mirror of
https://github.com/containers/podman.git
synced 2025-10-25 18:25:59 +08:00
Merge pull request #8489 from ashley-cui/commonslirp
Add ability to set system wide options for slirp4netns
This commit is contained in:
OpenShift Merge Robot
2
go.mod
2
go.mod
@ -11,7 +11,7 @@ require (
|
|||||||
github.com/containernetworking/cni v0.8.0
|
github.com/containernetworking/cni v0.8.0
|
||||||
github.com/containernetworking/plugins v0.8.7
|
github.com/containernetworking/plugins v0.8.7
|
||||||
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c
|
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c
|
||||||
github.com/containers/common v0.29.0
|
github.com/containers/common v0.30.0
|
||||||
github.com/containers/conmon v2.0.20+incompatible
|
github.com/containers/conmon v2.0.20+incompatible
|
||||||
github.com/containers/image/v5 v5.8.1
|
github.com/containers/image/v5 v5.8.1
|
||||||
github.com/containers/psgo v1.5.1
|
github.com/containers/psgo v1.5.1
|
||||||
|
|||||||
2
go.sum
2
go.sum
@ -95,6 +95,8 @@ github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c h1:vyc2iYz9b
|
|||||||
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c/go.mod h1:B+0OkXUogxdwsEy4ax3a5/vDtJjL6vCisiV6frQZJ4A=
|
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c/go.mod h1:B+0OkXUogxdwsEy4ax3a5/vDtJjL6vCisiV6frQZJ4A=
|
||||||
github.com/containers/common v0.29.0 h1:hTMC+urdkk5bKfhL/OgCixIX5xjJgQ2l2jPG745ECFQ=
|
github.com/containers/common v0.29.0 h1:hTMC+urdkk5bKfhL/OgCixIX5xjJgQ2l2jPG745ECFQ=
|
||||||
github.com/containers/common v0.29.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
|
github.com/containers/common v0.29.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
|
||||||
|
github.com/containers/common v0.30.0 h1:yKhrhnOxIymtMk+oLJMKEbG/VkYyU0DRJWSdCT0LhOY=
|
||||||
|
github.com/containers/common v0.30.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
|
||||||
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
|
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
|
||||||
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
|
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
|
||||||
github.com/containers/image/v5 v5.8.1 h1:aHW8a/Kd0dTJ7PTL/fc6y12sJqHxWgqilu+XyHfjD8Q=
|
github.com/containers/image/v5 v5.8.1 h1:aHW8a/Kd0dTJ7PTL/fc6y12sJqHxWgqilu+XyHfjD8Q=
|
||||||
|
|||||||
@ -245,7 +245,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
|
|||||||
// setupSlirp4netns can be called in rootful as well as in rootless
|
// setupSlirp4netns can be called in rootful as well as in rootless
|
||||||
func (r *Runtime) setupSlirp4netns(ctr *Container) error {
|
func (r *Runtime) setupSlirp4netns(ctr *Container) error {
|
||||||
path := r.config.Engine.NetworkCmdPath
|
path := r.config.Engine.NetworkCmdPath
|
||||||
|
slirpOptions := r.config.Engine.NetworkCmdOptions
|
||||||
if path == "" {
|
if path == "" {
|
||||||
var err error
|
var err error
|
||||||
path, err = exec.LookPath("slirp4netns")
|
path, err = exec.LookPath("slirp4netns")
|
||||||
@ -273,68 +273,69 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
|
|||||||
outboundAddr6 := ""
|
outboundAddr6 := ""
|
||||||
|
|
||||||
if ctr.config.NetworkOptions != nil {
|
if ctr.config.NetworkOptions != nil {
|
||||||
slirpOptions := ctr.config.NetworkOptions["slirp4netns"]
|
slirpOptions = append(slirpOptions, ctr.config.NetworkOptions["slirp4netns"]...)
