8 files changed, 93 insertions, 11 deletions
diff --git a/libpod/kube.go b/libpod/kube.go
index 850f2493c..351c49c9a 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -427,7 +427,9 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 	hostNetwork := true
 	podDNS := v1.PodDNSConfig{}
 	kubeAnnotations := make(map[string]string)
+	ctrNames := make([]string, 0, len(ctrs))
 	for _, ctr := range ctrs {
+		ctrNames = append(ctrNames, strings.ReplaceAll(ctr.Name(), "_", ""))
 		// Convert auto-update labels into kube annotations
 		for k, v := range getAutoUpdateAnnotations(removeUnderscores(ctr.Name()), ctr.Labels()) {
 			kubeAnnotations[k] = v
@@ -484,8 +486,15 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
 			}
 		} // end if ctrDNS
 	}
+	podName := strings.ReplaceAll(ctrs[0].Name(), "_", "")
+	// Check if the pod name and container name will end up conflicting
+	// Append _pod if so
+	if util.StringInSlice(podName, ctrNames) {
+		podName = podName + "_pod"
+	}
+
 	return newPodObject(
-		strings.ReplaceAll(ctrs[0].Name(), "_", ""),
+		podName,
 		kubeAnnotations,
 		kubeInitCtrs,
 		kubeCtrs,
diff --git a/libpod/network/netavark/exec.go b/libpod/network/netavark/exec.go
index d6458eeb4..01dea8489 100644
--- a/libpod/network/netavark/exec.go
+++ b/libpod/network/netavark/exec.go
@@ -3,6 +3,7 @@ package netavark
 import (
 	"encoding/json"
 	"errors"
+	"io"
 	"os"
 	"os/exec"
 	"strconv"
@@ -45,6 +46,15 @@ func newNetavarkError(msg string, err error) error {
 	}
 }
 
+// Type to implement io.Writer interface
+// This will write the logrus at info level
+type logrusNetavarkWriter struct{}
+
+func (l *logrusNetavarkWriter) Write(b []byte) (int, error) {
+	logrus.Info("netavark: ", string(b))
+	return len(b), nil
+}
+
 // getRustLogEnv returns the RUST_LOG env var based on the current logrus level
 func getRustLogEnv() string {
 	level := logrus.GetLevel().String()
@@ -63,26 +73,43 @@ func getRustLogEnv() string {
 // used to marshal the netavark output into it. This can be nil.
 // All errors return by this function should be of the type netavarkError
 // to provide a helpful error message.
-func execNetavark(binary string, args []string, stdin, result interface{}) error {
+func (n *netavarkNetwork) execNetavark(args []string, stdin, result interface{}) error {
 	stdinR, stdinW, err := os.Pipe()
 	if err != nil {
 		return newNetavarkError("failed to create stdin pipe", err)
 	}
-	defer stdinR.Close()
+	stdinWClosed := false
+	defer func() {
+		stdinR.Close()
+		if !stdinWClosed {
+			stdinW.Close()
+		}
+	}()
 
 	stdoutR, stdoutW, err := os.Pipe()
 	if err != nil {
 		return newNetavarkError("failed to create stdout pipe", err)
 	}
-	defer stdoutR.Close()
-	defer stdoutW.Close()
+	stdoutWClosed := false
+	defer func() {
+		stdoutR.Close()
+		if !stdoutWClosed {
+			stdoutW.Close()
+		}
+	}()
 
