summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal_linux.go21
-rw-r--r--libpod/networking_linux.go60
-rw-r--r--libpod/oci_internal_linux.go12
-rw-r--r--libpod/oci_linux.go8
-rw-r--r--libpod/runtime_pod_infra_linux.go4
5 files changed, 33 insertions, 72 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index d06c19b8c..047b73d65 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -63,12 +63,12 @@ func (c *Container) unmountSHM(mount string) error {
// namespaces
func (c *Container) prepare() (err error) {
var (
- wg sync.WaitGroup
- netNS ns.NetNS
- networkStatus []*cnitypes.Result
- createNetNSErr, mountStorageErr, rootlessSetupErr error
- mountPoint string
- tmpStateLock sync.Mutex
+ wg sync.WaitGroup
+ netNS ns.NetNS
+ networkStatus []*cnitypes.Result
+ createNetNSErr, mountStorageErr error
+ mountPoint string
+ tmpStateLock sync.Mutex
)
wg.Add(2)
@@ -87,11 +87,6 @@ func (c *Container) prepare() (err error) {
c.state.NetNS = netNS
c.state.NetworkStatus = networkStatus
}
-
- // Setup rootless networking, requires c.state.NetNS to be set
- if rootless.IsRootless() {
- rootlessSetupErr = c.runtime.setupRootlessNetNS(c)
- }
}
}()
// Mount storage if not mounted
@@ -137,10 +132,6 @@ func (c *Container) prepare() (err error) {
return mountStorageErr
}
- if rootlessSetupErr != nil {
- return rootlessSetupErr
- }
-
// Save the container
return c.save()
}
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 73e839bda..bef3f7739 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -103,6 +103,9 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS ns.NetNS) ([]*cnitypes.Re
// Create and configure a new network namespace for a container
func (r *Runtime) createNetNS(ctr *Container) (n ns.NetNS, q []*cnitypes.Result, err error) {
+ if rootless.IsRootless() {
+ return nil, nil, errors.New("cannot configure a new network namespace in rootless mode, only --network=slirp4netns is supported")
+ }
ctrNS, err := netns.NewNS()
if err != nil {
return nil, nil, errors.Wrapf(err, "error creating network namespace for container %s", ctr.ID())
@@ -120,10 +123,7 @@ func (r *Runtime) createNetNS(ctr *Container) (n ns.NetNS, q []*cnitypes.Result,
logrus.Debugf("Made network namespace at %s for container %s", ctrNS.Path(), ctr.ID())
- networkStatus := []*cnitypes.Result{}
- if !rootless.IsRootless() {
- networkStatus, err = r.configureNetNS(ctr, ctrNS)
- }
+ networkStatus, err := r.configureNetNS(ctr, ctrNS)
return ctrNS, networkStatus, err
}
@@ -151,6 +151,9 @@ func checkSlirpFlags(path string) (bool, bool, error) {
// Configure the network namespace for a rootless container
func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
+ defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR)
+ defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW)
+
path := r.config.NetworkCmdPath
if path == "" {
@@ -174,7 +177,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
cmdArgs := []string{}
if havePortMapping {
- cmdArgs = append(cmdArgs, "--api-socket", apiSocket)
+ cmdArgs = append(cmdArgs, "--api-socket", apiSocket, fmt.Sprintf("%d", ctr.state.PID))
}
dhp, mtu, err := checkSlirpFlags(path)
if err != nil {
@@ -186,27 +189,13 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
if mtu {
cmdArgs = append(cmdArgs, "--mtu", "65520")
}
-
- cmdArgs = append(cmdArgs, "-c", "-e", "3", "-r", "4")
- if !ctr.config.PostConfigureNetNS {
- ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
- if err != nil {
- return errors.Wrapf(err, "failed to create rootless network sync pipe")
- }
- cmdArgs = append(cmdArgs, "--netns-type=path", ctr.state.NetNS.Path(), "tap0")
- } else {
- defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR)
- defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW)
- cmdArgs = append(cmdArgs, fmt.Sprintf("%d", ctr.state.PID), "tap0")
- }
+ cmdArgs = append(cmdArgs, "-c", "-e", "3", "-r", "4", fmt.Sprintf("%d", ctr.state.PID), "tap0")
cmd := exec.Command(path, cmdArgs...)
