Merge pull request containers#8489 from ashley-cui/commonslirp

 Add ability to set system wide options for slirp4netns

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/containernetworking/cni v0.8.0
 	github.com/containernetworking/plugins v0.8.7
 	github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c
-	github.com/containers/common v0.29.0
+	github.com/containers/common v0.30.0
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.8.1
 	github.com/containers/psgo v1.5.1

go.sum

@@ -95,6 +95,8 @@ github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c h1:vyc2iYz9b
 github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c/go.mod h1:B+0OkXUogxdwsEy4ax3a5/vDtJjL6vCisiV6frQZJ4A=
 github.com/containers/common v0.29.0 h1:hTMC+urdkk5bKfhL/OgCixIX5xjJgQ2l2jPG745ECFQ=
 github.com/containers/common v0.29.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
+github.com/containers/common v0.30.0 h1:yKhrhnOxIymtMk+oLJMKEbG/VkYyU0DRJWSdCT0LhOY=
+github.com/containers/common v0.30.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.8.1 h1:aHW8a/Kd0dTJ7PTL/fc6y12sJqHxWgqilu+XyHfjD8Q=

libpod/networking_linux.go

@@ -245,7 +245,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 // setupSlirp4netns can be called in rootful as well as in rootless
 func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	path := r.config.Engine.NetworkCmdPath
-
+	slirpOptions := r.config.Engine.NetworkCmdOptions
 	if path == "" {
 		var err error
 		path, err = exec.LookPath("slirp4netns")
@@ -273,68 +273,69 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	outboundAddr6 := ""
 
 	if ctr.config.NetworkOptions != nil {
-		slirpOptions := ctr.config.NetworkOptions["slirp4netns"]
-		for _, o := range slirpOptions {
-			parts := strings.SplitN(o, "=", 2)
-			if len(parts) < 2 {
-				return errors.Errorf("unknown option for slirp4netns: %q", o)
+		slirpOptions = append(slirpOptions, ctr.config.NetworkOptions["slirp4netns"]...)
+	}
+
+	for _, o := range slirpOptions {
+		parts := strings.SplitN(o, "=", 2)
+		if len(parts) < 2 {
+			return errors.Errorf("unknown option for slirp4netns: %q", o)
+		}
+		option, value := parts[0], parts[1]
+		switch option {
+		case "cidr":
+			ipv4, _, err := net.ParseCIDR(value)
+			if err != nil || ipv4.To4() == nil {
+				return errors.Errorf("invalid cidr %q", value)
 			}
-			option, value := parts[0], parts[1]
-			switch option {
-			case "cidr":
-				ipv4, _, err := net.ParseCIDR(value)
-				if err != nil || ipv4.To4() == nil {
-					return errors.Errorf("invalid cidr %q", value)
-				}
-				cidr = value
-			case "port_handler":
-				switch value {
-				case "slirp4netns":
-					isSlirpHostForward = true
-				case "rootlesskit":
-					isSlirpHostForward = false
-				default:
-					return errors.Errorf("unknown port_handler for slirp4netns: %q", value)
-				}
-			case "allow_host_loopback":
-				switch value {
-				case "true":
-					disableHostLoopback = false
-				case "false":
-					disableHostLoopback = true
-				default:
-					return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value)
-				}
-			case "enable_ipv6":
-				switch value {
-				case "true":
-					enableIPv6 = true
-				case "false":
-					enableIPv6 = false
-				default:
-					return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value)
-				}
-			case "outbound_addr":
-				ipv4 := net.ParseIP(value)
-				if ipv4 == nil || ipv4.To4() == nil {
-					_, err := net.InterfaceByName(value)
-					if err != nil {
-						return errors.Errorf("invalid outbound_addr %q", value)
-					}
+			cidr = value
+		case "port_handler":
+			switch value {
+			case "slirp4netns":
+				isSlirpHostForward = true
+			case "rootlesskit":
+				isSlirpHostForward = false
+			default:
+				return errors.Errorf("unknown port_handler for slirp4netns: %q", value)
+			}
+		case "allow_host_loopback":
+			switch value {
+			case "true":
+				disableHostLoopback = false
+			case "false":
+				disableHostLoopback = true
+			default:
+				return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value)
+			}
+		case "enable_ipv6":
+			switch value {
+			case "true":
+				enableIPv6 = true
+			case "false":
+				enableIPv6 = false
+			default:
+				return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value)
+			}
+		case "outbound_addr":
+			ipv4 := net.ParseIP(value)
+			if ipv4 == nil || ipv4.To4() == nil {
+				_, err := net.InterfaceByName(value)
+				if err != nil {
+					return errors.Errorf("invalid outbound_addr %q", value)
 				}
-				outboundAddr = value
-			case "outbound_addr6":
-				ipv6 := net.ParseIP(value)
-				if ipv6 == nil || ipv6.To4() != nil {
-					_, err := net.InterfaceByName(value)
-					if err != nil {
-						return errors.Errorf("invalid outbound_addr6: %q", value)
-					}
+			}
+			outboundAddr = value
+		case "outbound_addr6":
+			ipv6 := net.ParseIP(value)
+			if ipv6 == nil || ipv6.To4() != nil {
+				_, err := net.InterfaceByName(value)
+				if err != nil {
+					return errors.Errorf("invalid outbound_addr6: %q", value)
 				}
-				outboundAddr6 = value
-			default:
-				return errors.Errorf("unknown option for slirp4netns: %q", o)
 			}
+			outboundAddr6 = value
+		default:
+			return errors.Errorf("unknown option for slirp4netns: %q", o)
 		}
 	}
 

test/e2e/config/containers.conf

@@ -52,3 +52,7 @@ dns_options=[ "debug", ]
 tz = "Pacific/Honolulu"
 
 umask = "0002"
+
+[engine]
+
+network_cmd_options=["allow_host_loopback=true"]

test/e2e/containers_conf_test.go

@@ -258,6 +258,12 @@ var _ = Describe("Podman run", func() {
 		Expect(session.OutputToString()).To(Equal("0002"))
 	})
 
+	It("podman set network cmd options slirp options to allow host loopback", func() {
+		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "ping", "-c1", "10.0.2.2"})
+		session.Wait(30)
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
 	It("podman-remote test localcontainers.conf versus remote containers.conf", func() {
 		if !IsRemote() {
 			Skip("this test is only for remote")
@@ -311,4 +317,5 @@ var _ = Describe("Podman run", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.OutputToString()).To(Equal("0022"))
 	})
+
 })

vendor/modules.txt

@@ -86,7 +86,7 @@ github.com/containers/buildah/pkg/parse
 github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/supplemented
 github.com/containers/buildah/util
-# github.com/containers/common v0.29.0
+# github.com/containers/common v0.30.0
 github.com/containers/common/pkg/apparmor
 github.com/containers/common/pkg/apparmor/internal/supported
 github.com/containers/common/pkg/auth