-	cmd := exec.Command(binary, args...)
+	// connect stderr to the podman stderr for logging
+	var logWriter io.Writer = os.Stderr
+	if n.syslog {
+		// connect logrus to stderr as well so that the logs will be written to the syslog as well
+		logWriter = io.MultiWriter(logWriter, &logrusNetavarkWriter{})
+	}
+
+	cmd := exec.Command(n.netavarkBinary, args...)
 	// connect the pipes to stdin and stdout
 	cmd.Stdin = stdinR
 	cmd.Stdout = stdoutW
-	// connect stderr to the podman stderr for logging
-	cmd.Stderr = os.Stderr
+	cmd.Stderr = logWriter
 	// set the netavark log level to the same as the podman
 	cmd.Env = append(os.Environ(), getRustLogEnv())
 	// if we run with debug log level lets also set RUST_BACKTRACE=1 so we can get the full stack trace in case of panics
@@ -95,7 +122,9 @@ func execNetavark(binary string, args []string, stdin, result interface{}) error
 		return newNetavarkError("failed to start process", err)
 	}
 	err = json.NewEncoder(stdinW).Encode(stdin)
+	// we have to close stdinW so netavark gets the EOF and does not hang forever
 	stdinW.Close()
+	stdinWClosed = true
 	if err != nil {
 		return newNetavarkError("failed to encode stdin data", err)
 	}
@@ -103,7 +132,9 @@ func execNetavark(binary string, args []string, stdin, result interface{}) error
 	dec := json.NewDecoder(stdoutR)
 
 	err = cmd.Wait()
+	// we have to close stdoutW so we can decode the json without hanging forever
 	stdoutW.Close()
+	stdoutWClosed = true
 	if err != nil {
 		exitError := &exec.ExitError{}
 		if errors.As(err, &exitError) {
diff --git a/libpod/network/netavark/network.go b/libpod/network/netavark/network.go
index cc6fb423c..540d8d6e5 100644
--- a/libpod/network/netavark/network.go
+++ b/libpod/network/netavark/network.go
@@ -37,6 +37,10 @@ type netavarkNetwork struct {
 	// isMachine describes whenever podman runs in a podman machine environment.
 	isMachine bool
 
+	// syslog describes whenever the netavark debbug output should be log to the syslog as well.
+	// This will use logrus to do so, make sure logrus is set up to log to the syslog.
+	syslog bool
+
 	// lock is a internal lock for critical operations
 	lock lockfile.Locker
 
@@ -68,6 +72,10 @@ type InitConfig struct {
 
 	// LockFile is the path to lock file.
 	LockFile string
+
+	// Syslog describes whenever the netavark debbug output should be log to the syslog as well.
+	// This will use logrus to do so, make sure logrus is set up to log to the syslog.
+	Syslog bool
 }
 
 // NewNetworkInterface creates the ContainerNetwork interface for the netavark backend.
@@ -122,6 +130,7 @@ func NewNetworkInterface(conf InitConfig) (types.ContainerNetwork, error) {
 		defaultSubnet:    defaultNet,
 		isMachine:        conf.IsMachine,
 		lock:             lock,
+		syslog:           conf.Syslog,
 	}
 
 	return n, nil
diff --git a/libpod/network/netavark/run.go b/libpod/network/netavark/run.go
index 2f839151e..0ac20daee 100644
--- a/libpod/network/netavark/run.go
+++ b/libpod/network/netavark/run.go
@@ -54,8 +54,16 @@ func (n *netavarkNetwork) Setup(namespacePath string, options types.SetupOptions
 	}
 
 	result := map[string]types.StatusBlock{}
-	err = execNetavark(n.netavarkBinary, []string{"setup", namespacePath}, netavarkOpts, &result)
+	err = n.execNetavark([]string{"setup", namespacePath}, netavarkOpts, &result)
+	if err != nil {
+		// lets dealloc ips to prevent leaking
+		if err := n.deallocIPs(&options.NetworkOptions); err != nil {
+			logrus.Error(err)
+		}
+		return nil, err
+	}
 
+	// make sure that the result makes sense
 	if len(result) != len(options.Networks) {
 		logrus.Errorf("unexpected netavark result: %v", result)
 		return nil, fmt.Errorf("unexpected netavark result length, want (%d), got (%d) networks", len(options.Networks), len(result))
@@ -86,7 +94,7 @@ func (n *netavarkNetwork) Teardown(namespacePath string, options types.TeardownO
 		return errors.Wrap(err, "failed to convert net opts")
 	}
 
