Aardvark-dns and netavark now accepts custom DNS servers for containers
via new config field `dns_servers`. New field allows containers to use
custom resolvers instead of host's default resolvers.
Following commit instruments libpod to pass these custom DNS servers set
via `--dns` or central config to the network stack.
Depends-on:
* Common: containers/common#1189
* Netavark: containers/netavark#452
* Aardvark-dns: containers/aardvark-dns#240
Signed-off-by: Aditya R <arajan@redhat.com>
This should simplify the db logic. We no longer need a extra db bucket
for the netns, it is still supported in read only mode for backwards
compat. The old version required us to always open the netns before we
could attach it to the container state struct which caused problem in
some cases were the netns was no longer valid.
Now we use the netns as string throughout the code, this allow us to
only open it when needed reducing possible errors.
[NO NEW TESTS NEEDED] Existing tests should cover it and it is only a
flake so hard to reproduce the error.
Fixes#16140
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should have done this much earlier, most of the times CNI networks
just mean networks so I changed this and also fixed some function
names. This should make it more clear what actually refers to CNI and
what is just general network backend stuff.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Conceptually equivalent to networking by means of slirp4netns(1),
with a few practical differences:
- pasta(1) forks to background once networking is configured in the
namespace and quits on its own once the namespace is deleted:
file descriptor synchronisation and PID tracking are not needed
- port forwarding is configured via command line options at start-up,
instead of an API socket: this is taken care of right away as we're
about to start pasta
- there's no need for further selection of port forwarding modes:
pasta behaves similarly to containers-rootlessport for local binds
(splice() instead of read()/write() pairs, without L2-L4
translation), and keeps the original source address for non-local
connections like slirp4netns does
- IPv6 is not an experimental feature, and enabled by default. IPv6
port forwarding is supported
- by default, addresses and routes are copied from the host, that is,
container users will see the same IP address and routes as if they
were in the init namespace context. The interface name is also
sourced from the host upstream interface with the first default
route in the routing table. This is also configurable as documented
- sandboxing and seccomp(2) policies cannot be disabled
- only rootless mode is supported.
See https://passt.top for more details about pasta.
Also add a link to the maintained build of pasta(1) manual as valid
in the man page cross-reference checks: that's where the man page
for the latest build actually is -- it's not on Github and it doesn't
match any existing pattern, so add it explicitly.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This also moves Runtime methods ConnectContainerToNetwork and
DisconnectContainerFromNetwork as well as support functions
getFreeInterfaceName and normalizeNetworkName.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
libpod: Move (Connect|Disconnect)Container(To|From)Network and normalizeNetworkName to networking_common.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
