update c/common to latest

This contains changes that are needed to enable netavark e2e testing.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/containernetworking/cni v1.0.1
 	github.com/containernetworking/plugins v1.0.1
 	github.com/containers/buildah v1.23.1-0.20220112160421-d744ebc4b1d5
-	github.com/containers/common v0.46.1-0.20220112112017-31e8cc4aeeab
+	github.com/containers/common v0.46.1-0.20220117145719-da777f8b15b1
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.18.0
 	github.com/containers/ocicrypt v1.1.2

go.sum

@@ -315,8 +315,8 @@ github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNB
 github.com/containers/buildah v1.23.1-0.20220112160421-d744ebc4b1d5 h1:J4ZMQgpzjClLNuRDCIYDY2KZE1yO9A1I3A/jEaFvtaY=
 github.com/containers/buildah v1.23.1-0.20220112160421-d744ebc4b1d5/go.mod h1:pA9nL58rY+rtoyZkzPmkv02Nwb9ifvYlChg95gKkNAY=
 github.com/containers/common v0.46.1-0.20220110165509-08c2c97e5e25/go.mod h1:hXUU9gtA8V9dSLHhizp/k/s0ZXBzrnUSScUfrsw8z2Y=
-github.com/containers/common v0.46.1-0.20220112112017-31e8cc4aeeab h1:Pf1kwI8sZPiPMuen619noeltwtB2cIFC1iY42fE87AY=
+github.com/containers/common v0.46.1-0.20220117145719-da777f8b15b1 h1:TGXTygk3STL+G4F1zGgSITdIEE5i+BgsSDLOmGuUYTY=
-github.com/containers/common v0.46.1-0.20220112112017-31e8cc4aeeab/go.mod h1:hXUU9gtA8V9dSLHhizp/k/s0ZXBzrnUSScUfrsw8z2Y=
+github.com/containers/common v0.46.1-0.20220117145719-da777f8b15b1/go.mod h1:lJkY5VdkdU2BEDdbO5vgi3G69KWEgWBWXi6tNgm2BlM=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.17.1-0.20220106205022-73f80d60f0e1/go.mod h1:daAiRXgcGIf/7eD7B2EkuHHw084/8M8Kh35rzOu56y0=

vendor/github.com/containers/common/libnetwork/network/interface.go

@@ -14,11 +14,24 @@ import (
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage"
+	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/ioutils"
+	"github.com/containers/storage/pkg/unshare"
 	"github.com/sirupsen/logrus"
 )
 
-const defaultNetworkBackendFileName = "defaultNetworkBackend"
+const (
+	// defaultNetworkBackendFileName is the file name for sentinel file to store the backend
+	defaultNetworkBackendFileName = "defaultNetworkBackend"
+	// cniConfigDir is the directory where cni configuration is found
+	cniConfigDir = "/etc/cni/net.d/"
+	// cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins
+	cniConfigDirRootless = "cni/net.d/"
+	// netavarkConfigDir is the config directory for the rootful network files
+	netavarkConfigDir = "/etc/containers/networks"
+	// netavarkRunDir is the run directory for the rootful temporary network files such as the ipam db
+	netavarkRunDir = "/run/containers/networks"
+)
 
 // NetworkBackend returns the network backend name and interface
 // It returns either the CNI or netavark backend depending on what is set in the config.
@@ -42,9 +55,24 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 		if err != nil {
 			return "", nil, err
 		}
+
+		confDir := conf.Network.NetworkConfigDir
+		if confDir == "" {
+			confDir = getDefaultNetavarkConfigDir(store)
+		}
+
+		// We cannot use the runroot for rootful since the network namespace is shared for all
+		// libpod instances they also have to share the same ipam db.
+		// For rootless we have our own network namespace per libpod instances,
+		// so this is not a problem there.
+		runDir := netavarkRunDir
+		if unshare.IsRootless() {
+			runDir = filepath.Join(store.RunRoot(), "networks")
+		}
+
 		netInt, err := netavark.NewNetworkInterface(&netavark.InitConfig{
-			NetworkConfigDir: filepath.Join(store.GraphRoot(), "networks"),
+			NetworkConfigDir: confDir,
-			NetworkRunDir:    filepath.Join(store.RunRoot(), "networks"),
+			NetworkRunDir:    runDir,
 			NetavarkBinary:   netavarkBin,
 			DefaultNetwork:   conf.Network.DefaultNetwork,
 			DefaultSubnet:    conf.Network.DefaultSubnet,
@@ -122,11 +150,42 @@ func defaultNetworkBackend(store storage.Store, conf *config.Config) (backend ty
 }
 
 func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
+	confDir := conf.Network.NetworkConfigDir
+	if confDir == "" {
+		var err error
+		confDir, err = getDefultCNIConfigDir()
+		if err != nil {
+			return nil, err
+		}
+	}
 	return cni.NewCNINetworkInterface(&cni.InitConfig{
-		CNIConfigDir:   conf.Network.NetworkConfigDir,
+		CNIConfigDir:   confDir,
 		CNIPluginDirs:  conf.Network.CNIPluginDirs,
 		DefaultNetwork: conf.Network.DefaultNetwork,
 		DefaultSubnet:  conf.Network.DefaultSubnet,
 		IsMachine:      conf.Engine.MachineEnabled,
 	})
 }
+
+func getDefultCNIConfigDir() (string, error) {
+	if !unshare.IsRootless() {
+		return cniConfigDir, nil
+	}
+
+	configHome, err := homedir.GetConfigHome()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(configHome, cniConfigDirRootless), nil
+}
+
+// getDefaultNetavarkConfigDir return the netavark config dir. For rootful it will
+// use "/etc/containers/networks" and for rootless "$graphroot/networks". We cannot
+// use the graphroot for rootful since the network namespace is shared for all
+// libpod instances.
+func getDefaultNetavarkConfigDir(store storage.Store) string {
+	if !unshare.IsRootless() {
+		return netavarkConfigDir
+	}
+	return filepath.Join(store.GraphRoot(), "networks")
+}

