From beb263554efdb849291caf5dba4a74966564b78d Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 28 Mar 2019 17:39:56 -0400 Subject: Ensure that we make a netns for CNI non-default nets We accidentally patched this out trying to enable ns:/path/to/ns This should restore the ability to configure nondefault CNI networks with Podman, by ensuring that they request creation of a network namespace. Completely remove the WithNetNS() call when we do use an explicit namespace from a path. We use that call to indicate that a netns is going to be created - there should not be any question about whether it actually does. Fixes #2795 Signed-off-by: Matthew Heon --- libpod/options.go | 2 +- pkg/namespaces/namespaces.go | 21 ++++++++++++++++++++- pkg/spec/createconfig.go | 11 +++++------ 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/libpod/options.go b/libpod/options.go index e1ffd6ea5..84c541314 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -930,7 +930,7 @@ func WithNetNS(portMappings []ocicni.PortMapping, postConfigureNetNS bool, netmo ctr.config.PostConfigureNetNS = postConfigureNetNS ctr.config.NetMode = namespaces.NetworkMode(netmode) - ctr.config.CreateNetNS = !ctr.config.NetMode.IsUserDefined() + ctr.config.CreateNetNS = true ctr.config.PortMappings = portMappings ctr.config.Networks = networks diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index 11b47fec4..950818fc7 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -228,7 +228,26 @@ func (n NetworkMode) IsSlirp4netns() bool { return n == "slirp4netns" } +// IsNS() indicates a network namespace passed in by path (ns:) +func (n NetworkMode) IsNS() bool { + return strings.HasPrefix(string(n), "ns:") +} + +// NS() gets the path associated with a ns: network ns +func (n NetworkMode) NS() string { + parts := strings.SplitN(string(n), ":", 2) + if len(parts) > 1 { + return parts[1] + } + return "" +} + +// IsPod() returns whether the network refers to pod networking +func (n NetworkMode) IsPod() bool { + return n == "pod" +} + // IsUserDefined indicates user-created network func (n NetworkMode) IsUserDefined() bool { - return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer() && !n.IsSlirp4netns() + return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer() && !n.IsSlirp4netns() && !n.IsNS() } diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 07ae633d1..0a12e3dca 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -451,16 +451,15 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime, pod *l } } - if IsNS(string(c.NetMode)) { - split := strings.SplitN(string(c.NetMode), ":", 2) - if len(split[0]) != 2 { - return nil, errors.Errorf("invalid user defined network namespace %q", c.NetMode.UserDefined()) + if c.NetMode.IsNS() { + ns := c.NetMode.NS() + if ns == "" { + return nil, errors.Errorf("invalid empty user-defined network namespace") } - _, err := os.Stat(split[1]) + _, err := os.Stat(ns) if err != nil { return nil, err } - options = append(options, libpod.WithNetNS(portBindings, false, string(c.NetMode), networks)) } else if c.NetMode.IsContainer() { connectedCtr, err := c.Runtime.LookupContainer(c.NetMode.Container()) if err != nil { -- cgit v1.2.3-54-g00ecf From e25924f31c8e9e53490f02073ba69d41e3470712 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 28 Mar 2019 18:01:36 -0400 Subject: Fix lint Signed-off-by: Matthew Heon --- pkg/namespaces/namespaces.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index 950818fc7..fde6118af 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -228,12 +228,12 @@ func (n NetworkMode) IsSlirp4netns() bool { return n == "slirp4netns" } -// IsNS() indicates a network namespace passed in by path (ns:) +// IsNS indicates a network namespace passed in by path (ns:) func (n NetworkMode) IsNS() bool { return strings.HasPrefix(string(n), "ns:") } -// NS() gets the path associated with a ns: network ns +// NS gets the path associated with a ns: network ns func (n NetworkMode) NS() string { parts := strings.SplitN(string(n), ":", 2) if len(parts) > 1 { @@ -242,7 +242,7 @@ func (n NetworkMode) NS() string { return "" } -// IsPod() returns whether the network refers to pod networking +// IsPod returns whether the network refers to pod networking func (n NetworkMode) IsPod() bool { return n == "pod" } -- cgit v1.2.3-54-g00ecf