Vendor c/common

Vendor c/common@main

Signed-off-by: Ashley Cui <acui@redhat.com>

vendor/github.com/containers/common/libnetwork/netavark/exec.go

@@ -86,6 +86,9 @@ func (n *netavarkNetwork) execNetavark(args []string, needPlugin bool, stdin, re
 	if n.dnsBindPort != 0 {
 		env = append(env, "NETAVARK_DNS_PORT="+strconv.Itoa(int(n.dnsBindPort)))
 	}
+	if n.firewallDriver != "" {
+		env = append(env, "NETAVARK_FW="+n.firewallDriver)
+	}
 	return n.execBinary(n.netavarkBinary, append(n.getCommonNetavarkOptions(needPlugin), args...), stdin, result, env)
 }
 

vendor/github.com/containers/common/libnetwork/netavark/network.go

@@ -36,6 +36,9 @@ type netavarkNetwork struct {
 	// aardvarkBinary is the path to the aardvark binary.
 	aardvarkBinary string
 
+	// firewallDriver sets the firewall driver to use
+	firewallDriver string
+
 	// defaultNetwork is the name for the default network.
 	defaultNetwork string
 	// defaultSubnet is the default subnet for the default network.
@@ -79,6 +82,9 @@ type InitConfig struct {
 	// NetworkRunDir is where temporary files are stored, i.e.the ipam db, aardvark config
 	NetworkRunDir string
 
+	// FirewallDriver sets the firewall driver to use
+	FirewallDriver string
+
 	// DefaultNetwork is the name for the default network.
 	DefaultNetwork string
 	// DefaultSubnet is the default subnet for the default network.
@@ -146,6 +152,7 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		aardvarkBinary:     conf.AardvarkBinary,
 		networkRootless:    unshare.IsRootless(),
 		ipamDBPath:         filepath.Join(conf.NetworkRunDir, "ipam.db"),
+		firewallDriver:     conf.FirewallDriver,
 		defaultNetwork:     defaultNetworkName,
 		defaultSubnet:      defaultNet,
 		defaultsubnetPools: defaultSubnetPools,

vendor/github.com/containers/common/libnetwork/network/interface.go

@@ -82,6 +82,7 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 			NetavarkBinary:     netavarkBin,
 			AardvarkBinary:     aardvarkBin,
 			PluginDirs:         conf.Network.NetavarkPluginDirs.Get(),
+			FirewallDriver:     conf.Network.FirewallDriver,
 			DefaultNetwork:     conf.Network.DefaultNetwork,
 			DefaultSubnet:      conf.Network.DefaultSubnet,
 			DefaultsubnetPools: conf.Network.DefaultSubnetPools,

vendor/github.com/containers/common/pkg/config/config.go

@@ -567,6 +567,9 @@ type NetworkConfig struct {
 	// NetavarkPluginDirs is a list of directories which contain netavark plugins.
 	NetavarkPluginDirs attributedstring.Slice `toml:"netavark_plugin_dirs,omitempty"`
 
+	// FirewallDriver is the firewall driver to be used
+	FirewallDriver string `toml:"firewall_driver,omitempty"`
+
 	// DefaultNetwork is the network name of the default network
 	// to attach pods to.
 	DefaultNetwork string `toml:"default_network,omitempty"`

vendor/github.com/containers/common/pkg/config/config_darwin.go

@@ -32,6 +32,8 @@ func ifRootlessConfigPath() (string, error) {
 }
 
 var defaultHelperBinariesDir = []string{
+	// Relative to the binary directory
+	"$BINDIR/../libexec/podman",
 	// Homebrew install paths
 	"/usr/local/opt/podman/libexec/podman",
 	"/opt/homebrew/opt/podman/libexec/podman",
@@ -42,6 +44,4 @@ var defaultHelperBinariesDir = []string{
 	"/usr/local/lib/podman",
 	"/usr/libexec/podman",
 	"/usr/lib/podman",
-	// Relative to the binary directory
-	"$BINDIR/../libexec/podman",
 }

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -340,6 +340,14 @@ default_sysctls = [
 #  "/usr/lib/netavark",
 #]
 
+# The firewall driver to be used by netavark.
+# The default is empty which means netavark will pick one accordingly. Current supported 
+# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
+# experimental at the moment and not recommend outside of testing). In the future we are
+# planning to add support for a "nftables" driver.
+#firewall_driver = ""
+
+
 # The network name of the default network to attach pods to.
 #
 #default_network = "podman"

vendor/github.com/containers/common/pkg/config/default.go

@@ -253,6 +253,7 @@ func defaultConfig() (*Config, error) {
 			Volumes:             attributedstring.Slice{},
 		},
 		Network: NetworkConfig{
+			FirewallDriver:            "",
 			DefaultNetwork:            "podman",
 			DefaultSubnet:             DefaultSubnet,
 			DefaultSubnetPools:        DefaultSubnetPools,
@@ -339,7 +340,8 @@ func defaultEngineConfig() (*EngineConfig, error) {
 
 	c.HelperBinariesDir.Set(defaultHelperBinariesDir)
 	if additionalHelperBinariesDir != "" {
-		c.HelperBinariesDir.Set(append(c.HelperBinariesDir.Get(), additionalHelperBinariesDir))
+		// Prioritize addtionalHelperBinariesDir over defaults.
+		c.HelperBinariesDir.Set(append([]string{additionalHelperBinariesDir}, c.HelperBinariesDir.Get()...))
 	}
 	c.HooksDir.Set(DefaultHooksDirs)
 	c.ImageDefaultTransport = _defaultTransport