Merge pull request #4629 from mheon/fix_indirect_netnsctr_lookup

Allow chained network namespace containers
2025-08-06 03:19:52 +08:00 · 2019-12-03 09:16:31 -08:00
parent 748de3c52c b0b9103cca
commit 5c3af009c6
2 changed files with 19 additions and 4 deletions
--- a/libpod/container.go
+++ b/libpod/container.go
@ -1146,7 +1146,7 @@ func (c *Container) NetworkDisabled() (bool, error) {
 		if err != nil {
 			return false, err
 		}
-		return networkDisabled(container)
+		return container.NetworkDisabled()
 	}
 	return networkDisabled(c)

--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@ -1016,9 +1016,24 @@ func (c *Container) makeBindMounts() error {
 			// We want /etc/resolv.conf and /etc/hosts from the
 			// other container. Unless we're not creating both of
 			// them.
-			depCtr, err := c.runtime.state.Container(c.config.NetNsCtr)
-			if err != nil {
-				return errors.Wrapf(err, "error fetching dependency %s of container %s", c.config.NetNsCtr, c.ID())
+			var (
+				depCtr  *Container
+				nextCtr string
+			)
+
+			// I don't like infinite loops, but I don't think there's
+			// a serious risk of looping dependencies - too many
+			// protections against that elsewhere.
+			nextCtr = c.config.NetNsCtr
+			for {
+				depCtr, err = c.runtime.state.Container(nextCtr)
+				if err != nil {
+					return errors.Wrapf(err, "error fetching dependency %s of container %s", c.config.NetNsCtr, c.ID())
+				}
+				nextCtr = depCtr.config.NetNsCtr
+				if nextCtr == "" {
+					break
+				}
 			}

 			// We need that container's bind mounts