summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate
diff options
context:
space:
mode:
authorMatthew Heon <mheon@redhat.com>2020-11-03 10:01:21 -0500
committerMatthew Heon <mheon@redhat.com>2020-11-04 13:42:58 -0500
commita4da384b559796ecbf49746e655876138d494864 (patch)
tree50e87b3ea83db2dc4dc8acd9484867ed33fafbd9 /pkg/specgen/generate
parent4d87306fbe06674b16f188fea187282f29c0dc58 (diff)
downloadpodman-a4da384b559796ecbf49746e655876138d494864.tar.gz
podman-a4da384b559796ecbf49746e655876138d494864.tar.bz2
podman-a4da384b559796ecbf49746e655876138d494864.zip
Ensure that --net=host/pod/container/none warn with -p
Setting port mappings only works when CNI is configuring our network (or slirp4netns, in the rootless case). This is not the case with `--net=host`, `--net=container:`, and joining the network namespace of the pod we are part of. Instead of allowing users to do these things and then be confused why they do nothing, let's match Docker and return a warning that your port mappings will do nothing. Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r--pkg/specgen/generate/container.go14
1 files changed, 13 insertions, 1 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 2ee8f2441..c7e62d185 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -257,7 +257,19 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
}
}
- return verifyContainerResources(s)
+ warnings, err := verifyContainerResources(s)
+ if err != nil {
+ return warnings, err
+ }
+
+ // Warn on net=host/container/pod/none and port mappings.
+ if (s.NetNS.NSMode == specgen.Host || s.NetNS.NSMode == specgen.FromContainer ||
+ s.NetNS.NSMode == specgen.FromPod || s.NetNS.NSMode == specgen.NoNetwork) &&
+ len(s.PortMappings) > 0 {
+ warnings = append(warnings, "Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use")
+ }
+
+ return warnings, nil
}
// finishThrottleDevices takes the temporary representation of the throttle