0eec16ce91
The rootlessport forwarder requires a child IP to be set. This must be a valid ip in the container network namespace. The problem is that after a network disconnect and connect the eth0 ip changed. Therefore the packages are dropped since the source ip does no longer exists in the netns. One solution is to set the child IP to 127.0.0.1, however this is a security problem. [1] To fix this we have to recreate the ports after network connect and disconnect. To make this work the rootlessport process exposes a socket where podman network connect/disconnect connect to and send to new child IP to rootlessport. The rootlessport process will remove all ports and recreate them with the new correct child IP. Also bump rootlesskit to v0.14.3 to fix a race with RemovePort(). Fixes #10052 [1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman Documentation
The online man pages and other documents regarding Podman can be found at Read The Docs. The man pages can be found under the Commands link on that page.
Build the Docs
Directory Structure
| Directory | |
|---|---|
| Markdown source for man pages | docs/source/markdown/ |
| man pages aliases as .so files | docs/source/markdown/links/ |
| restructured text for readthedocs.io | docs/rst/ |
| target for output | docs/build |
| man pages | docs/build/man |
| remote linux man pages | docs/build/remote/linux |
| remote darwin man pages | docs/build/remote/darwin |
| remote windows html pages | docs/build/remote/windows |
Support files
| docs/remote-docs.sh | Read the docs/source/markdown files and format for each platform |
| docs/links-to-html.lua | pandoc filter to do aliases for html files |
| docs/use-pagetitle.lua | pandoc filter to set html document title |
Manpage Syntax
The syntax for the formatting of all man pages can be found here.
API Reference
The latest online documentation is
automatically generated by two cooperating automation systems based on committed upstream
source code. Firstly, the Cirrus-CI docs task builds
pkg/api/swagger.yaml and uploads it to a public-facing location (Google Storage Bucket -
an online service for storing unstructured data). Second, Read The Docs
reacts to the github.com repository change, building the content for the libpod documentation
site. This site includes for the API section,
some javascript which consumes the uploaded swagger.yaml file directly from the Google
Storage Bucket.
Since there are multiple systems and local cache is involved, it's possible that updates to documentation (especially the swagger/API docs) will lag by 10-or-so minutes. However, because the client (i.e. your web browser) is fetching content from multiple locations that do not share a common domain, accessing the API section may show a stack-trace similar to the following:
If reloading the page, or clearing your local cache does not fix the problem, it is
likely caused by broken metadata needed to protect clients from cross-site-scripting
style attacks. Please notify a maintainer
so they may investigate how/why the swagger.yaml file's CORS-metadata is
incorrect, or the file isn't accessible for some other reason.
Local Testing
Assuming that you have the dependencies installed, then also install (showing Fedora in the example):
# dnf install python3-sphinx python3-recommonmark
# pip install sphinx-markdown-tables
After that completes, cd to the docs directory in your Podman sandbox and then do make html.
You can then preview the html files in docs/build/html with:
python -m http.server 8000 --directory build/html