From 5d7778411a14b2a10d2e66bb0e4cdf7262cf2689 Mon Sep 17 00:00:00 2001 From: Doug Rabson Date: Tue, 16 Aug 2022 11:14:54 +0100 Subject: libpod: Move rootless network setup details to container_internal_linux.go This removes a use of state.NetNS which is a linux-specific field defined in container_linux.go from the generic container_internal.go, allowing that to build on non-linux platforms. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson --- libpod/container_internal_linux.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'libpod/container_internal_linux.go') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 3c77cb18c..6000c2cdd 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -3228,3 +3228,24 @@ func (c *Container) ChangeHostPathOwnership(src string, recurse bool, uid, gid i } return chown.ChangeHostPathOwnership(src, recurse, uid, gid) } + +// If the container is rootless, set up the slirp4netns network +func (c *Container) setupRootlessNetwork() error { + // set up slirp4netns again because slirp4netns will die when conmon exits + if c.config.NetMode.IsSlirp4netns() { + err := c.runtime.setupSlirp4netns(c, c.state.NetNS) + if err != nil { + return err + } + } + + // set up rootlesskit port forwarder again since it dies when conmon exits + // we use rootlesskit port forwarder only as rootless and when bridge network is used + if rootless.IsRootless() && c.config.NetMode.IsBridge() && len(c.config.PortMappings) > 0 { + err := c.runtime.setupRootlessPortMappingViaRLK(c, c.state.NetNS.Path(), c.state.NetworkStatus) + if err != nil { + return err + } + } + return nil +} -- cgit v1.2.3-54-g00ecf From 1572420c3fbf8a8022faaa93848a7239037a77e4 Mon Sep 17 00:00:00 2001 From: Doug Rabson Date: Tue, 16 Aug 2022 11:15:57 +0100 Subject: libpod: Move uses of unix.O_PATH to container_internal_linux.go The O_PATH flag is a recent addition to the open syscall and is not present in darwin or in FreeBSD releases before 13.1. The constant is not present in the FreeBSD version of x/sys/unix since that package supports FreeBSD 12.3 and later. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson --- libpod/container_internal.go | 4 ++-- libpod/container_internal_linux.go | 4 ++++ libpod/container_internal_unsupported.go | 4 ++++ 3 files changed, 10 insertions(+), 2 deletions(-) (limited to 'libpod/container_internal_linux.go') diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 2d08b56f8..60fb29607 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1545,7 +1545,7 @@ func (c *Container) mountStorage() (_ string, deferredErr error) { rootUID, rootGID := c.RootUID(), c.RootGID() - dirfd, err := unix.Open(mountPoint, unix.O_RDONLY|unix.O_PATH, 0) + dirfd, err := openDirectory(mountPoint) if err != nil { return "", fmt.Errorf("open mount point: %w", err) } @@ -1568,7 +1568,7 @@ func (c *Container) mountStorage() (_ string, deferredErr error) { return "", fmt.Errorf("resolve /etc in the container: %w", err) } - etcInTheContainerFd, err := unix.Open(etcInTheContainerPath, unix.O_RDONLY|unix.O_PATH, 0) + etcInTheContainerFd, err := openDirectory(etcInTheContainerPath) if err != nil { return "", fmt.Errorf("open /etc in the container: %w", err) } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 6000c2cdd..5c5fd471b 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -3249,3 +3249,7 @@ func (c *Container) setupRootlessNetwork() error { } return nil } + +func openDirectory(path string) (fd int, err error) { + return unix.Open(path, unix.O_RDONLY|unix.O_PATH, 0) +} diff --git a/libpod/container_internal_unsupported.go b/libpod/container_internal_unsupported.go index 379be9298..de92ff260 100644 --- a/libpod/container_internal_unsupported.go +++ b/libpod/container_internal_unsupported.go @@ -93,3 +93,7 @@ func getLocalhostHostEntry(c *Container) etchosts.HostEntries { func isRootlessCgroupSet(cgroup string) bool { return false } + +func openDirectory(path string) (fd int, err error) { + return -1, errors.New("unsupported openDirectory") +} -- cgit v1.2.3-54-g00ecf