diff options
| author | Gabi Beyer <gabrielle.n.beyer@intel.com> | 2019-06-12 17:31:18 +0000 |
|---|---|---|
| committer | Marco Vedovati <mvedovati@suse.com> | 2019-09-24 11:01:28 +0200 |
| commit | 5813c8246eb32205cc3e68a293c6cf3eb2ba291d (patch) | |
| tree | 1e497c09fbe9cb762fd1f0c8ee0554f2fd060e9e /pkg/spec | |
| parent | 6ce8d05a5b06d97a2897411fcbd4da6a3abb4d65 (diff) | |
| download | podman-5813c8246eb32205cc3e68a293c6cf3eb2ba291d.tar.gz podman-5813c8246eb32205cc3e68a293c6cf3eb2ba291d.tar.bz2 podman-5813c8246eb32205cc3e68a293c6cf3eb2ba291d.zip | |
rootless: Rearrange setup of rootless containers
In order to run Podman with VM-based runtimes unprivileged, the
network must be set up prior to the container creation. Therefore
this commit modifies Podman to run rootless containers by:
1. create a network namespace
2. pass the netns persistent mount path to the slirp4netns
to create the tap inferface
3. pass the netns path to the OCI spec, so the runtime can
enter the netns
Closes #2897
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Diffstat (limited to 'pkg/spec')
| -rw-r--r-- | pkg/spec/createconfig.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index c17172016..7c3195be4 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -275,7 +275,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l options = append(options, libpod.WithNetNSFrom(connectedCtr)) } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { hasUserns := c.UsernsMode.IsContainer() || c.UsernsMode.IsNS() || len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0 - postConfigureNetNS := c.NetMode.IsSlirp4netns() || (hasUserns && !c.UsernsMode.IsHost()) + postConfigureNetNS := hasUserns && !c.UsernsMode.IsHost() options = append(options, libpod.WithNetNS(portBindings, postConfigureNetNS, string(c.NetMode), networks)) } |