summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-04-05 17:12:14 +0200
committerGitHub <noreply@github.com>2021-04-05 17:12:14 +0200
commit131458e956c74f7879223f278e8c3baf0ed925e9 (patch)
treeb8a01ba00deb71a892a3b98d7a36f87f3fa55dcc /pkg
parent1c8d3d0f6fb83b1e6c99dec759f4ae1c6b2e8f18 (diff)
parentd1e32dc6c6ccb24786cd095befcde761062442a0 (diff)
downloadpodman-131458e956c74f7879223f278e8c3baf0ed925e9.tar.gz
podman-131458e956c74f7879223f278e8c3baf0ed925e9.tar.bz2
podman-131458e956c74f7879223f278e8c3baf0ed925e9.zip
Merge pull request #9423 from Luap99/rootless-cni-no-infra
rootless cni without infra container
Diffstat (limited to 'pkg')
-rw-r--r--pkg/netns/netns_linux.go26
-rw-r--r--pkg/specgen/generate/namespaces.go3
-rw-r--r--pkg/specgen/generate/pod_create.go16
3 files changed, 29 insertions, 16 deletions
diff --git a/pkg/netns/netns_linux.go b/pkg/netns/netns_linux.go
index 0b7d1782c..ecefb65ff 100644
--- a/pkg/netns/netns_linux.go
+++ b/pkg/netns/netns_linux.go
@@ -35,9 +35,9 @@ import (
"golang.org/x/sys/unix"
)
-// get NSRunDir returns the dir of where to create the netNS. When running
+// GetNSRunDir returns the dir of where to create the netNS. When running
// rootless, it needs to be at a location writable by user.
-func getNSRunDir() (string, error) {
+func GetNSRunDir() (string, error) {
if rootless.IsRootless() {
rootlessDir, err := util.GetRuntimeDir()
if err != nil {
@@ -51,15 +51,21 @@ func getNSRunDir() (string, error) {
// NewNS creates a new persistent (bind-mounted) network namespace and returns
// an object representing that namespace, without switching to it.
func NewNS() (ns.NetNS, error) {
- nsRunDir, err := getNSRunDir()
+ b := make([]byte, 16)
+ _, err := rand.Reader.Read(b)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("failed to generate random netns name: %v", err)
}
+ nsName := fmt.Sprintf("cni-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:])
+ return NewNSWithName(nsName)
+}
- b := make([]byte, 16)
- _, err = rand.Reader.Read(b)
+// NewNSWithName creates a new persistent (bind-mounted) network namespace and returns
+// an object representing that namespace, without switching to it.
+func NewNSWithName(name string) (ns.NetNS, error) {
+ nsRunDir, err := GetNSRunDir()
if err != nil {
- return nil, fmt.Errorf("failed to generate random netns name: %v", err)
+ return nil, err
}
// Create the directory for mounting network namespaces
@@ -93,10 +99,8 @@ func NewNS() (ns.NetNS, error) {
}
}
- nsName := fmt.Sprintf("cni-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:])
-
// create an empty file at the mount point
- nsPath := path.Join(nsRunDir, nsName)
+ nsPath := path.Join(nsRunDir, name)
mountPointFd, err := os.Create(nsPath)
if err != nil {
return nil, err
@@ -177,7 +181,7 @@ func NewNS() (ns.NetNS, error) {
// UnmountNS unmounts the NS held by the netns object
func UnmountNS(ns ns.NetNS) error {
- nsRunDir, err := getNSRunDir()
+ nsRunDir, err := GetNSRunDir()
if err != nil {
return err
}
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index b87375a92..845dfdad7 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -236,9 +236,6 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
case specgen.Private:
fallthrough
case specgen.Bridge:
- if postConfigureNetNS && rootless.IsRootless() {
- return nil, errors.New("CNI networks not supported with user namespaces")
- }
portMappings, err := createPortMappings(ctx, s, img)
if err != nil {
return nil, err
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 5d7bf1930..20151f016 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -4,6 +4,7 @@ import (
"context"
"github.com/containers/podman/v3/libpod"
+ "github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -94,8 +95,19 @@ func createPodOptions(p *specgen.PodSpecGenerator, rt *libpod.Runtime) ([]libpod
}
switch p.NetNS.NSMode {
- case specgen.Bridge, specgen.Default, "":
- logrus.Debugf("Pod using default network mode")
+ case specgen.Default, "":
+ if p.NoInfra {
+ logrus.Debugf("No networking because the infra container is missing")
+ break
+ }
+ if rootless.IsRootless() {
+ logrus.Debugf("Pod will use slirp4netns")
+ options = append(options, libpod.WithPodSlirp4netns(p.NetworkOptions))
+ } else {
+ logrus.Debugf("Pod using bridge network mode")
+ }
+ case specgen.Bridge:
+ logrus.Debugf("Pod using bridge network mode")
case specgen.Host:
logrus.Debugf("Pod will use host networking")
options = append(options, libpod.WithPodHostNetwork())