diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container.go | 2 | ||||
| -rw-r--r-- | libpod/container_api.go | 7 | ||||
| -rw-r--r-- | libpod/container_exec.go | 21 | ||||
| -rw-r--r-- | libpod/container_inspect.go | 3 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 48 | ||||
| -rw-r--r-- | libpod/define/terminal.go | 7 | ||||
| -rw-r--r-- | libpod/network/files.go | 4 | ||||
| -rw-r--r-- | libpod/network/network.go | 19 | ||||
| -rw-r--r-- | libpod/networking_linux.go | 24 | ||||
| -rw-r--r-- | libpod/oci.go | 5 | ||||
| -rw-r--r-- | libpod/oci_attach_linux.go | 7 | ||||
| -rw-r--r-- | libpod/oci_attach_unsupported.go | 5 | ||||
| -rw-r--r-- | libpod/oci_conmon_exec_linux.go | 3 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 3 | ||||
| -rw-r--r-- | libpod/oci_missing.go | 5 | ||||
| -rw-r--r-- | libpod/options.go | 5 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 16 |
17 files changed, 135 insertions, 49 deletions
diff --git a/libpod/container.go b/libpod/container.go index 9841bddf7..ee6e243ac 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -236,6 +236,8 @@ type ContainerOverlayVolume struct { Dest string `json:"dest"` // Source specifies the source path of the mount. Source string `json:"source,omitempty"` + // Options holds overlay volume options. + Options []string `json:"options,omitempty"` } // ContainerImageVolume is a volume based on a container image. The container diff --git a/libpod/container_api.go b/libpod/container_api.go index ec5bd08d2..2818ac841 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -14,7 +14,6 @@ import ( "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "k8s.io/client-go/tools/remotecommand" ) // Init creates a container in the OCI runtime, moving a container from @@ -110,7 +109,7 @@ func (c *Container) Start(ctx context.Context, recursive bool) error { // Attach call occurs before Start). // In overall functionality, it is identical to the Start call, with the added // side effect that an attach session will also be started. -func (c *Container) StartAndAttach(ctx context.Context, streams *define.AttachStreams, keys string, resize <-chan remotecommand.TerminalSize, recursive bool) (<-chan error, error) { +func (c *Container) StartAndAttach(ctx context.Context, streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, recursive bool) (<-chan error, error) { if !c.batched { c.lock.Lock() defer c.lock.Unlock() @@ -236,7 +235,7 @@ func (c *Container) Kill(signal uint) error { // Attach attaches to a container. // This function returns when the attach finishes. It does not hold the lock for // the duration of its runtime, only using it at the beginning to verify state. -func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-chan remotecommand.TerminalSize) error { +func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize) error { if !c.batched { c.lock.Lock() if err := c.syncContainer(); err != nil { @@ -319,7 +318,7 @@ func (c *Container) HTTPAttach(r *http.Request, w http.ResponseWriter, streams * // AttachResize resizes the container's terminal, which is displayed by Attach // and HTTPAttach. -func (c *Container) AttachResize(newSize remotecommand.TerminalSize) error { +func (c *Container) AttachResize(newSize define.TerminalSize) error { if !c.batched { c.lock.Lock() defer c.lock.Unlock() diff --git a/libpod/container_exec.go b/libpod/container_exec.go index 7b1d797bb..bb43287d9 100644 --- a/libpod/container_exec.go +++ b/libpod/container_exec.go @@ -13,7 +13,6 @@ import ( "github.com/containers/storage/pkg/stringid" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "k8s.io/client-go/tools/remotecommand" ) // ExecConfig contains the configuration of an exec session @@ -676,7 +675,7 @@ func (c *Container) ExecRemove(sessionID string, force bool) error { // ExecResize resizes the TTY of the given exec session. Only available if the // exec session created a TTY. -func (c *Container) ExecResize(sessionID string, newSize remotecommand.TerminalSize) error { +func (c *Container) ExecResize(sessionID string, newSize define.TerminalSize) error { if !c.batched { c.lock.Lock() defer c.lock.Unlock() @@ -703,7 +702,7 @@ func (c *Container) ExecResize(sessionID string, newSize remotecommand.TerminalS // Exec emulates the old Libpod exec API, providing a single call to create, // run, and remove an exec session. Returns exit code and error. Exit code is // not guaranteed to be set sanely if error is not