vendor latest c/common main

Includes a new libnetwork API to get the rootlessnetns ips. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-10-18 11:42:55 +08:00 · 2024-05-17 11:32:20 +02:00
parent 77db54a78a
commit 54ce5c6af1
11 changed files with 122 additions and 28 deletions
--- a/vendor/github.com/containers/common/libnetwork/cni/run.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/run.go
@ -295,3 +295,10 @@ func (n *cniNetwork) RunInRootlessNetns(toRun func() error) error {
 	}
 	return n.rootlessNetns.Run(n.lock, toRun)
 }
+
+func (n *cniNetwork) RootlessNetnsInfo() (*types.RootlessNetnsInfo, error) {
+	if n.rootlessNetns == nil {
+		return nil, types.ErrNotRootlessNetns
+	}
+	return n.rootlessNetns.Info(), nil
+}
--- a/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_freebsd.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_freebsd.go
@ -3,6 +3,7 @@ package rootlessnetns
 import (
 	"errors"

+	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage/pkg/lockfile"
 )
@ -26,3 +27,7 @@ func (n *Netns) Teardown(nets int, toRun func() error) error {
 func (n *Netns) Run(lock *lockfile.LockFile, toRun func() error) error {
 	return ErrNotSupported
 }
+
+func (n *Netns) Info() *types.RootlessNetnsInfo {
+	return &types.RootlessNetnsInfo{}
+}
--- a/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_linux.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_linux.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"net"
 	"os"
 	"path/filepath"
 	"strconv"
@ -13,6 +14,7 @@ import (
 	"github.com/containers/common/libnetwork/pasta"
 	"github.com/containers/common/libnetwork/resolvconf"
 	"github.com/containers/common/libnetwork/slirp4netns"
+	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/netns"
 	"github.com/containers/common/pkg/systemd"
@ -51,6 +53,12 @@ type Netns struct {

 	// config contains containers.conf options.
 	config *config.Config
+
+	// ipAddresses used in the netns, this is needed to store
+	// the netns ips that are used by pasta. This is then handed
+	// back to the caller via IPAddresses() which then can make
+	// sure to not use them for host.containers.internal.
+	ipAddresses []net.IP
 }

 type rootlessNetnsError struct {
@ -521,7 +529,24 @@ func (n *Netns) runInner(toRun func() error) (err error) {
 		if err := n.setupMounts(); err != nil {
 			return err
 		}
-		return toRun()
+		if err := toRun(); err != nil {
+			return err
+		}
+
+		// get the current active addresses in the netns, and store them
+		addrs, err := net.InterfaceAddrs()
+		if err != nil {
+			return err
+		}
+		ips := make([]net.IP, 0, len(addrs))
+		for _, addr := range addrs {
+			// make sure to skip localhost and other special addresses
+			if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.IsGlobalUnicast() {
+				ips = append(ips, ipnet.IP)
+			}
+		}
+		n.ipAddresses = ips
+		return nil
 	})
 }

@ -597,6 +622,14 @@ func (n *Netns) Run(lock *lockfile.LockFile, toRun func() error) error {
 	return inErr
 }

+// IPAddresses returns the currently used ip addresses in the netns
+// These should then not be assigned for the host.containers.internal entry.
+func (n *Netns) Info() *types.RootlessNetnsInfo {
+	return &types.RootlessNetnsInfo{
+		IPAddresses: n.ipAddresses,
+	}
+}
+
 func refCount(dir string, inc int) (int, error) {
 	file := filepath.Join(dir, refCountFile)
 	content, err := os.ReadFile(file)
--- a/vendor/github.com/containers/common/libnetwork/netavark/run.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/run.go
@ -187,3 +187,10 @@ func (n *netavarkNetwork) RunInRootlessNetns(toRun func() error) error {
 	}
 	return n.rootlessNetns.Run(n.lock, toRun)
 }
+
+func (n *netavarkNetwork) RootlessNetnsInfo() (*types.RootlessNetnsInfo, error) {
+	if n.rootlessNetns == nil {
+		return nil, types.ErrNotRootlessNetns
+	}
+	return n.rootlessNetns.Info(), nil
+}
--- a/vendor/github.com/containers/common/libnetwork/types/network.go
+++ b/vendor/github.com/containers/common/libnetwork/types/network.go
@ -31,6 +31,11 @@ type ContainerNetwork interface {
 	// Only used as rootless and should return an error as root.
 	RunInRootlessNetns(toRun func() error) error

+	// RootlessNetnsInfo return extra information about the rootless netns.
+	// Only valid when called after Setup().
+	// Only used as rootless and should return an error as root.
+	RootlessNetnsInfo() (*RootlessNetnsInfo, error)
+
 	// Drivers will return the list of supported network drivers
 	// for this interface.
 	Drivers() []string
@ -334,6 +339,11 @@ type TeardownOptions struct {
 	NetworkOptions
 }

+type RootlessNetnsInfo struct {
+	// IPAddresses used in the netns, must not be used for host.containers.internal
+	IPAddresses []net.IP
+}
+
 // FilterFunc can be passed to NetworkList to filter the networks.
 type FilterFunc func(Network) bool

--- a/vendor/github.com/containers/common/pkg/secrets/secrets.go
+++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go
@ -218,11 +218,12 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti
 	}

 	if options.Replace {
-		if err := driver.Delete(secr.ID); err != nil && !errors.Is(err, define.ErrNoSuchSecret) {
-			return "", fmt.Errorf("deleting secret %s: %w", secr.ID, err)
-		}
-
-		if err == nil {
+		err := driver.Delete(secr.ID)
+		if err != nil {
+			if !errors.Is(err, define.ErrNoSuchSecret) {
+				return "", fmt.Errorf("deleting driver secret %s: %w", secr.ID, err)
+			}
+		} else {
 			if err := s.delete(secr.ID); err != nil && !errors.Is(err, define.ErrNoSuchSecret) {
 				return "", fmt.Errorf("deleting secret %s: %w", secr.ID, err)
 			}