From d7335855d7b995b1f294fcd875f12cd7d5d244b4 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Wed, 18 Sep 2024 14:18:30 +0200 Subject: [PATCH] allow exposed sctp ports There is no reason to disallow exposed sctp ports at all. As root we can publish them find and as rootless it should error later anyway. And for the case mentioned in the issue it doesn't make sense as the port is not even published thus it is just part of the metadata which is totally in all cases. Fixes #23911 Signed-off-by: Paul Holzinger --- pkg/specgen/generate/ports.go | 9 +++------ test/e2e/container_inspect_test.go | 6 +++--- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go index 9caefac367..0ff3eadbe3 100644 --- a/pkg/specgen/generate/ports.go +++ b/pkg/specgen/generate/ports.go @@ -158,7 +158,7 @@ func ParsePortMapping(portMappings []types.PortMapping, exposePorts map[uint16][ // First, we need to validate the ports passed in the specgen for _, port := range portMappings { // First, check proto - protocols, err := checkProtocol(port.Protocol, true) + protocols, err := checkProtocol(port.Protocol) if err != nil { return nil, err } @@ -355,7 +355,7 @@ func createPortMappings(s *specgen.SpecGenerator, imageData *libimage.ImageData) if port == 0 { return nil, nil, fmt.Errorf("cannot expose 0 as it is not a valid port number") } - protocols, err := checkProtocol(proto, false) + protocols, err := checkProtocol(proto) if err != nil { return nil, nil, fmt.Errorf("validating protocols for exposed port %d: %w", port, err) } @@ -376,7 +376,7 @@ func createPortMappings(s *specgen.SpecGenerator, imageData *libimage.ImageData) } // Check a string to ensure it is a comma-separated set of valid protocols -func checkProtocol(protocol string, allowSCTP bool) ([]string, error) { +func checkProtocol(protocol string) ([]string, error) { protocols := make(map[string]struct{}) splitProto := strings.Split(protocol, ",") // Don't error on duplicates - just deduplicate @@ -388,9 +388,6 @@ func checkProtocol(protocol string, allowSCTP bool) ([]string, error) { case protoUDP: protocols[protoUDP] = struct{}{} case protoSCTP: - if !allowSCTP { - return nil, fmt.Errorf("protocol SCTP is not allowed for exposed ports") - } protocols[protoSCTP] = struct{}{} default: return nil, fmt.Errorf("unrecognized protocol %q in port mapping", p) diff --git a/test/e2e/container_inspect_test.go b/test/e2e/container_inspect_test.go index 120f8ae4a5..00bd21db7f 100644 --- a/test/e2e/container_inspect_test.go +++ b/test/e2e/container_inspect_test.go @@ -29,19 +29,19 @@ var _ = Describe("Podman container inspect", func() { It("podman inspect shows exposed ports", func() { name := "testcon" - session := podmanTest.Podman([]string{"run", "-d", "--stop-timeout", "0", "--expose", "8787/udp", "--name", name, ALPINE, "sleep", "100"}) + session := podmanTest.Podman([]string{"run", "-d", "--stop-timeout", "0", "--expose", "8787/udp", "--expose", "99/sctp", "--name", name, ALPINE, "sleep", "100"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) data := podmanTest.InspectContainer(name) Expect(data).To(HaveLen(1)) Expect(data[0].NetworkSettings.Ports). - To(Equal(map[string][]define.InspectHostPort{"8787/udp": nil})) + To(Equal(map[string][]define.InspectHostPort{"8787/udp": nil, "99/sctp": nil})) session = podmanTest.Podman([]string{"ps", "--format", "{{.Ports}}"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(Equal("8787/udp")) + Expect(session.OutputToString()).To(Equal("99/sctp, 8787/udp")) }) It("podman inspect shows exposed ports on image", func() {