nil. -func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, resize <-chan remotecommand.TerminalSize) (int, error) { +func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, resize <-chan define.TerminalSize) (int, error) { sessionID, err := c.ExecCreate(config) if err != nil { return -1, err @@ -954,18 +953,22 @@ func (c *Container) removeAllExecSessions() error { } // Delete all exec sessions if err := c.runtime.state.RemoveContainerExecSessions(c); err != nil { - if lastErr != nil { - logrus.Errorf("Error stopping container %s exec sessions: %v", c.ID(), lastErr) + if errors.Cause(err) != define.ErrCtrRemoved { + if lastErr != nil { + logrus.Errorf("Error stopping container %s exec sessions: %v", c.ID(), lastErr) + } + lastErr = err } - lastErr = err } c.state.ExecSessions = nil c.state.LegacyExecSessions = nil if err := c.save(); err != nil { - if lastErr != nil { - logrus.Errorf("Error stopping container %s exec sessions: %v", c.ID(), lastErr) + if errors.Cause(err) != define.ErrCtrRemoved { + if lastErr != nil { + logrus.Errorf("Error stopping container %s exec sessions: %v", c.ID(), lastErr) + } + lastErr = err } - lastErr = err } return lastErr diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 399eff845..e0569e2d4 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -2,6 +2,7 @@ package libpod import ( "fmt" + "sort" "strings" "github.com/containers/common/pkg/config" @@ -698,6 +699,8 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named for cap := range boundingCaps { capDrop = append(capDrop, cap) } + // Sort CapDrop so it displays in consistent order (GH #9490) + sort.Strings(capDrop) } hostConfig.CapAdd = capAdd hostConfig.CapDrop = capDrop diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 43a345ea9..dc0418148 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -23,7 +23,9 @@ import ( "github.com/containernetworking/plugins/pkg/ns" "github.com/containers/buildah/pkg/chrootuser" "github.com/containers/buildah/pkg/overlay" + butil "github.com/containers/buildah/util" "github.com/containers/common/pkg/apparmor" + "github.com/containers/common/pkg/chown" "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/subscriptions" "github.com/containers/common/pkg/umask" @@ -356,13 +358,28 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { return nil, err } - // Check if the spec file mounts contain the label Relabel flags z or Z. - // If they do, relabel the source directory and then remove the option. + // Get host UID and GID based on the container process UID and GID. + hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid)) + if err != nil { + return nil, err + } + + // Check if the spec file mounts contain the options z, Z or U. + // If they have z or Z, relabel the source directory and then remove the option. + // If they have U, chown the source directory and them remove the option. for i := range g.Config.Mounts { m := &g.Config.Mounts[i] var options []string for _, o := range m.Options { switch o { + case "U": + if m.Type == "tmpfs" { + options = append(options, []string{fmt.Sprintf("uid=%d", execUser.Uid), fmt.Sprintf("gid=%d", execUser.Gid)}...) + } else { + if err := chown.ChangeHostPathOwnership(m.Source, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + } case "z": fallthrough case "Z": @@ -427,6 +444,21 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { if err != nil { return nil, errors.Wrapf(err, "mounting overlay failed %q", overlayVol.Source) } + + // Check overlay volume options + for _, o := range overlayVol.Options { + switch o { + case "U": + if err := chown.ChangeHostPathOwnership(overlayVol.Source, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + + if err := chown.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + } + } + g.AddMount(overlayMount) } @@ -1681,8 +1713,9 @@ rootless=%d // generateResolvConf generates a containers resolv.conf func (c *Container) generateResolvConf() (string, error) { var ( - nameservers []string - cniNameServers []string + nameservers []string + cniNameServers []string + cniSearchDomains []string ) resolvConf := "/etc/resolv.conf" @@ -1734,6 +1767,10 @@ func (c *Container) generateResolvConf() (string, error) { cniNameServers = append(cniNameServers, i.DNS.Nameservers...) logrus.Debugf("adding nameserver(s) from cni response of '%q'", i.DNS.Nameservers) } + if i.DNS.Search != nil { + cniSearchDomains = append(cniSearchDomains, i.DNS.Search...) + logrus.Debugf("adding search domain(s) from cni response of '%q'", i.DNS.Search) + } } dns := make([]net.IP, 0, len(c.runtime.config.Containers.DNSServers)) @@ -1765,10 +1802,11 @@ func (c *Container) generateResolvConf() (string, error) { } var search []string - if len(c.config.DNSSearch) > 0 || len(c.runtime.config.Containers.DNSSearches) > 0 { + if len(c.config.DNSSearch) > 0 || len(c.runtime.config.Containers.DNSSearches) > 0 || len(cniSearchDomains) > 0 { if !util.StringInSlice(".", c.config.DNSSearch) { search = c.runtime.config.Containers.DNSSearches search = append(search, c.config.DNSSearch...) + search = append(search, cniSearchDomains...) } } else { search = resolvconf.GetSearchDomains(resolv.Content) diff --git a/libpod/define/terminal.go b/libpod/define/terminal.go new file mode 100644 index 000000000..ce8955544 --- /dev/null +++ b/libpod/define/terminal.go @@ -0,0 +1,7 @@ +package define + +// TerminalSize represents the width and height of a terminal. +type TerminalSize struct { + Width uint16 + Height uint16 +} diff --git a/libpod/network/files.go b/libpod/network/files.go index f869d32c3..fe483e25c 100644 --- a/libpod/network/files.go +++ b/libpod/network/files.go @@ -81,9 +81,9 @@ func GetCNIConfigPathByNameOrID(config *config.Config, name string) (string, err return "", errors.Wrap(define.ErrNoSuchNetwork, fmt.Sprintf("unable to find network configuration for %s", name)) } -// ReadRawCNIConfByName reads the raw CNI configuration for a CNI +// ReadRawCNIConfByNameOrID reads the raw CNI configuration for a CNI // network by name -func ReadRawCNIConfByName(config *config.Config, name string) ([]byte, error) { +func ReadRawCNIConfByNameOrID(config *config.Config, name string) ([]byte, error) { confFile, err := GetCNIConfigPathByNameOrID(config, name) if err != nil { return nil, err diff --git a/libpod/network/network.go b/libpod/network/network.go index b347ec0e2..f19a764ef 100644 --- a/libpod/network/network.go +++ b/libpod/network/network.go @@ -7,6 +7,7 @@ import ( "net" "os" + "github.com/containernetworking/cni/libcni" "github.com/containernetworking/cni/pkg/types" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" "github.com/containers/common/pkg/config" @@ -222,7 +223,7 @@ func RemoveNetwork(config *config.Config, name string) error { // InspectNetwork reads a CNI config and returns its configuration func InspectNetwork(config *config.Config, name string) (map[string]interface{}, error) { - b, err := ReadRawCNIConfByName(config, name) + b, err := ReadRawCNIConfByNameOrID(config, name) if err != nil { return nil, err } @@ -234,7 +235,7 @@ func InspectNetwork(config *config.Config, name string) (map[string]interface{}, // Exists says whether a given network exists or not; it meant // specifically for restful responses so 404s can be used func Exists(config *config.Config, name string) (bool, error) { - _, err := ReadRawCNIConfByName(config, name) + _, err := ReadRawCNIConfByNameOrID(config, name) if err != nil { if errors.Cause(err) == define.ErrNoSuchNetwork { return false, nil @@ -277,3 +278,17 @@ func PruneNetworks(rtc *config.Config, usedNetworks map[string]bool) ([]*entitie } return reports, nil } + +// NormalizeName translates a network ID into a name. +// If the input is a name the name is returned. +func NormalizeName(config *config.Config, nameOrID string) (string, error) { + path, err := GetCNIConfigPathByNameOrID(config, nameOrID) + if err != nil { + return "", err + } + conf, err := libcni.ConfListFromFile(path) + if err != nil { + return "", err + } + return conf.Name, nil +} diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 5f9ad0e27..0526e646e 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -1134,18 +1134,22 @@ func (w *logrusDebugWriter) Write(p []byte) (int, error) { // NetworkDisconnect removes a container from the network func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) error { + // only the bridge mode supports cni networks + if !c.config.NetMode.IsBridge() { + return errors.Errorf("network mode %q is not supported", c.config.NetMode) + } + networks, err := c.networksByNameIndex() if err != nil { return err } - exists, err := network.Exists(c.runtime.config, netName) + // check if network exists and if the input is a ID we get the name + // ocicni only uses names so it is important that we only use the name + netName, err = network.NormalizeName(c.runtime.config, netName) if err != nil { return err } - if !exists { - return errors.Wrap(define.ErrNoSuchNetwork, netName) - } index, nameExists := networks[netName] if !nameExists && len(networks) > 0 { @@ -1191,18 +1195,22 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro // ConnectNetwork connects a container to a given network func (c *Container) NetworkConnect(nameOrID, netName string, aliases []string) error { + // only the bridge mode supports cni networks + if !c.config.NetMode.IsBridge() { + return errors.Errorf("network mode %q is not supported", c.config.NetMode) + } + networks, err := c.networksByNameIndex() if err != nil { return err } - exists, err := network.Exists(c.runtime.config, netName) + // check if network exists and if the input is a ID we get the name + // ocicni only uses names so it is important that we only use the name + netName, err = network.NormalizeName(c.runtime.config, netName) if err != nil { return err } - if !exists { - return errors.Wrap(define.ErrNoSuchNetwork, netName) - } c.lock.Lock() defer c.lock.Unlock() diff --git a/libpod/oci.go b/libpod/oci.go index ec6b424ce..f2053f1b5 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -4,7 +4,6 @@ import ( "net/http" "github.com/containers/podman/v3/libpod/define" - "k8s.io/client-go/tools/remotecommand" ) // OCIRuntime is an implementation of an OCI runtime. @@ -64,7 +63,7 @@ type OCIRuntime interface { // client. HTTPAttach(ctr *Container, r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, streamAttach, streamLogs bool) error // AttachResize resizes the terminal in use by the given container. - AttachResize(ctr *Container, newSize remotecommand.TerminalSize) error + AttachResize(ctr *Container, newSize define.TerminalSize) error // ExecContainer executes a command in a running container. // Returns an int (PID of exec session), error channel (errors from @@ -86,7 +85,7 @@ type OCIRuntime interface { ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error) // ExecAttachResize resizes the terminal of a running exec session. Only // allowed with sessions that were created with a TTY. - ExecAttachResize(ctr *Container, sessionID string, newSize remotecommand.TerminalSize) error + ExecAttachResize(ctr *Container, sessionID string, newSize define.TerminalSize) error // ExecStopContainer stops a given exec session in a running container. // SIGTERM with be sent initially, then SIGKILL after the given timeout. // If timeout is 0, SIGKILL will be sent immediately, and SIGTERM will diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go index c3db0f9e0..b5040de3e 100644 --- a/libpod/oci_attach_linux.go +++ b/libpod/oci_attach_linux.go @@ -18,7 +18,6 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - "k8s.io/client-go/tools/remotecommand" ) /* Sync with stdpipe_t in conmon.c */ @@ -40,7 +39,7 @@ func openUnixSocket(path string) (*net.UnixConn, error) { // Attach to the given container // Does not check if state is appropriate // started is only required if startContainer is true -func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-chan remotecommand.TerminalSize, startContainer bool, started chan bool, attachRdy chan<- bool) error { +func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, startContainer bool, started chan bool, attachRdy chan<- bool) error { if !streams.AttachOutput && !streams.AttachError && !streams.AttachInput { return errors.Wrapf(define.ErrInvalidArg, "must provide at least one stream to attach to") } @@ -172,8 +171,8 @@ func processDetachKeys(keys string) ([]byte, error) { return detachKeys, nil } -func registerResizeFunc(resize <-chan remotecommand.TerminalSize, bundlePath string) { - kubeutils.HandleResizing(resize, func(size remotecommand.TerminalSize) { +func registerResizeFunc(resize <-chan define.TerminalSize, bundlePath string) { + kubeutils.HandleResizing(resize, func(size define.TerminalSize) { controlPath := filepath.Join(bundlePath, "ctl") controlFile, err := os.OpenFile(controlPath, unix.O_WRONLY, 0) if err != nil { diff --git a/libpod/oci_attach_unsupported.go b/libpod/oci_attach_unsupported.go index b2184f993..85e8b32e6 100644 --- a/libpod/oci_attach_unsupported.go +++ b/libpod/oci_attach_unsupported.go @@ -6,13 +6,12 @@ import ( "os" "github.com/containers/podman/v3/libpod/define" - "k8s.io/client-go/tools/remotecommand" ) -func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-chan remotecommand.TerminalSize, startContainer bool, started chan bool, attachRdy chan<- bool) error { +func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, startContainer bool, started chan bool, attachRdy