aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkg/specgen/generate/container.go14
-rw-r--r--pkg/specgen/namespaces.go16
-rw-r--r--test/system/030-run.bats5
3 files changed, 29 insertions, 6 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 2ee8f2441..c7e62d185 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -257,7 +257,19 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
}
}
- return verifyContainerResources(s)
+ warnings, err := verifyContainerResources(s)
+ if err != nil {
+ return warnings, err
+ }
+
+ // Warn on net=host/container/pod/none and port mappings.
+ if (s.NetNS.NSMode == specgen.Host || s.NetNS.NSMode == specgen.FromContainer ||
+ s.NetNS.NSMode == specgen.FromPod || s.NetNS.NSMode == specgen.NoNetwork) &&
+ len(s.PortMappings) > 0 {
+ warnings = append(warnings, "Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use")
+ }
+
+ return warnings, nil
}
// finishThrottleDevices takes the temporary representation of the throttle
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index 90c56d366..d15745fa0 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -27,19 +27,25 @@ const (
// Private indicates the namespace is private
Private NamespaceMode = "private"
// NoNetwork indicates no network namespace should
- // be joined. loopback should still exists
+ // be joined. loopback should still exists.
+ // Only used with the network namespace, invalid otherwise.
NoNetwork NamespaceMode = "none"
// Bridge indicates that a CNI network stack
- // should be used
+ // should be used.
+ // Only used with the network namespace, invalid otherwise.
Bridge NamespaceMode = "bridge"
// Slirp indicates that a slirp4netns network stack should
- // be used
+ // be used.
+ // Only used with the network namespace, invalid otherwise.
Slirp NamespaceMode = "slirp4netns"
// KeepId indicates a user namespace to keep the owner uid inside
- // of the namespace itself
+ // of the namespace itself.
+ // Only used with the user namespace, invalid otherwise.
KeepID NamespaceMode = "keep-id"
- // KeepId indicates to automatically create a user namespace
+ // Auto indicates to automatically create a user namespace.
+ // Only used with the user namespace, invalid otherwise.
Auto NamespaceMode = "auto"
+
// DefaultKernelNamespaces is a comma-separated list of default kernel
// namespaces.
DefaultKernelNamespaces = "cgroup,ipc,net,uts"
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 6b6964c63..b64e80f05 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -522,4 +522,9 @@ json-file | f
run_podman untag $IMAGE $newtag $newtag2
}
+@test "podman run with --net=host and --port prints warning" {
+ run_podman run -d --rm -p 8080 --net=host $IMAGE ls > /dev/null
+ is "$output" ".*Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use"
+}
+
# vim: filetype=sh