diff options
| -rw-r--r-- | Dockerfile.CentOS | 1 | ||||
| -rw-r--r-- | Dockerfile.Fedora | 1 | ||||
| -rw-r--r-- | docs/tutorials/podman_tutorial.md | 2 | ||||
| -rw-r--r-- | libpod/oci.go | 58 | ||||
| -rw-r--r-- | test/e2e/run_networking_test.go | 4 |
5 files changed, 65 insertions, 1 deletions
diff --git a/Dockerfile.CentOS b/Dockerfile.CentOS index f17468b61..0c9917210 100644 --- a/Dockerfile.CentOS +++ b/Dockerfile.CentOS @@ -23,6 +23,7 @@ RUN yum -y install btrfs-progs-devel \ python3-dateutil \ which\ golang-github-cpuguy83-go-md2man \ + nmap-ncat \ iptables && yum clean all # Install CNI plugins diff --git a/Dockerfile.Fedora b/Dockerfile.Fedora index bc8466848..166ced885 100644 --- a/Dockerfile.Fedora +++ b/Dockerfile.Fedora @@ -25,6 +25,7 @@ RUN dnf -y install btrfs-progs-devel \ which\ golang-github-cpuguy83-go-md2man \ procps-ng \ + nmap-ncat \ iptables && dnf clean all # Install CNI plugins diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index dbc074712..31203aec2 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -37,7 +37,7 @@ $ make $ sudo make install PREFIX=/usr ``` -You now have a working podman environment. Jump to [Familiarizing yourself with Podman](Familiarizing yourself with Podman) +You now have a working podman environment. Jump to [Familiarizing yourself with Podman](#familiarizing-yourself-with-podman) to begin using Podman. ## Install podman on Ubuntu diff --git a/libpod/oci.go b/libpod/oci.go index 3eaf159e7..0483c0d53 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io/ioutil" + "net" "os" "os/exec" "path/filepath" @@ -15,6 +16,7 @@ import ( "time" "github.com/coreos/go-systemd/activation" + "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux/label" @@ -177,6 +179,51 @@ func waitPidsStop(pids []int, timeout time.Duration) error { } } +func bindPorts(ports []ocicni.PortMapping) ([]*os.File, error) { + var files []*os.File + for _, i := range ports { + switch i.Protocol { + case "udp": + addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", i.HostIP, i.HostPort)) + if err != nil { + return nil, errors.Wrapf(err, "cannot resolve the UDP address") + } + + server, err := net.ListenUDP("udp", addr) + if err != nil { + return nil, errors.Wrapf(err, "cannot listen on the UDP port") + } + f, err := server.File() + if err != nil { + return nil, errors.Wrapf(err, "cannot get file for UDP socket") + } + files = append(files, f) + break + + case "tcp": + addr, err := net.ResolveTCPAddr("tcp4", fmt.Sprintf("%s:%d", i.HostIP, i.HostPort)) + if err != nil { + return nil, errors.Wrapf(err, "cannot resolve the TCP address") + } + + server, err := net.ListenTCP("tcp4", addr) + if err != nil { + return nil, errors.Wrapf(err, "cannot listen on the TCP port") + } + f, err := server.File() + if err != nil { + return nil, errors.Wrapf(err, "cannot get file for TCP socket") + } + files = append(files, f) + break + default: + return nil, fmt.Errorf("unknown protocol %s", i.Protocol) + + } + } + return files, nil +} + func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (err error) { var stderrBuf bytes.Buffer @@ -259,6 +306,17 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (er cmd.Env = append(r.conmonEnv, fmt.Sprintf("_OCI_SYNCPIPE=%d", 3)) cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_STARTPIPE=%d", 4)) cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)) + + ports, err := bindPorts(ctr.config.PortMappings) + if err != nil { + return err + } + + // Leak the port we bound in the conmon process. These fd's won't be used + // by the container and conmon will keep the ports busy so that another + // process cannot use them. + cmd.ExtraFiles = append(cmd.ExtraFiles, ports...) + if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok { cmd.Env = append(cmd.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify)) } diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 9a2858ca1..e1c1608b9 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -65,6 +65,10 @@ var _ = Describe("Podman rmi", func() { results.Wait(30) Expect(results.ExitCode()).To(Equal(0)) Expect(results.OutputToString()).To(ContainSubstring("8000")) + + ncBusy := podmanTest.SystemExec("nc", []string{"-l", "-p", "80"}) + ncBusy.Wait(10) + Expect(ncBusy.ExitCode()).ToNot(Equal(0)) }) It("podman run network expose ports in image metadata", func() { |