-	retErr := execNetavark(n.netavarkBinary, []string{"teardown", namespacePath}, netavarkOpts, nil)
+	retErr := n.execNetavark([]string{"teardown", namespacePath}, netavarkOpts, nil)
 
 	// when netavark returned an error we still free the used ips
 	// otherwise we could end up in a state where block the ips forever
diff --git a/libpod/network/netavark/run_test.go b/libpod/network/netavark/run_test.go
index 67dc51c10..f79e6d812 100644
--- a/libpod/network/netavark/run_test.go
+++ b/libpod/network/netavark/run_test.go
@@ -89,6 +89,10 @@ var _ = Describe("run netavark", func() {
 		if err != nil {
 			Fail("Failed to create netns")
 		}
+
+		// Force iptables driver, firewalld is broken inside the extra
+		// namespace because it still connects to firewalld on the host.
+		_ = os.Setenv("NETAVARK_FW", "iptables")
 	})
 
 	JustBeforeEach(func() {
@@ -109,6 +113,8 @@ var _ = Describe("run netavark", func() {
 
 		netns.UnmountNS(netNSContainer)
 		netNSContainer.Close()
+
+		_ = os.Unsetenv("NETAVARK_FW")
 	})
 
 	It("test basic setup", func() {
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index bcf45ec8d..ea6facfa6 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -297,7 +297,7 @@ func (r *ConmonOCIRuntime) UpdateContainerStatus(ctr *Container) error {
 		if err2 != nil {
 			return errors.Wrapf(err, "error getting container %s state", ctr.ID())
 		}
-		if strings.Contains(string(out), "does not exist") {
+		if strings.Contains(string(out), "does not exist") || strings.Contains(string(out), "No such file") {
 			if err := ctr.removeConmonFiles(); err != nil {
 				logrus.Debugf("unable to remove conmon files for container %s", ctr.ID())
 			}
@@ -407,6 +407,11 @@ func (r *ConmonOCIRuntime) KillContainer(ctr *Container, signal uint, all bool)
 		args = append(args, "kill", ctr.ID(), fmt.Sprintf("%d", signal))
 	}
 	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, args...); err != nil {
+		// try updating container state but ignore errors we cant do anything if this fails.
+		r.UpdateContainerStatus(ctr)
+		if ctr.state.State == define.ContainerStateExited {
+			return nil
+		}
 		return errors.Wrapf(err, "error sending signal to container %s", ctr.ID())
 	}
 
diff --git a/libpod/options.go b/libpod/options.go
index 3f0f9fbe0..8f2d5cb15 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -578,6 +578,14 @@ func WithEnableSDNotify() RuntimeOption {
 	}
 }
 
+// WithSyslog sets a runtime option so we know that we have to log to the syslog as well
+func WithSyslog() RuntimeOption {
+	return func(rt *Runtime) error {
+		rt.syslog = true
+		return nil
+	}
+}
+
 // WithRuntimeFlags adds the global runtime flags to the container config
 func WithRuntimeFlags(runtimeFlags []string) RuntimeOption {
 	return func(rt *Runtime) error {
diff --git a/libpod/runtime.go b/libpod/runtime.go
index c751df79b..1a22cd09a 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -88,6 +88,11 @@ type Runtime struct {
 	libimageEventsShutdown chan bool
 	lockManager            lock.Manager
 
+	// syslog describes whenever logrus should log to the syslog as well.
+	// Note that the syslog hook will be enabled early in cmd/podman/syslog_linux.go
+	// This bool is just needed so that we can set it for netavark interface.
+	syslog bool
+
 	// doRenumber indicates that the runtime should perform a lock renumber
 	// during initialization.
 	// Once the runtime has been initialized and returned, this variable is
@@ -517,6 +522,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) {
 			DefaultSubnet:    runtime.config.Network.DefaultSubnet,
 			IsMachine:        runtime.config.Engine.MachineEnabled,
 			LockFile:         filepath.Join(runtime.config.Network.NetworkConfigDir, "netavark.lock"),
+			Syslog:           runtime.syslog,
 		})
 		if err != nil {
 			return errors.Wrapf(err, "could not create network interface")