From ef325bc8c4824537e4bfb21aa7e6114a6e5a8c09 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 13 Dec 2021 20:36:25 +0100 Subject: specgen: check that networks are only set with bridge Because we cannot reqad the networking mode in the frontent because we should always use the server default we have to parse the mac and ip address to the server via a default network. Now when the server reads the default nsmode it has to reject the provided networks when the mode is not set to bridge. Signed-off-by: Paul Holzinger --- pkg/specgen/container_validate.go | 5 +++++ pkg/specgen/pod_validate.go | 4 +--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index cae231f0e..d06a047c1 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -189,5 +189,10 @@ func (s *SpecGenerator) Validate() error { if err := validateNetNS(&s.NetNS); err != nil { return err } + if s.NetNS.NSMode != Bridge && len(s.Networks) > 0 { + // Note that we also get the ip and mac in the networks map + return errors.New("Networks and static ip/mac address can only be used with Bridge mode networking") + } + return nil } diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go index 224a5b12d..c5a66189c 100644 --- a/pkg/specgen/pod_validate.go +++ b/pkg/specgen/pod_validate.go @@ -67,10 +67,8 @@ func (p *PodSpecGenerator) Validate() error { if len(p.PortMappings) > 0 { return errors.New("PortMappings can only be used with Bridge or slirp4netns networking") } - if len(p.Networks) > 0 { - return errors.New("Networks can only be used with Bridge mode networking") - } } + if p.NoManageResolvConf { if len(p.DNSServer) > 0 { return exclusivePodOptions("NoManageResolvConf", "DNSServer") -- cgit v1.2.3-54-g00ecf