mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 02:35:43 +08:00 
			
		
		
		
	 aa47e05ae4
			
		
	
	aa47e05ae4
	
	
	
		
			
			Conceptually equivalent to networking by means of slirp4netns(1), with a few practical differences: - pasta(1) forks to background once networking is configured in the namespace and quits on its own once the namespace is deleted: file descriptor synchronisation and PID tracking are not needed - port forwarding is configured via command line options at start-up, instead of an API socket: this is taken care of right away as we're about to start pasta - there's no need for further selection of port forwarding modes: pasta behaves similarly to containers-rootlessport for local binds (splice() instead of read()/write() pairs, without L2-L4 translation), and keeps the original source address for non-local connections like slirp4netns does - IPv6 is not an experimental feature, and enabled by default. IPv6 port forwarding is supported - by default, addresses and routes are copied from the host, that is, container users will see the same IP address and routes as if they were in the init namespace context. The interface name is also sourced from the host upstream interface with the first default route in the routing table. This is also configurable as documented - sandboxing and seccomp(2) policies cannot be disabled - only rootless mode is supported. See https://passt.top for more details about pasta. Also add a link to the maintained build of pasta(1) manual as valid in the man page cross-reference checks: that's where the man page for the latest build actually is -- it's not on Github and it doesn't match any existing pattern, so add it explicitly. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
		
			
				
	
	
		
			91 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			91 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package specgen
 | |
| 
 | |
| import (
 | |
| 	"errors"
 | |
| 	"fmt"
 | |
| 
 | |
| 	"github.com/containers/podman/v4/pkg/util"
 | |
| )
 | |
| 
 | |
| var (
 | |
| 	// ErrInvalidPodSpecConfig describes an error given when the podspecgenerator is invalid
 | |
| 	ErrInvalidPodSpecConfig = errors.New("invalid pod spec")
 | |
| 	// containerConfig has the default configurations defined in containers.conf
 | |
| 	containerConfig = util.DefaultContainerConfig()
 | |
| )
 | |
| 
 | |
| func exclusivePodOptions(opt1, opt2 string) error {
 | |
| 	return fmt.Errorf("%s and %s are mutually exclusive pod options: %w", opt1, opt2, ErrInvalidPodSpecConfig)
 | |
| }
 | |
| 
 | |
| // Validate verifies the input is valid
 | |
| func (p *PodSpecGenerator) Validate() error {
 | |
| 	// PodBasicConfig
 | |
| 	if p.NoInfra {
 | |
| 		if len(p.InfraCommand) > 0 {
 | |
| 			return exclusivePodOptions("NoInfra", "InfraCommand")
 | |
| 		}
 | |
| 		if len(p.InfraImage) > 0 {
 | |
| 			return exclusivePodOptions("NoInfra", "InfraImage")
 | |
| 		}
 | |
| 		if len(p.InfraName) > 0 {
 | |
| 			return exclusivePodOptions("NoInfra", "InfraName")
 | |
| 		}
 | |
| 		if len(p.SharedNamespaces) > 0 {
 | |
| 			return exclusivePodOptions("NoInfra", "SharedNamespaces")
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	// PodNetworkConfig
 | |
| 	if err := validateNetNS(&p.NetNS); err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	if p.NoInfra {
 | |
| 		if p.NetNS.NSMode != Default && p.NetNS.NSMode != "" {
 | |
| 			return errors.New("NoInfra and network modes cannot be used together")
 | |
| 		}
 | |
| 		// Note that networks might be set when --ip or --mac was set
 | |
| 		// so we need to check that no networks are set without the infra
 | |
| 		if len(p.Networks) > 0 {
 | |
| 			return errors.New("cannot set networks options without infra container")
 | |
| 		}
 | |
| 		if len(p.DNSOption) > 0 {
 | |
| 			return exclusivePodOptions("NoInfra", "DNSOption")
 | |
| 		}
 | |
| 		if len(p.DNSSearch) > 0 {
 | |
| 			return exclusivePodOptions("NoInfo", "DNSSearch")
 | |
| 		}
 | |
| 		if len(p.DNSServer) > 0 {
 | |
| 			return exclusivePodOptions("NoInfra", "DNSServer")
 | |
| 		}
 | |
| 		if len(p.HostAdd) > 0 {
 | |
| 			return exclusivePodOptions("NoInfra", "HostAdd")
 | |
| 		}
 | |
| 		if p.NoManageResolvConf {
 | |
| 			return exclusivePodOptions("NoInfra", "NoManageResolvConf")
 | |
| 		}
 | |
| 	}
 | |
| 	if p.NetNS.NSMode != "" && p.NetNS.NSMode != Bridge && p.NetNS.NSMode != Slirp && p.NetNS.NSMode != Pasta && p.NetNS.NSMode != Default {
 | |
| 		if len(p.PortMappings) > 0 {
 | |
| 			return errors.New("PortMappings can only be used with Bridge, slirp4netns, or pasta networking")
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	if p.NoManageResolvConf {
 | |
| 		if len(p.DNSServer) > 0 {
 | |
| 			return exclusivePodOptions("NoManageResolvConf", "DNSServer")
 | |
| 		}
 | |
| 		if len(p.DNSSearch) > 0 {
 | |
| 			return exclusivePodOptions("NoManageResolvConf", "DNSSearch")
 | |
| 		}
 | |
| 		if len(p.DNSOption) > 0 {
 | |
| 			return exclusivePodOptions("NoManageResolvConf", "DNSOption")
 | |
| 		}
 | |
| 	}
 | |
| 	if p.NoManageHosts && len(p.HostAdd) > 0 {
 | |
| 		return exclusivePodOptions("NoManageHosts", "HostAdd")
 | |
| 	}
 | |
| 
 | |
| 	return nil
 | |
| }
 |