aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorPaul Holzinger <pholzing@redhat.com>2021-06-21 14:01:56 +0200
committerPaul Holzinger <pholzing@redhat.com>2021-06-22 16:00:47 +0200
commite014608539c251e917ff675b12b22c6f92f0deac (patch)
tree4dec2d64590753734c1872da8a2d580aa3bf227f /libpod
parented511d27d7d2198624dcda41b9e06e9e582e5c20 (diff)
downloadpodman-e014608539c251e917ff675b12b22c6f92f0deac.tar.gz
podman-e014608539c251e917ff675b12b22c6f92f0deac.tar.bz2
podman-e014608539c251e917ff675b12b22c6f92f0deac.zip
Do not use inotify for OCICNI
Podman does not need to watch the cni config directory. If a network is not found in the cache, OCICNI will reload the networks anyway and thus even podman system service should work as expected. Also include a change to not mount a "new" /var by default in the rootless cni ns, instead try to use /var/lib/cni first and then the parent dir. This allows users to store cni configs under /var/... which is the case for the CI compose test. [NO TESTS NEEDED] Fixes #10686 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/networking_linux.go34
-rw-r--r--libpod/runtime.go2
2 files changed, 28 insertions, 8 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 5446841f6..9145569fb 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -46,6 +46,9 @@ const (
// rootlessCNINSName is the file name for the rootless network namespace bind mount
rootlessCNINSName = "rootless-cni-ns"
+
+ // persistentCNIDir is the directory where the CNI files are stored
+ persistentCNIDir = "/var/lib/cni"
)
// Get an OCICNI network config
@@ -150,14 +153,31 @@ func (r *RootlessCNI) Do(toRun func() error) error {
}
}
- // cni plugins need access to /var and /run
- runDir := filepath.Join(r.dir, "run")
- varDir := filepath.Join(r.dir, "var")
+ // cni plugins need access to /var/lib/cni and /run
+ varDir := ""
+ varTarget := persistentCNIDir
+ // we can only mount to a target dir which exists, check /var/lib/cni recursively
+ // while we could always use /var there are cases where a user might store the cni
+ // configs under /var/custom and this would break
+ for {
+ if _, err := os.Stat(varTarget); err == nil {
+ varDir = filepath.Join(r.dir, strings.TrimPrefix(varTarget, "/"))
+ break
+ }
+ varTarget = filepath.Base(varTarget)
+ if varTarget == "/" {
+ break
+ }
+ }
+ if varDir == "" {
+ return errors.New("failed to stat /var directory")
+ }
// make sure to mount var first
- err = unix.Mount(varDir, "/var", "none", unix.MS_BIND, "")
+ err = unix.Mount(varDir, varTarget, "none", unix.MS_BIND, "")
if err != nil {
- return errors.Wrap(err, "failed to mount /var for rootless cni")
+ return errors.Wrapf(err, "failed to mount %s for rootless cni", varTarget)
}
+ runDir := filepath.Join(r.dir, "run")
// recursive mount to keep the netns mount
err = unix.Mount(runDir, "/run", "none", unix.MS_BIND|unix.MS_REC, "")
if err != nil {
@@ -385,7 +405,7 @@ func (r *Runtime) GetRootlessCNINetNs(new bool) (*RootlessCNI, error) {
// create cni directories to store files
// they will be bind mounted to the correct location in a extra mount ns
- err = os.MkdirAll(filepath.Join(cniDir, "var"), 0700)
+ err = os.MkdirAll(filepath.Join(cniDir, strings.TrimPrefix(persistentCNIDir, "/")), 0700)
if err != nil {
return nil, errors.Wrap(err, "could not create rootless-cni var directory")
}
@@ -1043,7 +1063,7 @@ func resultToBasicNetworkConfig(result *cnitypes.Result) (define.InspectBasicNet
// after itself on an unclean reboot. Return what we're pretty sure is the path
// to CNI's internal files (it's not really exposed to us).
func getCNINetworksDir() (string, error) {
- return "/var/lib/cni/networks", nil
+ return filepath.Join(persistentCNIDir, "networks"), nil
}
type logrusDebugWriter struct {
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 84649bf3e..f53789e89 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -468,7 +468,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) {
}
// Set up the CNI net plugin
- netPlugin, err := ocicni.InitCNI(runtime.config.Network.DefaultNetwork, runtime.config.Network.NetworkConfigDir, runtime.config.Network.CNIPluginDirs...)
+ netPlugin, err := ocicni.InitCNINoInotify(runtime.config.Network.DefaultNetwork, runtime.config.Network.NetworkConfigDir, "", runtime.config.Network.CNIPluginDirs...)
if err != nil {
return errors.Wrapf(err, "error configuring CNI network plugin")
}