Properly follow linked namespace container for stats

Podman containers can specify that they get their network namespace from another container. This is automatic in pods, but any container can do it. The problem is that these containers are not guaranteed to have a network namespace of their own; it is perfectly valid to join the network namespace of a --net=host container, and both containers will end up in the host namespace. The code for obtaining network stats did not account for this, and could cause segfaults as a result. Fortunately, the fix is simple - the function we use to get said stats already performs appropriate checks, so we just need to recursively call it. Fixes #5652 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2025-08-06 11:32:07 +08:00 · 2020-06-02 16:31:01 -04:00
parent c4ccd7cbc1
commit 42505f64d2
2 changed files with 18 additions and 1 deletions
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@ -550,7 +550,7 @@ func getContainerNetNS(ctr *Container) (string, error) {
 		if err = c.syncContainer(); err != nil {
 			return "", err
 		}
-		return c.state.NetNS.Path(), nil
+		return getContainerNetNS(c)
 	}
 	return "", nil
 }