diff options
-rw-r--r-- | docs/tutorials/podman-derivative-api.md (renamed from docs/podman-derivative-api.md) | 0 | ||||
-rw-r--r-- | libpod/container_internal.go | 4 | ||||
-rw-r--r-- | libpod/oci_internal_linux.go | 8 | ||||
-rw-r--r-- | pkg/netns/netns_linux.go | 15 |
4 files changed, 22 insertions, 5 deletions
diff --git a/docs/podman-derivative-api.md b/docs/tutorials/podman-derivative-api.md index 0342bb740..0342bb740 100644 --- a/docs/podman-derivative-api.md +++ b/docs/tutorials/podman-derivative-api.md diff --git a/libpod/container_internal.go b/libpod/container_internal.go index f1456548b..a4dcd23be 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -622,6 +622,10 @@ func (c *Container) refresh() error { return err } + if rootless.IsRootless() { + return nil + } + return c.refreshCNI() } diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go index a5cce795b..437b7cf4d 100644 --- a/libpod/oci_internal_linux.go +++ b/libpod/oci_internal_linux.go @@ -137,8 +137,12 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Containe return errors.Wrapf(err, "failed to create rootless network sync pipe") } } else { - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR) - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW) + if ctr.rootlessSlirpSyncR != nil { + defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR) + } + if ctr.rootlessSlirpSyncW != nil { + defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW) + } } // Leak one end in conmon, the other one will be leaked into slirp4netns cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW) diff --git a/pkg/netns/netns_linux.go b/pkg/netns/netns_linux.go index a62296549..e765bd46f 100644 --- a/pkg/netns/netns_linux.go +++ b/pkg/netns/netns_linux.go @@ -126,9 +126,12 @@ func NewNS() (ns.NetNS, error) { // Don't unlock. By not unlocking, golang will kill the OS thread when the // goroutine is done (for go1.10+) + threadNsPath := getCurrentThreadNetNSPath() + var origNS ns.NetNS - origNS, err = ns.GetNS(getCurrentThreadNetNSPath()) + origNS, err = ns.GetNS(threadNsPath) if err != nil { + logrus.Warnf("cannot open current network namespace %s: %q", threadNsPath, err) return } defer func() { @@ -140,13 +143,19 @@ func NewNS() (ns.NetNS, error) { // create a new netns on the current thread err = unix.Unshare(unix.CLONE_NEWNET) if err != nil { + logrus.Warnf("cannot create a new network namespace: %q", err) return } // Put this thread back to the orig ns, since it might get reused (pre go1.10) defer func() { if err := origNS.Set(); err != nil { - logrus.Warnf("unable to set namespace: %q", err) + if rootless.IsRootless() && strings.Contains(err.Error(), "operation not permitted") { + // When running in rootless mode it will fail to re-join + // the network namespace owned by root on the host. + return + } + logrus.Warnf("unable to reset namespace: %q", err) } }() @@ -154,7 +163,7 @@ func NewNS() (ns.NetNS, error) { // mount point. This causes the namespace to persist, even when there // are no threads in the ns. Make this a shared mount; it needs to be // back-propogated to the host - err = unix.Mount(getCurrentThreadNetNSPath(), nsPath, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "") + err = unix.Mount(threadNsPath, nsPath, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "") if err != nil { err = fmt.Errorf("failed to bind mount ns at %s: %v", nsPath, err) } |