network mode
-func (r *rootlessCNI) cleanup(runtime *Runtime) error {
+func (r *RootlessCNI) Cleanup(runtime *Runtime) error {
+ _, err := os.Stat(r.dir)
+ if os.IsNotExist(err) {
+ // the directory does not exists no need for cleanup
+ return nil
+ }
r.lock.Lock()
defer r.lock.Unlock()
running := func(c *Container) bool {
@@ -234,10 +239,10 @@ func (r *rootlessCNI) cleanup(runtime *Runtime) error {
return nil
}
-// getRootlessCNINetNs returns the rootless cni object. If create is set to true
+// GetRootlessCNINetNs returns the rootless cni object. If create is set to true
// the rootless cni namespace will be created if it does not exists already.
-func (r *Runtime) getRootlessCNINetNs(new bool) (*rootlessCNI, error) {
- var rootlessCNINS *rootlessCNI
+func (r *Runtime) GetRootlessCNINetNs(new bool) (*RootlessCNI, error) {
+ var rootlessCNINS *RootlessCNI
if rootless.IsRootless() {
runDir, err := util.GetRuntimeDir()
if err != nil {
@@ -421,7 +426,7 @@ func (r *Runtime) getRootlessCNINetNs(new bool) (*rootlessCNI, error) {
os.Setenv("PATH", path)
}
- rootlessCNINS = &rootlessCNI{
+ rootlessCNINS = &RootlessCNI{
ns: ns,
dir: cniDir,
lock: lock,
@@ -433,7 +438,7 @@ func (r *Runtime) getRootlessCNINetNs(new bool) (*rootlessCNI, error) {
// setUpOCICNIPod will set up the cni networks, on error it will also tear down the cni
// networks. If rootless it will join/create the rootless cni namespace.
func (r *Runtime) setUpOCICNIPod(podNetwork ocicni.PodNetwork) ([]ocicni.NetResult, error) {
- rootlessCNINS, err := r.getRootlessCNINetNs(true)
+ rootlessCNINS, err := r.GetRootlessCNINetNs(true)
if err != nil {
return nil, err
}
@@ -651,7 +656,7 @@ func (r *Runtime) closeNetNS(ctr *Container) error {
// Tear down a container's CNI network configuration and joins the
// rootless net ns as rootless user
func (r *Runtime) teardownOCICNIPod(podNetwork ocicni.PodNetwork) error {
- rootlessCNINS, err := r.getRootlessCNINetNs(false)
+ rootlessCNINS, err := r.GetRootlessCNINetNs(false)
if err != nil {
return err
}
@@ -665,7 +670,7 @@ func (r *Runtime) teardownOCICNIPod(podNetwork ocicni.PodNetwork) error {
// execute the cni setup in the rootless net ns
err = rootlessCNINS.Do(tearDownPod)
if err == nil {
- err = rootlessCNINS.cleanup(r)
+ err = rootlessCNINS.Cleanup(r)
}
} else {
err = tearDownPod()