diff options
author | Gabi Beyer <gabrielle.n.beyer@intel.com> | 2019-06-12 17:31:18 +0000 |
---|---|---|
committer | gabi beyer <gabrielle.n.beyer@intel.com> | 2019-07-30 23:28:52 +0000 |
commit | 80dcd4bebcdc8e280f6b43228561d09c194c328b (patch) | |
tree | 8cbea1af853ef8d095e35f7f5831d2609c3d24e4 /pkg/spec | |
parent | ef8834aeab8df79452709c13ffbd0041e7cf7e81 (diff) | |
download | podman-80dcd4bebcdc8e280f6b43228561d09c194c328b.tar.gz podman-80dcd4bebcdc8e280f6b43228561d09c194c328b.tar.bz2 podman-80dcd4bebcdc8e280f6b43228561d09c194c328b.zip |
rootless: Rearrange setup of rootless containers
In order to run Podman with VM-based runtimes unprivileged, the
network must be set up prior to the container creation. Therefore
this commit modifies Podman to run rootless containers by:
1. create a network namespace
2. pass the netns persistent mount path to the slirp4netns
to create the tap inferface
3. pass the netns path to the OCI spec, so the runtime can
enter the netns
Closes #2897
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Diffstat (limited to 'pkg/spec')
-rw-r--r-- | pkg/spec/createconfig.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 214a3c5ed..b03bcd0dd 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -267,7 +267,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l options = append(options, libpod.WithNetNSFrom(connectedCtr)) } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { hasUserns := c.UsernsMode.IsContainer() || c.UsernsMode.IsNS() || len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0 - postConfigureNetNS := c.NetMode.IsSlirp4netns() || (hasUserns && !c.UsernsMode.IsHost()) + postConfigureNetNS := hasUserns && !c.UsernsMode.IsHost() options = append(options, libpod.WithNetNS(portBindings, postConfigureNetNS, string(c.NetMode), networks)) } |