use rootless netns from c/common

Use the new rootlessnetns logic from c/common, drop the podman code here and make use of the new much simpler API. ref: https://github.com/containers/common/pull/1761 [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-12-03 11:49:18 +08:00 · 2023-11-24 18:00:24 +01:00
parent 605a29a714
commit a687c38860
38 changed files with 1171 additions and 1072 deletions
--- a/vendor/github.com/containers/common/libnetwork/netavark/exec.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/exec.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"os/exec"
 	"strconv"
+	"strings"

 	"github.com/sirupsen/logrus"
 )
@@ -79,6 +80,15 @@ func getRustLogEnv() string {
 func (n *netavarkNetwork) execNetavark(args []string, needPlugin bool, stdin, result interface{}) error {
 	// set the netavark log level to the same as the podman
 	env := append(os.Environ(), getRustLogEnv())
+	// Netavark need access to iptables in $PATH. As it turns out debian doesn't put
+	// /usr/sbin in $PATH for rootless users. This will break rootless networking completely.
+	// We might break existing users and we cannot expect everyone to change their $PATH so
+	// let's add /usr/sbin to $PATH ourselves.
+	path := os.Getenv("PATH")
+	if !strings.Contains(path, "/usr/sbin") {
+		path += ":/usr/sbin"
+		env = append(env, "PATH="+path)
+	}
 	// if we run with debug log level lets also set RUST_BACKTRACE=1 so we can get the full stack trace in case of panics
 	if logrus.IsLevelEnabled(logrus.DebugLevel) {
 		env = append(env, "RUST_BACKTRACE=1")