summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/tutorials/podman-derivative-api.md (renamed from docs/podman-derivative-api.md)0
-rw-r--r--libpod/container_internal.go4
-rw-r--r--libpod/oci_internal_linux.go8
-rw-r--r--pkg/netns/netns_linux.go15
4 files changed, 22 insertions, 5 deletions
diff --git a/docs/podman-derivative-api.md b/docs/tutorials/podman-derivative-api.md
index 0342bb740..0342bb740 100644
--- a/docs/podman-derivative-api.md
+++ b/docs/tutorials/podman-derivative-api.md
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index f1456548b..a4dcd23be 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -622,6 +622,10 @@ func (c *Container) refresh() error {
return err
}
+ if rootless.IsRootless() {
+ return nil
+ }
+
return c.refreshCNI()
}
diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go
index a5cce795b..437b7cf4d 100644
--- a/libpod/oci_internal_linux.go
+++ b/libpod/oci_internal_linux.go
@@ -137,8 +137,12 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Containe
return errors.Wrapf(err, "failed to create rootless network sync pipe")
}
} else {
- defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR)
- defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW)
+ if ctr.rootlessSlirpSyncR != nil {
+ defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR)
+ }
+ if ctr.rootlessSlirpSyncW != nil {
+ defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW)
+ }
}
// Leak one end in conmon, the other one will be leaked into slirp4netns
cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW)
diff --git a/pkg/netns/netns_linux.go b/pkg/netns/netns_linux.go
index a62296549..e765bd46f 100644
--- a/pkg/netns/netns_linux.go
+++ b/pkg/netns/netns_linux.go
@@ -126,9 +126,12 @@ func NewNS() (ns.NetNS, error) {
// Don't unlock. By not unlocking, golang will kill the OS thread when the
// goroutine is done (for go1.10+)
+ threadNsPath := getCurrentThreadNetNSPath()
+
var origNS ns.NetNS
- origNS, err = ns.GetNS(getCurrentThreadNetNSPath())
+ origNS, err = ns.GetNS(threadNsPath)
if err != nil {
+ logrus.Warnf("cannot open current network namespace %s: %q", threadNsPath, err)
return
}
defer func() {
@@ -140,13 +143,19 @@ func NewNS() (ns.NetNS, error) {
// create a new netns on the current thread
err = unix.Unshare(unix.CLONE_NEWNET)
if err != nil {
+ logrus.Warnf("cannot create a new network namespace: %q", err)
return
}
// Put this thread back to the orig ns, since it might get reused (pre go1.10)
defer func() {
if err := origNS.Set(); err != nil {
- logrus.Warnf("unable to set namespace: %q", err)
+ if rootless.IsRootless() && strings.Contains(err.Error(), "operation not permitted") {
+ // When running in rootless mode it will fail to re-join
+ // the network namespace owned by root on the host.
+ return
+ }
+ logrus.Warnf("unable to reset namespace: %q", err)
}
}()
@@ -154,7 +163,7 @@ func NewNS() (ns.NetNS, error) {
// mount point. This causes the namespace to persist, even when there
// are no threads in the ns. Make this a shared mount; it needs to be
// back-propogated to the host
- err = unix.Mount(getCurrentThreadNetNSPath(), nsPath, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "")
+ err = unix.Mount(threadNsPath, nsPath, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "")
if err != nil {
err = fmt.Errorf("failed to bind mount ns at %s: %v", nsPath, err)
}