From 9be7029cdd4736f3ac33004e4364e3e7f3bd1db5 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 16 Jul 2020 12:19:51 +0200 Subject: libpod: pass down network options do not pass network specific options through the network namespace. Signed-off-by: Giuseppe Scrivano --- test/e2e/run_networking_test.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'test') diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 5a463d46f..50937a10b 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -221,6 +221,29 @@ var _ = Describe("Podman run networking", func() { Expect(ncBusy).To(ExitWithError()) }) + It("podman run network expose host port 8081 to container port 8000 using rootlesskit port handler", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=rootlesskit", "-dt", "-p", "8081:8000", ALPINE, "/bin/sh"}) + session.Wait(30) + Expect(session.ExitCode()).To(Equal(0)) + + ncBusy := SystemExec("nc", []string{"-l", "-p", "8081"}) + Expect(ncBusy).To(ExitWithError()) + }) + + It("podman run network expose host port 8082 to container port 8000 using slirp4netns port handler", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=slirp4netns", "-dt", "-p", "8082:8000", ALPINE, "/bin/sh"}) + session.Wait(30) + Expect(session.ExitCode()).To(Equal(0)) + ncBusy := SystemExec("nc", []string{"-l", "-p", "8082"}) + Expect(ncBusy).To(ExitWithError()) + }) + + It("podman run network expose host port 8080 to container port 8000 using invalid port handler", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=invalid", "-dt", "-p", "8080:8000", ALPINE, "/bin/sh"}) + session.Wait(30) + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + It("podman run network expose ports in image metadata", func() { session := podmanTest.Podman([]string{"create", "-dt", "-P", nginx}) session.Wait(90) -- cgit v1.2.3-54-g00ecf From 7722b582b4f09df64fb55e3ab9669392754ce75c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 16 Jul 2020 12:26:36 +0200 Subject: network, slirp4netns: add option to allow host loopback Closes: https://github.com/containers/podman/issues/6912 Signed-off-by: Giuseppe Scrivano --- libpod/networking_linux.go | 7 ++++++- test/e2e/run_networking_test.go | 6 ++++++ 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 9be8e0b14..8b08d3d5f 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -224,6 +224,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID)) isSlirpHostForward := false + disableHostLoopback := true if ctr.config.NetworkOptions != nil { slirpOptions := ctr.config.NetworkOptions["slirp4netns"] for _, o := range slirpOptions { @@ -232,6 +233,10 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { isSlirpHostForward = true case "port_handler=rootlesskit": isSlirpHostForward = false + case "allow_host_loopback=true": + disableHostLoopback = false + case "allow_host_loopback=false": + disableHostLoopback = true default: return errors.Errorf("unknown option for slirp4netns: %q", o) @@ -244,7 +249,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { if err != nil { return errors.Wrapf(err, "error checking slirp4netns binary %s: %q", path, err) } - if slirpFeatures.HasDisableHostLoopback { + if disableHostLoopback && slirpFeatures.HasDisableHostLoopback { cmdArgs = append(cmdArgs, "--disable-host-loopback") } if slirpFeatures.HasMTU { diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 50937a10b..93057f428 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -244,6 +244,12 @@ var _ = Describe("Podman run networking", func() { Expect(session.ExitCode()).To(Not(Equal(0))) }) + It("podman run slirp4netns network with host loopback", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:allow_host_loopback=true", ALPINE, "ping", "-c1", "10.0.2.2"}) + session.Wait(30) + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman run network expose ports in image metadata", func() { session := podmanTest.Podman([]string{"create", "-dt", "-P", nginx}) session.Wait(90) -- cgit v1.2.3-54-g00ecf