diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-11-30 19:41:26 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-30 19:41:26 +0100 |
| commit | f24812ac3ba969bc5a0628b819699d747c853e36 (patch) | |
| tree | 8fb9008547faab653f14e07dd4f380b325874c06 /pkg | |
| parent | 9f2c8f267e22897719ee8c3a15202afeaedda547 (diff) | |
| parent | a4da384b559796ecbf49746e655876138d494864 (diff) | |
| download | podman-f24812ac3ba969bc5a0628b819699d747c853e36.tar.gz podman-f24812ac3ba969bc5a0628b819699d747c853e36.tar.bz2 podman-f24812ac3ba969bc5a0628b819699d747c853e36.zip | |
Merge pull request #8230 from mheon/port_net_host_conflict
Ensure that --net=host/pod/container conflicts with -p
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/specgen/generate/container.go | 14 | ||||
| -rw-r--r-- | pkg/specgen/namespaces.go | 16 |
2 files changed, 24 insertions, 6 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 2ee8f2441..c7e62d185 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -257,7 +257,19 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat } } - return verifyContainerResources(s) + warnings, err := verifyContainerResources(s) + if err != nil { + return warnings, err + } + + // Warn on net=host/container/pod/none and port mappings. + if (s.NetNS.NSMode == specgen.Host || s.NetNS.NSMode == specgen.FromContainer || + s.NetNS.NSMode == specgen.FromPod || s.NetNS.NSMode == specgen.NoNetwork) && + len(s.PortMappings) > 0 { + warnings = append(warnings, "Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use") + } + + return warnings, nil } // finishThrottleDevices takes the temporary representation of the throttle diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 11108a5c1..9f0dd80de 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -27,19 +27,25 @@ const ( // Private indicates the namespace is private Private NamespaceMode = "private" // NoNetwork indicates no network namespace should - // be joined. loopback should still exists + // be joined. loopback should still exists. + // Only used with the network namespace, invalid otherwise. NoNetwork NamespaceMode = "none" // Bridge indicates that a CNI network stack - // should be used + // should be used. + // Only used with the network namespace, invalid otherwise. Bridge NamespaceMode = "bridge" // Slirp indicates that a slirp4netns network stack should - // be used + // be used. + // Only used with the network namespace, invalid otherwise. Slirp NamespaceMode = "slirp4netns" // KeepId indicates a user namespace to keep the owner uid inside - // of the namespace itself + // of the namespace itself. + // Only used with the user namespace, invalid otherwise. KeepID NamespaceMode = "keep-id" - // KeepId indicates to automatically create a user namespace + // Auto indicates to automatically create a user namespace. + // Only used with the user namespace, invalid otherwise. Auto NamespaceMode = "auto" + // DefaultKernelNamespaces is a comma-separated list of default kernel // namespaces. DefaultKernelNamespaces = "cgroup,ipc,net,uts" |