diff options
| author | Brent Baude <bbaude@redhat.com> | 2020-07-14 12:39:24 -0500 |
|---|---|---|
| committer | Matthew Heon <matthew.heon@pm.me> | 2020-07-22 14:13:43 -0400 |
| commit | c6852ee516abe3e1c4e5e31168d85d7cd446ce36 (patch) | |
| tree | c99dba6af62b3c767b9a0f9a8d18201fad3e5445 /pkg/specgen | |
| parent | c31dc9b26054104c749cf7551f92b888a24c2586 (diff) | |
| download | podman-c6852ee516abe3e1c4e5e31168d85d7cd446ce36.tar.gz podman-c6852ee516abe3e1c4e5e31168d85d7cd446ce36.tar.bz2 podman-c6852ee516abe3e1c4e5e31168d85d7cd446ce36.zip | |
Error on rootless mac and ip addresses
When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125.
Fixes: #6972
Signed-off-by: Brent Baude <bbaude@redhat.com>
<MH: Fixed build after cherry-pick>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Diffstat (limited to 'pkg/specgen')
| -rw-r--r-- | pkg/specgen/container_validate.go | 9 | ||||
| -rw-r--r-- | pkg/specgen/pod_validate.go | 11 | ||||
| -rw-r--r-- | pkg/specgen/specgen.go | 10 |
3 files changed, 30 insertions, 0 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 9b544367d..57dd2aba7 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -25,6 +25,15 @@ func exclusiveOptions(opt1, opt2 string) error { // input for creating a container. func (s *SpecGenerator) Validate() error { + if rootless.IsRootless() { + if s.StaticIP != nil || s.StaticIPv6 != nil { + return ErrNoStaticIPRootless + } + if s.StaticMAC != nil { + return ErrNoStaticMACRootless + } + } + // // ContainerBasicConfig // diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go index 070bb1e41..69c3b58ed 100644 --- a/pkg/specgen/pod_validate.go +++ b/pkg/specgen/pod_validate.go @@ -1,6 +1,7 @@ package specgen import ( + "github.com/containers/libpod/v2/pkg/rootless" "github.com/containers/libpod/v2/pkg/util" "github.com/pkg/errors" ) @@ -18,6 +19,16 @@ func exclusivePodOptions(opt1, opt2 string) error { // Validate verifies the input is valid func (p *PodSpecGenerator) Validate() error { + + if rootless.IsRootless() { + if p.StaticIP != nil { + return ErrNoStaticIPRootless + } + if p.StaticMAC != nil { + return ErrNoStaticMACRootless + } + } + // PodBasicConfig if p.NoInfra { if len(p.InfraCommand) > 0 { diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 327c15c5a..91bc36709 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -1,6 +1,7 @@ package specgen import ( + "errors" "net" "syscall" @@ -449,6 +450,15 @@ type PortMapping struct { Protocol string `json:"protocol,omitempty"` } +var ( + // ErrNoStaticIPRootless is used when a rootless user requests to assign a static IP address + // to a pod or container + ErrNoStaticIPRootless error = errors.New("rootless containers and pods cannot be assigned static IP addresses") + // ErrNoStaticMACRootless is used when a rootless user requests to assign a static MAC address + // to a pod or container + ErrNoStaticMACRootless error = errors.New("rootless containers and pods cannot be assigned static MAC addresses") +) + // NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs func NewSpecGenerator(arg string, rootfs bool) *SpecGenerator { csc := ContainerStorageConfig{} |