|
||||||
for _, o := range slirpOptions {
|
}
|
||||||
parts := strings.SplitN(o, "=", 2)
|
|
||||||
if len(parts) < 2 {
|
for _, o := range slirpOptions {
|
||||||
return errors.Errorf("unknown option for slirp4netns: %q", o)
|
parts := strings.SplitN(o, "=", 2)
|
||||||
|
if len(parts) < 2 {
|
||||||
|
return errors.Errorf("unknown option for slirp4netns: %q", o)
|
||||||
|
}
|
||||||
|
option, value := parts[0], parts[1]
|
||||||
|
switch option {
|
||||||
|
case "cidr":
|
||||||
|
ipv4, _, err := net.ParseCIDR(value)
|
||||||
|
if err != nil || ipv4.To4() == nil {
|
||||||
|
return errors.Errorf("invalid cidr %q", value)
|
||||||
}
|
}
|
||||||
option, value := parts[0], parts[1]
|
cidr = value
|
||||||
switch option {
|
case "port_handler":
|
||||||
case "cidr":
|
switch value {
|
||||||
ipv4, _, err := net.ParseCIDR(value)
|
case "slirp4netns":
|
||||||
if err != nil || ipv4.To4() == nil {
|
isSlirpHostForward = true
|
||||||
return errors.Errorf("invalid cidr %q", value)
|
case "rootlesskit":
|
||||||
}
|
isSlirpHostForward = false
|
||||||
cidr = value
|
|
||||||
case "port_handler":
|
|
||||||
switch value {
|
|
||||||
case "slirp4netns":
|
|
||||||
isSlirpHostForward = true
|
|
||||||
case "rootlesskit":
|
|
||||||
isSlirpHostForward = false
|
|
||||||
default:
|
|
||||||
return errors.Errorf("unknown port_handler for slirp4netns: %q", value)
|
|
||||||
}
|
|
||||||
case "allow_host_loopback":
|
|
||||||
switch value {
|
|
||||||
case "true":
|
|
||||||
disableHostLoopback = false
|
|
||||||
case "false":
|
|
||||||
disableHostLoopback = true
|
|
||||||
default:
|
|
||||||
return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value)
|
|
||||||
}
|
|
||||||
case "enable_ipv6":
|
|
||||||
switch value {
|
|
||||||
case "true":
|
|
||||||
enableIPv6 = true
|
|
||||||
case "false":
|
|
||||||
enableIPv6 = false
|
|
||||||
default:
|
|
||||||
return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value)
|
|
||||||
}
|
|
||||||
case "outbound_addr":
|
|
||||||
ipv4 := net.ParseIP(value)
|
|
||||||
if ipv4 == nil || ipv4.To4() == nil {
|
|
||||||
_, err := net.InterfaceByName(value)
|
|
||||||
if err != nil {
|
|
||||||
return errors.Errorf("invalid outbound_addr %q", value)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
outboundAddr = value
|
|
||||||
case "outbound_addr6":
|
|
||||||
ipv6 := net.ParseIP(value)
|
|
||||||
if ipv6 == nil || ipv6.To4() != nil {
|
|
||||||
_, err := net.InterfaceByName(value)
|
|
||||||
if err != nil {
|
|
||||||
return errors.Errorf("invalid outbound_addr6: %q", value)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
outboundAddr6 = value
|
|
||||||
default:
|
default:
|
||||||
return errors.Errorf("unknown option for slirp4netns: %q", o)
|
return errors.Errorf("unknown port_handler for slirp4netns: %q", value)
|
||||||
}
|
}
|
||||||
|
case "allow_host_loopback":
|
||||||
|
switch value {
|
||||||
|
case "true":
|
||||||
|
disableHostLoopback = false
|
||||||
|
case "false":
|
||||||
|
disableHostLoopback = true
|
||||||
|
default:
|
||||||
|
return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value)
|
||||||
|
}
|
||||||
|
case "enable_ipv6":
|
||||||
|
switch value {
|
||||||
|
case "true":
|
||||||
|
enableIPv6 = true
|
||||||
|
case "false":
|
||||||
|
enableIPv6 = false
|
||||||
|
default:
|
||||||
|
return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value)
|
||||||
|
}
|
||||||
|
case "outbound_addr":
|
||||||
|
ipv4 := net.ParseIP(value)
|
||||||
|
if ipv4 == nil || ipv4.To4() == nil {
|
||||||
|
_, err := net.InterfaceByName(value)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Errorf("invalid outbound_addr %q", value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
outboundAddr = value
|
||||||
|
case "outbound_addr6":
|
||||||
|
ipv6 := net.ParseIP(value)
|
||||||
|
if ipv6 == nil || ipv6.To4() != nil {
|
||||||
|
_, err := net.InterfaceByName(value)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Errorf("invalid outbound_addr6: %q", value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
outboundAddr6 = value
|
||||||
|
default:
|
||||||
|
return errors.Errorf("unknown option for slirp4netns: %q", o)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -52,3 +52,7 @@ dns_options=[ "debug", ]
|
|||||||
tz = "Pacific/Honolulu"