chan<- bool) error { return define.ErrNotImplemented } -func (c *Container) attachToExec(streams *define.AttachStreams, keys string, resize <-chan remotecommand.TerminalSize, sessionID string, startFd *os.File, attachFd *os.File) error { +func (c *Container) attachToExec(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, sessionID string, startFd *os.File, attachFd *os.File) error { return define.ErrNotImplemented } diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go index c5f42fe3e..173edba2b 100644 --- a/libpod/oci_conmon_exec_linux.go +++ b/libpod/oci_conmon_exec_linux.go @@ -17,7 +17,6 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - "k8s.io/client-go/tools/remotecommand" ) // ExecContainer executes a command in a running container @@ -191,7 +190,7 @@ func (r *ConmonOCIRuntime) ExecContainerDetached(ctr *Container, sessionID strin } // ExecAttachResize resizes the TTY of the given exec session. -func (r *ConmonOCIRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize remotecommand.TerminalSize) error { +func (r *ConmonOCIRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize define.TerminalSize) error { controlFile, err := openControlFile(ctr, ctr.execBundlePath(sessionID)) if err != nil { return err diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 47c628724..de7630c06 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -43,7 +43,6 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - "k8s.io/client-go/tools/remotecommand" ) const ( @@ -746,7 +745,7 @@ func openControlFile(ctr *Container, parentDir string) (*os.File, error) { } // AttachResize resizes the terminal used by the given container. -func (r *ConmonOCIRuntime) AttachResize(ctr *Container, newSize remotecommand.TerminalSize) error { +func (r *ConmonOCIRuntime) AttachResize(ctr *Container, newSize define.TerminalSize) error { controlFile, err := openControlFile(ctr, ctr.bundlePath()) if err != nil { return err diff --git a/libpod/oci_missing.go b/libpod/oci_missing.go index 0fd14ce52..eb8cdebad 100644 --- a/libpod/oci_missing.go +++ b/libpod/oci_missing.go @@ -9,7 +9,6 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "k8s.io/client-go/tools/remotecommand" ) var ( @@ -115,7 +114,7 @@ func (r *MissingRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.Re } // AttachResize is not available as the runtime is missing -func (r *MissingRuntime) AttachResize(ctr *Container, newSize remotecommand.TerminalSize) error { +func (r *MissingRuntime) AttachResize(ctr *Container, newSize define.TerminalSize) error { return r.printError() } @@ -135,7 +134,7 @@ func (r *MissingRuntime) ExecContainerDetached(ctr *Container, sessionID string, } // ExecAttachResize is not available as the runtime is missing. -func (r *MissingRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize remotecommand.TerminalSize) error { +func (r *MissingRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize define.TerminalSize) error { return r.printError() } diff --git a/libpod/options.go b/libpod/options.go index 627ea8c57..6344e1acc 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -1429,8 +1429,9 @@ func WithOverlayVolumes(volumes []*ContainerOverlayVolume) CtrCreateOption { for _, vol := range volumes { ctr.config.OverlayVolumes = append(ctr.config.OverlayVolumes, &ContainerOverlayVolume{ - Dest: vol.Dest, - Source: vol.Source, + Dest: vol.Dest, + Source: vol.Source, + Options: vol.Options, }) } diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index af87ccca1..8bf862bf2 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -12,6 +12,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/events" + "github.com/containers/podman/v3/libpod/network" "github.com/containers/podman/v3/libpod/shutdown" "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/podman/v3/pkg/domain/entities/reports" @@ -285,6 +286,21 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai return nil, err } + // normalize the networks to names + // ocicni only knows about cni names so we have to make + // sure we do not use ids internally + if len(ctr.config.Networks) > 0 { + netNames := make([]string, 0, len(ctr.config.Networks)) + for _, nameOrID := range ctr.config.Networks { + netName, err := network.NormalizeName(r.config, nameOrID) + if err != nil { + return nil, err + } + netNames = append(netNames, netName) + } + ctr.config.Networks = netNames + } + // Inhibit shutdown until creation succeeds shutdown.Inhibit() defer shutdown.Uninhibit() |