diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal.go | 9 | ||||
| -rw-r--r-- | libpod/networking_linux.go | 1 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 1 | ||||
| -rw-r--r-- | libpod/oci_util.go | 13 |
4 files changed, 24 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 4d1a25541..18b80475b 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -293,6 +293,15 @@ func (c *Container) handleRestartPolicy(ctx context.Context) (_ bool, retErr err } } + // setup rootlesskit port forwarder again since it dies when conmon exits + // we use rootlesskit port forwarder only as rootless and when bridge network is used + if rootless.IsRootless() && c.config.NetMode.IsBridge() && len(c.config.PortMappings) > 0 { + err := c.runtime.setupRootlessPortMappingViaRLK(c, c.state.NetNS.Path()) + if err != nil { + return false, err + } + } + if c.state.State == define.ContainerStateStopped { // Reinitialize the container if we need to if err := c.reinit(ctx, true); err != nil { diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 9aa6cab15..b0d4e0b2d 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -718,6 +718,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { // set up port forwarder for CNI-in-slirp4netns netnsPath := ctr.state.NetNS.Path() // TODO: support slirp4netns port forwarder as well + // make sure to fix this container.handleRestartPolicy() as well return r.setupRootlessPortMappingViaRLK(ctr, netnsPath) } return nil diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index c00d83f95..831e89223 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1140,6 +1140,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co if err != nil { return err } + filesToClose = append(filesToClose, ports...) // Leak the port we bound in the conmon process. These fd's won't be used // by the container and conmon will keep the ports busy so that another diff --git a/libpod/oci_util.go b/libpod/oci_util.go index 1cafd5863..f2843b09b 100644 --- a/libpod/oci_util.go +++ b/libpod/oci_util.go @@ -68,6 +68,12 @@ func bindPorts(ports []ocicni.PortMapping) ([]*os.File, error) { return nil, errors.Wrapf(err, "cannot get file for UDP socket") } files = append(files, f) + // close the listener + // note that this does not affect the fd, see the godoc for server.File() + err = server.Close() + if err != nil { + logrus.Warnf("failed to close connection: %v", err) + } case "tcp": var ( @@ -96,6 +102,13 @@ func bindPorts(ports []ocicni.PortMapping) ([]*os.File, error) { return nil, errors.Wrapf(err, "cannot get file for TCP socket") } files = append(files, f) + // close the listener + // note that this does not affect the fd, see the godoc for server.File() + err = server.Close() + if err != nil { + logrus.Warnf("failed to close connection: %v", err) + } + case "sctp": if !notifySCTP { notifySCTP = true |