diff options
| -rw-r--r-- | docs/podman-create.1.md | 18 | ||||
| -rw-r--r-- | docs/podman-run.1.md | 4 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 1 | ||||
| -rw-r--r-- | pkg/network/devices.go | 17 | ||||
| -rw-r--r-- | pkg/network/files.go | 26 |
5 files changed, 54 insertions, 12 deletions
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 8b2218227..6617850fd 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -515,13 +515,16 @@ This works for both background and foreground containers. **--network**, **--net**="*bridge*" Set the Network mode for the container. Invalid if using **--dns**, **--dns-option**, or **--dns-search** with **--network** that is set to 'none' or 'container:<name|id>'. - 'bridge': create a network stack on the default bridge - 'none': no networking - 'container:<name|id>': reuse another container's network stack - 'host': use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - '<network-name>|<network-id>': connect to a user-defined network, multiple networks should be comma separated - 'ns:<path>': path to a network namespace to join - 'slirp4netns': use slirp4netns to create a user network stack. This is the default for rootless containers + +Valid values are: + +- `bridge`: create a network stack on the default bridge +- `none`: no networking +- `container:<name|id>`: reuse another container's network stack +- `host`: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. +- `<network-name>|<network-id>`: connect to a user-defined network, multiple networks should be comma separated +- `ns:<path>`: path to a network namespace to join +- `slirp4netns`: use slirp4netns to create a user network stack. This is the default for rootless containers **--network-alias**=*alias* @@ -626,6 +629,7 @@ If container is running in --read-only mode, then mount a read-write tmpfs on /r Restart policy to follow when containers exit. Restart policy will not take effect if a container is stopped via the `podman kill` or `podman stop` commands. + Valid values are: - `no` : Do not restart containers on exit diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index d2e9ffeac..d6d8f4c1e 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -526,6 +526,9 @@ This works for both background and foreground containers. **--network**, **--net**=*node* Set the Network mode for the container. Invalid if using **--dns**, **--dns-option**, or **--dns-search** with **--network** that is set to 'none' or 'container:<name|id>'. + +Valid values are: + - `bridge`: create a network stack on the default bridge - `none`: no networking - `container:<name|id>`: reuse another container's network stack @@ -645,6 +648,7 @@ If container is running in --read-only mode, then mount a read-write tmpfs on /r Restart policy to follow when containers exit. Restart policy will not take effect if a container is stopped via the `podman kill` or `podman stop` commands. + Valid values are: - `no` : Do not restart containers on exit diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index b7d353327..283d38a0f 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -550,6 +550,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro Options: []string{"bind", "nodev", "noexec", "nosuid"}, } g.AddMount(systemdMnt) + g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent") } return nil diff --git a/pkg/network/devices.go b/pkg/network/devices.go index 85068a7d1..78e1a5aa5 100644 --- a/pkg/network/devices.go +++ b/pkg/network/devices.go @@ -24,19 +24,26 @@ func GetFreeDeviceName() (string, error) { if err != nil { return "", err } + bridgeNames, err := GetBridgeNamesFromFileSystem() + if err != nil { + return "", err + } for { deviceName = fmt.Sprintf("%s%d", CNIDeviceName, deviceNum) - logrus.Debugf("checking if device name %s exists in other cni networks", deviceName) + logrus.Debugf("checking if device name %q exists in other cni networks", deviceName) if util.StringInSlice(deviceName, networkNames) { deviceNum++ continue } - logrus.Debugf("checking if device name %s exists in live networks", deviceName) - if !util.StringInSlice(deviceName, liveNetworksNames) { + logrus.Debugf("checking if device name %q exists in live networks", deviceName) + if util.StringInSlice(deviceName, liveNetworksNames) { + deviceNum++ + continue + } + logrus.Debugf("checking if device name %q already exists as a bridge name ", deviceName) + if !util.StringInSlice(deviceName, bridgeNames) { break } - // TODO Still need to check the bridge names for a conflict but I dont know - // how to get them yet! deviceNum++ } return deviceName, nil diff --git a/pkg/network/files.go b/pkg/network/files.go index d55ec2dfd..2f3932974 100644 --- a/pkg/network/files.go +++ b/pkg/network/files.go @@ -129,3 +129,29 @@ func GetInterfaceNameFromConfig(path string) (string, error) { } return name, nil } + +// GetBridgeNamesFromFileSystem is a convenience function to get all the bridge +// names from the configured networks +func GetBridgeNamesFromFileSystem() ([]string, error) { + var bridgeNames []string + networks, err := LoadCNIConfsFromDir(CNIConfigDir) + if err != nil { + return nil, err + } + for _, n := range networks { + var name string + // iterate network conflists + for _, cniplugin := range n.Plugins { + // iterate plugins + if cniplugin.Network.Type == "bridge" { + plugin := make(map[string]interface{}) + if err := json.Unmarshal(cniplugin.Bytes, &plugin); err != nil { + continue + } + name = plugin["bridge"].(string) + } + } + bridgeNames = append(bridgeNames, name) + } + return bridgeNames, nil +} |