Merge pull request #16580 from giuseppe/specgen-support-cdi-devices

specgen: support CDI devices from containers.conf
2025-08-06 19:44:14 +08:00 · 2022-11-28 06:36:33 -05:00
parent c1db4f85ae 5d26628df6
commit ab7f6095a1
13 changed files with 64 additions and 18 deletions
--- a/vendor/github.com/containers/common/libnetwork/cni/config.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/config.go
@ -36,6 +36,9 @@ func (n *cniNetwork) NetworkCreate(net types.Network) (types.Network, error) {
 // networkCreate will fill out the given network struct and return the new network entry.
 // If defaultNet is true it will not validate against used subnets and it will not write the cni config to disk.
 func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (*network, error) {
+	if len(newNetwork.NetworkDNSServers) > 0 {
+		return nil, fmt.Errorf("NetworkDNSServers cannot be configured for backend CNI: %w", types.ErrInvalidArg)
+	}
 	// if no driver is set use the default one
 	if newNetwork.Driver == "" {
 		newNetwork.Driver = types.DefaultNetworkDriver
--- a/vendor/github.com/containers/common/libnetwork/netavark/config.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/config.go
@ -137,6 +137,17 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 	// when we do not have ipam we must disable dns
 	internalutil.IpamNoneDisableDNS(newNetwork)

+	// process NetworkDNSServers
+	if len(newNetwork.NetworkDNSServers) > 0 && !newNetwork.DNSEnabled {
+		return nil, fmt.Errorf("Cannot set NetworkDNSServers if DNS is not enabled for the network: %w", types.ErrInvalidArg)
+	}
+	// validate ip address
+	for _, dnsServer := range newNetwork.NetworkDNSServers {
+		if net.ParseIP(dnsServer) == nil {
+			return nil, fmt.Errorf("Unable to parse ip %s specified in NetworkDNSServers: %w", dnsServer, types.ErrInvalidArg)
+		}
+	}
+
 	// add gateway when not internal or dns enabled
 	addGateway := !newNetwork.Internal || newNetwork.DNSEnabled
 	err = internalutil.ValidateSubnets(newNetwork, addGateway, usedNetworks)
--- a/vendor/github.com/containers/common/libnetwork/types/network.go
+++ b/vendor/github.com/containers/common/libnetwork/types/network.go
@ -56,6 +56,10 @@ type Network struct {
 	// DNSEnabled is whether name resolution is active for container on
 	// this Network. Only supported with the bridge driver.
 	DNSEnabled bool `json:"dns_enabled"`
+	// List of custom DNS server for podman's DNS resolver at network level,
+	// all the containers attached to this network will consider resolvers
+	// configured at network level.
+	NetworkDNSServers []string `json:"network_dns_servers,omitempty"`
 	// Labels is a set of key-value labels that have been applied to the
 	// Network.
 	Labels map[string]string `json:"labels,omitempty"`
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@ -214,6 +214,7 @@ type ContainersConfig struct {
 	UserNS string `toml:"userns,omitempty"`

 	// UserNSSize how many UIDs to allocate for automatically created UserNS
+	// Deprecated: no user of this field is known.
 	UserNSSize int `toml:"userns_size,omitempty,omitzero"`
 }

--- a/vendor/github.com/containers/common/pkg/config/config_local.go
+++ b/vendor/github.com/containers/common/pkg/config/config_local.go
@ -11,6 +11,7 @@ import (
 	"strings"
 	"syscall"

+	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 	units "github.com/docker/go-units"
 )

@ -57,6 +58,9 @@ func (c *EngineConfig) validatePaths() error {

 func (c *ContainersConfig) validateDevices() error {
 	for _, d := range c.Devices {
+		if cdi.IsQualifiedName(d) {
+			continue
+		}
 		_, _, _, err := Device(d)
 		if err != nil {
 			return err
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@ -244,12 +244,6 @@ default_sysctls = [
 #
 #userns = "host"

-# Number of UIDs to allocate for the automatic container creation.
-# UIDs are allocated from the "container" UIDs listed in
-# /etc/subuid & /etc/subgid
-#
-#userns_size = 65536
-
 # Default way to to create a UTS namespace for the container
 # Options are:
 # `private`        Create private UTS Namespace for the container.
--- a/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd
@ -212,12 +212,6 @@ default_sysctls = [
 #
 #userns = "host"

-# Number of UIDs to allocate for the automatic container creation.
-# UIDs are allocated from the "container" UIDs listed in
-# /etc/subuid & /etc/subgid
-#
-#userns_size = 65536
-
 # Default way to to create a UTS namespace for the container
 # Options are:
 # `private`        Create private UTS Namespace for the container.
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@ -158,6 +158,7 @@ const (
 	// DefaultShmSize is the default upper limit on the size of tmpfs mounts.
 	DefaultShmSize = "65536k"
 	// DefaultUserNSSize indicates the default number of UIDs allocated for user namespace within a container.
+	// Deprecated: no user of this field is known.
 	DefaultUserNSSize = 65536
 	// OCIBufSize limits maximum LogSizeMax.
 	OCIBufSize = 8192
@ -232,7 +233,7 @@ func DefaultConfig() (*Config, error) {
 			TZ:         "",
 			Umask:      "0022",
 			UTSNS:      "private",
-			UserNSSize: DefaultUserNSSize,
+			UserNSSize: DefaultUserNSSize, // Deprecated
 		},
 		Network: NetworkConfig{
 			DefaultNetwork:     "podman",