|
tz = "Pacific/Honolulu"
|
||||||
|
|
||||||
umask = "0002"
|
umask = "0002"
|
||||||
|
|
||||||
|
[engine]
|
||||||
|
|
||||||
|
network_cmd_options=["allow_host_loopback=true"]
|
||||||
|
|||||||
@ -258,6 +258,12 @@ var _ = Describe("Podman run", func() {
|
|||||||
Expect(session.OutputToString()).To(Equal("0002"))
|
Expect(session.OutputToString()).To(Equal("0002"))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("podman set network cmd options slirp options to allow host loopback", func() {
|
||||||
|
session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "ping", "-c1", "10.0.2.2"})
|
||||||
|
session.Wait(30)
|
||||||
|
Expect(session.ExitCode()).To(Equal(0))
|
||||||
|
})
|
||||||
|
|
||||||
It("podman-remote test localcontainers.conf versus remote containers.conf", func() {
|
It("podman-remote test localcontainers.conf versus remote containers.conf", func() {
|
||||||
if !IsRemote() {
|
if !IsRemote() {
|
||||||
Skip("this test is only for remote")
|
Skip("this test is only for remote")
|
||||||
@ -311,4 +317,5 @@ var _ = Describe("Podman run", func() {
|
|||||||
Expect(session.ExitCode()).To(Equal(0))
|
Expect(session.ExitCode()).To(Equal(0))
|
||||||
Expect(session.OutputToString()).To(Equal("0022"))
|
Expect(session.OutputToString()).To(Equal("0022"))
|
||||||
})
|
})
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|||||||
4
vendor/github.com/containers/common/pkg/config/config.go
generated
vendored
4
vendor/github.com/containers/common/pkg/config/config.go
generated
vendored
@ -268,6 +268,10 @@ type EngineConfig struct {
|
|||||||
// NetworkCmdPath is the path to the slirp4netns binary.
|
// NetworkCmdPath is the path to the slirp4netns binary.
|
||||||
NetworkCmdPath string `toml:"network_cmd_path,omitempty"`
|
NetworkCmdPath string `toml:"network_cmd_path,omitempty"`
|
||||||
|
|
||||||
|
// NetworkCmdOptions is the default options to pass to the slirp4netns binary.
|
||||||
|
// For example "allow_host_loopback=true"
|
||||||
|
NetworkCmdOptions []string `toml:"network_cmd_options,omitempty"`
|
||||||
|
|
||||||
// NoPivotRoot sets whether to set no-pivot-root in the OCI runtime.
|
// NoPivotRoot sets whether to set no-pivot-root in the OCI runtime.
|
||||||
NoPivotRoot bool `toml:"no_pivot_root,omitempty"`
|
NoPivotRoot bool `toml:"no_pivot_root,omitempty"`
|
||||||
|
|
||||||
|
|||||||
5
vendor/github.com/containers/common/pkg/config/containers.conf
generated
vendored
5
vendor/github.com/containers/common/pkg/config/containers.conf
generated
vendored
@ -348,6 +348,11 @@ default_sysctls = [
|
|||||||
#
|
#
|
||||||
# network_cmd_path=""
|
# network_cmd_path=""
|
||||||
|
|
||||||
|
# Default options to pass to the slirp4netns binary.
|
||||||
|
# For example "allow_host_loopback=true"
|
||||||
|
#
|
||||||
|
# network_cmd_options=[]
|
||||||
|
|
||||||
# Whether to use chroot instead of pivot_root in the runtime
|
# Whether to use chroot instead of pivot_root in the runtime
|
||||||
#
|
#
|
||||||
# no_pivot_root = false
|
# no_pivot_root = false
|
||||||
|
|||||||
2
vendor/github.com/containers/common/version/version.go
generated
vendored
2
vendor/github.com/containers/common/version/version.go
generated
vendored
@ -1,4 +1,4 @@
|
|||||||
package version
|
package version
|
||||||
|
|
||||||
// Version is the version of the build.
|
// Version is the version of the build.
|
||||||
const Version = "0.29.0"
|
const Version = "0.30.0"
|
||||||
|
|||||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -86,7 +86,7 @@ github.com/containers/buildah/pkg/parse
|
|||||||
github.com/containers/buildah/pkg/rusage
|
github.com/containers/buildah/pkg/rusage
|
||||||
github.com/containers/buildah/pkg/supplemented
|
github.com/containers/buildah/pkg/supplemented
|
||||||
github.com/containers/buildah/util
|
github.com/containers/buildah/util
|
||||||
# github.com/containers/common v0.29.0
|
# github.com/containers/common v0.30.0
|
||||||
github.com/containers/common/pkg/apparmor
|
github.com/containers/common/pkg/apparmor
|
||||||
github.com/containers/common/pkg/apparmor/internal/supported
|
github.com/containers/common/pkg/apparmor/internal/supported
|
||||||
github.com/containers/common/pkg/auth
|
github.com/containers/common/pkg/auth
|
||||||
|
|||||||
Reference in New Issue
Block a user