aboutsummaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
authorBrent Baude <bbaude@redhat.com>2020-07-14 12:39:24 -0500
committerBrent Baude <bbaude@redhat.com>2020-07-15 07:06:58 -0500
commitc58127602e57ad489bd951760026dccd7593eeaf (patch)
treef6498628033dfaa81e173bd2eec1869e3b1773fe /pkg/specgen
parent60127cf5e88ef53748cb601d7c27f082d284e7f4 (diff)
downloadpodman-c58127602e57ad489bd951760026dccd7593eeaf.tar.gz
podman-c58127602e57ad489bd951760026dccd7593eeaf.tar.bz2
podman-c58127602e57ad489bd951760026dccd7593eeaf.zip
Error on rootless mac and ip addresses
When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125. Fixes: #6972 Signed-off-by: Brent Baude <bbaude@redhat.com>
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/container_validate.go9
-rw-r--r--pkg/specgen/pod_validate.go11
-rw-r--r--pkg/specgen/specgen.go10
3 files changed, 30 insertions, 0 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index bf03ff0e7..622313a04 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -28,6 +28,15 @@ func exclusiveOptions(opt1, opt2 string) error {
// input for creating a container.
func (s *SpecGenerator) Validate() error {
+ if rootless.IsRootless() {
+ if s.StaticIP != nil || s.StaticIPv6 != nil {
+ return ErrNoStaticIPRootless
+ }
+ if s.StaticMAC != nil {
+ return ErrNoStaticMACRootless
+ }
+ }
+
//
// ContainerBasicConfig
//
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index 070bb1e41..69c3b58ed 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -1,6 +1,7 @@
package specgen
import (
+ "github.com/containers/libpod/v2/pkg/rootless"
"github.com/containers/libpod/v2/pkg/util"
"github.com/pkg/errors"
)
@@ -18,6 +19,16 @@ func exclusivePodOptions(opt1, opt2 string) error {
// Validate verifies the input is valid
func (p *PodSpecGenerator) Validate() error {
+
+ if rootless.IsRootless() {
+ if p.StaticIP != nil {
+ return ErrNoStaticIPRootless
+ }
+ if p.StaticMAC != nil {
+ return ErrNoStaticMACRootless
+ }
+ }
+
// PodBasicConfig
if p.NoInfra {
if len(p.InfraCommand) > 0 {
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 16d4b7c8c..17583d82a 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -1,6 +1,7 @@
package specgen
import (
+ "errors"
"net"
"syscall"
@@ -469,6 +470,15 @@ type PortMapping struct {
Protocol string `json:"protocol,omitempty"`
}
+var (
+ // ErrNoStaticIPRootless is used when a rootless user requests to assign a static IP address
+ // to a pod or container
+ ErrNoStaticIPRootless error = errors.New("rootless containers and pods cannot be assigned static IP addresses")
+ // ErrNoStaticMACRootless is used when a rootless user requests to assign a static MAC address
+ // to a pod or container
+ ErrNoStaticMACRootless error = errors.New("rootless containers and pods cannot be assigned static MAC addresses")
+)
+
// NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs
func NewSpecGenerator(arg string, rootfs bool) *SpecGenerator {
csc := ContainerStorageConfig{}