From 170fd7b038757228bf169e6180cab19a1e412f26 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 18 Feb 2020 11:46:27 +0100
Subject: rootless: fix a regression when using -d

when using -d and port mapping, make sure the correct fd is injected
into conmon.

Move the pipe creation earlier as the fd must be known at the time we
create the container through conmon.

Closes: https://github.com/containers/libpod/issues/5167

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/networking_linux.go | 14 +++++++++++---
 libpod/oci_conmon_linux.go | 10 +++++++---
 2 files changed, 18 insertions(+), 6 deletions(-)

(limited to 'libpod')

diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index d90bcb708..fa8593f20 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -335,10 +335,13 @@ func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) (er
 		return errors.Wrapf(err, "delete file %s", logPath)
 	}
 
-	ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
-	if err != nil {
-		return errors.Wrapf(err, "failed to create rootless port sync pipe")
+	if !ctr.config.PostConfigureNetNS {
+		ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
+		if err != nil {
+			return errors.Wrapf(err, "failed to create rootless port sync pipe")
+		}
 	}
+
 	cfg := rootlessport.Config{
 		Mappings:  ctr.config.PortMappings,
 		NetNSPath: netnsPath,
@@ -355,6 +358,11 @@ func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) (er
 	cmd := exec.Command(fmt.Sprintf("/proc/%d/exe", os.Getpid()))
 	cmd.Args = []string{rootlessport.ReexecKey}
 	// Leak one end of the pipe in rootlessport process, the other will be sent to conmon
+
+	if ctr.rootlessPortSyncR != nil {
+		defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR)
+	}
+
 	cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessPortSyncR, syncW)
 	cmd.Stdin = cfgR
 	// stdout is for human-readable error, stderr is for debug log
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 722012386..07d38693f 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1161,6 +1161,13 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 
 	if ctr.config.NetMode.IsSlirp4netns() {
 		if ctr.config.PostConfigureNetNS {
+			havePortMapping := len(ctr.Config().PortMappings) > 0
+			if havePortMapping {
+				ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
+				if err != nil {
+					return errors.Wrapf(err, "failed to create rootless port sync pipe")
+				}
+			}
 			ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
 			if err != nil {
 				return errors.Wrapf(err, "failed to create rootless network sync pipe")
@@ -1176,9 +1183,6 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 		// Leak one end in conmon, the other one will be leaked into slirp4netns
 		cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW)
 
-		if ctr.rootlessPortSyncR != nil {
-			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR)
-		}
 		if ctr.rootlessPortSyncW != nil {
 			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncW)
 			// Leak one end in conmon, the other one will be leaked into rootlessport
-- 
cgit v1.2.3-54-g00ecf