- logrus.Debugf("slirp4netns command: %s", strings.Join(cmd.Args, " "))
+
cmd.SysProcAttr = &syscall.SysProcAttr{
Setpgid: true,
}
-
- // Leak one end of the pipe in slirp4netns, the other will be sent to conmon
cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncR, syncW)
if err := cmd.Start(); err != nil {
@@ -421,25 +410,22 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
}
}
- logrus.Debugf("Tearing down network namespace for container %s", ctr.ID())
+ logrus.Debugf("Tearing down network namespace at %s for container %s", ctr.state.NetNS.Path(), ctr.ID())
- // rootless containers do not use the CNI plugin
- if !rootless.IsRootless() {
- var requestedIP net.IP
- if ctr.requestedIP != nil {
- requestedIP = ctr.requestedIP
- // cancel request for a specific IP in case the container is reused later
- ctr.requestedIP = nil
- } else {
- requestedIP = ctr.config.StaticIP
- }
+ var requestedIP net.IP
+ if ctr.requestedIP != nil {
+ requestedIP = ctr.requestedIP
+ // cancel request for a specific IP in case the container is reused later
+ ctr.requestedIP = nil
+ } else {
+ requestedIP = ctr.config.StaticIP
+ }
- podNetwork := r.getPodNetwork(ctr.ID(), ctr.Name(), ctr.state.NetNS.Path(), ctr.config.Networks, ctr.config.PortMappings, requestedIP)
+ podNetwork := r.getPodNetwork(ctr.ID(), ctr.Name(), ctr.state.NetNS.Path(), ctr.config.Networks, ctr.config.PortMappings, requestedIP)
- // The network may have already been torn down, so don't fail here, just log
- if err := r.netPlugin.TearDownPod(podNetwork); err != nil {
- return errors.Wrapf(err, "error tearing down CNI namespace configuration for container %s", ctr.ID())
- }
+ // The network may have already been torn down, so don't fail here, just log
+ if err := r.netPlugin.TearDownPod(podNetwork); err != nil {
+ return errors.Wrapf(err, "error tearing down CNI namespace configuration for container %s", ctr.ID())
}
// First unmount the namespace
diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go
index 28e4b5b82..52cebefab 100644
--- a/libpod/oci_internal_linux.go
+++ b/libpod/oci_internal_linux.go
@@ -130,16 +130,10 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Containe
}
if ctr.config.NetMode.IsSlirp4netns() {
- if ctr.config.PostConfigureNetNS {
- ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
- if err != nil {
- return errors.Wrapf(err, "failed to create rootless network sync pipe")
- }
- } else {
- defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR)
- defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW)
+ ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
+ if err != nil {
+ return errors.Wrapf(err, "failed to create rootless network sync pipe")
}
-
// Leak one end in conmon, the other one will be leaked into slirp4netns
cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW)
}
diff --git a/libpod/oci_linux.go b/libpod/oci_linux.go
index 4d8e36516..45365203e 100644
--- a/libpod/oci_linux.go
+++ b/libpod/oci_linux.go
@@ -405,14 +405,6 @@ func (r *OCIRuntime) stopContainer(ctr *Container, timeout uint) error {
stopSignal = uint(syscall.SIGTERM)
}
- defer func() {
- // cleanup container networking
- err = ctr.cleanupNetwork()
- if err != nil {
- logrus.Errorf("Error cleaning up container: %s network: %v", ctr.ID(), err)
- }
- }()
-
if timeout > 0 {
if err := r.killContainer(ctr, stopSignal); err != nil {
// Is the container gone?
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index 20b841296..da35b7f93 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -95,9 +95,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
if isRootless {
netmode = "slirp4netns"
}
- // PostConfigureNetNS should not be set since user namespace sharing is not implemented
- // and rootless networking no longer supports post configuration setup
- options = append(options, WithNetNS(p.config.InfraContainer.PortBindings, false, netmode, networks))
+ options = append(options, WithNetNS(p.config.InfraContainer.PortBindings, isRootless, netmode, networks))
return r.newContainer(ctx, g.Config, options...)
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-04 21:22:08 +0000