vendor/github.com/containers/common/pkg/config/config.go

@@ -822,21 +822,6 @@ func (c *ContainersConfig) Validate() error {
 // execution checks. It returns an `error` on validation failure, otherwise
 // `nil`.
 func (c *NetworkConfig) Validate() error {
-	expectedConfigDir := _cniConfigDir
-	if unshare.IsRootless() {
-		home, err := unshare.HomeDir()
-		if err != nil {
-			return err
-		}
-		expectedConfigDir = filepath.Join(home, _cniConfigDirRootless)
-	}
-	if c.NetworkConfigDir != expectedConfigDir {
-		err := isDirectory(c.NetworkConfigDir)
-		if err != nil && !os.IsNotExist(err) {
-			return errors.Wrapf(err, "invalid network_config_dir: %s", c.NetworkConfigDir)
-		}
-	}
-
 	if stringsEq(c.CNIPluginDirs, DefaultCNIPluginDirs) {
 		return nil
 	}

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -249,9 +249,6 @@ default_sysctls = [
 #
 #volumes = []
 
-# The network table contains settings pertaining to the management of
-# CNI plugins.
-
 [secrets]
 #driver = "file"
 
@@ -260,9 +257,15 @@ default_sysctls = [
 
 [network]
 
-# Network backend to use. Default "CNI".
+# Network backend determines what network driver will be used to set up and tear down container networks.
+# Valid values are "cni" and "netavark".
+# The default value is empty which means that it will automatically choose CNI or netavark. If there are
+# already containers/images or CNI networks preset it will choose CNI.
 #
-#network_backend = "cni"
+# Before changing this value all containers must be stopped otherwise it is likely that
+# iptables rules and network interfaces might leak on the host. A reboot will fix this.
+#
+#network_backend = ""
 
 # Path to directory where CNI plugin binaries are located.
 #
@@ -274,18 +277,22 @@ default_sysctls = [
 #  "/opt/cni/bin",
 #]
 
-# The network name of the default CNI network to attach pods to.
+# The network name of the default network to attach pods to.
 #
 #default_network = "podman"
 
-# The default subnet for the default CNI network given in default_network.
+# The default subnet for the default network given in default_network.
 # If a network with that name does not exist, a new network using that name and
 # this subnet will be created.
 # Must be a valid IPv4 CIDR prefix.
 #
 #default_subnet = "10.88.0.0/16"
 
-# Path to the directory where CNI configuration files are located.
+# Path to the directory where network configuration files are located.
+# For the CNI backend the default is "/etc/cni/net.d" as root
+# and "$HOME/.config/cni/net.d" as rootless.
+# For the netavark backend "/etc/containers/networks" is used as root
+# and "$graphroot/networks" as rootless.
 #
 #network_config_dir = "/etc/cni/net.d/"
 
@@ -351,6 +358,9 @@ default_sysctls = [
 #
 #env = []
 
+# Define where event logs will be stored, when events_logger is "file".
+#events_logfile_path=""
+
 # Selects which logging mechanism to use for container engine events.
 # Valid values are `journald`, `file` and `none`.
 #

vendor/github.com/containers/common/pkg/config/default.go

@@ -94,10 +94,6 @@ const (
 	// InstallPrefix is the prefix where podman will be installed.
 	// It can be overridden at build time.
 	_installPrefix = "/usr"
-	// _cniConfigDir is the directory where cni configuration is found
-	_cniConfigDir = "/etc/cni/net.d/"
-	// _cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins
-	_cniConfigDirRootless = "cni/net.d/"
 	// CgroupfsCgroupsManager represents cgroupfs native cgroup manager
 	CgroupfsCgroupsManager = "cgroupfs"
 	// DefaultApparmorProfile  specifies the default apparmor profile for the container.
@@ -141,8 +137,6 @@ func DefaultConfig() (*Config, error) {
 		return nil, err
 	}
 
-	cniConfig := _cniConfigDir
-
 	defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
 	if unshare.IsRootless() {
 		configHome, err := homedir.GetConfigHome()
@@ -156,7 +150,6 @@ func DefaultConfig() (*Config, error) {
 				defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
 			}
 		}
-		cniConfig = filepath.Join(configHome, _cniConfigDirRootless)
 	}
 
 	cgroupNS := "host"
@@ -205,7 +198,6 @@ func DefaultConfig() (*Config, error) {
 		Network: NetworkConfig{
 			DefaultNetwork: "podman",
 			DefaultSubnet:  DefaultSubnet,
-			NetworkConfigDir: cniConfig,
 			CNIPluginDirs:  DefaultCNIPluginDirs,
 		},
 		Engine:  *defaultEngineConfig,

vendor/modules.txt

@@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/util
-# github.com/containers/common v0.46.1-0.20220112112017-31e8cc4aeeab
+# github.com/containers/common v0.46.1-0.20220117145719-da777f8b15b1
 ## explicit
 github.com/containers/common/libimage
 github.com/containers/common/libimage/manifests