diff options
author | Matthew Heon <mheon@redhat.com> | 2020-11-03 10:01:21 -0500 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2020-11-04 13:42:58 -0500 |
commit | a4da384b559796ecbf49746e655876138d494864 (patch) | |
tree | 50e87b3ea83db2dc4dc8acd9484867ed33fafbd9 /pkg/specgen/generate/container.go | |
parent | 4d87306fbe06674b16f188fea187282f29c0dc58 (diff) | |
download | podman-a4da384b559796ecbf49746e655876138d494864.tar.gz podman-a4da384b559796ecbf49746e655876138d494864.tar.bz2 podman-a4da384b559796ecbf49746e655876138d494864.zip |
Ensure that --net=host/pod/container/none warn with -p
Setting port mappings only works when CNI is configuring our
network (or slirp4netns, in the rootless case). This is not the
case with `--net=host`, `--net=container:`, and joining the
network namespace of the pod we are part of. Instead of allowing
users to do these things and then be confused why they do
nothing, let's match Docker and return a warning that your port
mappings will do nothing.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'pkg/specgen/generate/container.go')
-rw-r--r-- | pkg/specgen/generate/container.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 2ee8f2441..c7e62d185 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -257,7 +257,19 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat } } - return verifyContainerResources(s) + warnings, err := verifyContainerResources(s) + if err != nil { + return warnings, err + } + + // Warn on net=host/container/pod/none and port mappings. + if (s.NetNS.NSMode == specgen.Host || s.NetNS.NSMode == specgen.FromContainer || + s.NetNS.NSMode == specgen.FromPod || s.NetNS.NSMode == specgen.NoNetwork) && + len(s.PortMappings) > 0 { + warnings = append(warnings, "Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use") + } + + return warnings, nil } // finishThrottleDevices takes the temporary representation of the throttle |