From ff9c965335af0258bd34edae31699a87a03689a9 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Wed, 6 Dec 2017 16:43:23 -0500 Subject: Create new network namespaces when initializing containers Also fix a few lingering lint issues Signed-off-by: Matthew Heon Closes: #109 Approved by: mheon --- libpod/container.go | 18 ++++++++++++++++++ libpod/networking.go | 8 ++++---- libpod/sql_state.go | 2 +- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/libpod/container.go b/libpod/container.go index ada037531..15ad1f49a 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -551,6 +551,20 @@ func (c *Container) Init() (err error) { return err } + // Make a network namespace for the container + if c.config.CreateNetNS && c.state.NetNS == nil { + if err := c.runtime.createNetNS(c); err != nil { + return err + } + } + defer func() { + if err != nil { + if err2 := c.runtime.teardownNetNS(c); err2 != nil { + logrus.Errorf("Error tearing down network namespace for container %s: %v", c.ID(), err2) + } + } + }() + // If the OCI spec already exists, we need to replace it // Cannot guarantee some things, e.g. network namespaces, have the same // paths @@ -580,6 +594,10 @@ func (c *Container) Init() (err error) { // Save OCI spec to disk g := generate.NewFromSpec(c.config.Spec) + // If network namespace was requested, add it now + if c.config.CreateNetNS { + g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()) + } // Mount ShmDir from host into container g.AddBindMount(c.config.ShmDir, "/dev/shm", []string{"rw"}) // Bind mount resolv.conf diff --git a/libpod/networking.go b/libpod/networking.go index f613ad5f8..24e6339d7 100644 --- a/libpod/networking.go +++ b/libpod/networking.go @@ -20,19 +20,19 @@ func getPodNetwork(id, name, nsPath string, ports []ocicni.PortMapping) ocicni.P // Create and configure a new network namespace for a container func (r *Runtime) createNetNS(ctr *Container) (err error) { - ns, err := ns.NewNS() + ctrNS, err := ns.NewNS() if err != nil { return errors.Wrapf(err, "error creating network namespace for container %s", ctr.ID()) } defer func() { if err != nil { - if err2 := ns.Close(); err2 != nil { + if err2 := ctrNS.Close(); err2 != nil { logrus.Errorf("Error closing partially created network namespace for container %s: %v", ctr.ID(), err2) } } }() - podNetwork := getPodNetwork(ctr.ID(), ctr.Name(), ns.Path(), ctr.config.PortMappings) + podNetwork := getPodNetwork(ctr.ID(), ctr.Name(), ctrNS.Path(), ctr.config.PortMappings) if err := r.netPlugin.SetUpPod(podNetwork); err != nil { return errors.Wrapf(err, "error configuring network namespace for container %s", ctr.ID()) @@ -40,7 +40,7 @@ func (r *Runtime) createNetNS(ctr *Container) (err error) { // TODO hostport mappings for forwarded ports - ctr.state.NetNS = ns + ctr.state.NetNS = ctrNS return nil } diff --git a/libpod/sql_state.go b/libpod/sql_state.go index 97df749e9..5248ee87a 100644 --- a/libpod/sql_state.go +++ b/libpod/sql_state.go @@ -482,7 +482,7 @@ func (s *SQLState) UpdateContainer(ctr *Container) error { } newState.NetNS = ns } - } else { + } else { // The container no longer has a network namespace // Tear down the old one if err := s.runtime.teardownNetNS(ctr); err != nil { -- cgit v1.2.3-54-g00ecf