From 90d41104d9ea9ae36f6680d1b7e62ca592a8a29c Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Fri, 4 Dec 2020 13:35:00 -0500 Subject: [PATCH 1/2] Vendor in containers/common v0.30.0 Signed-off-by: Ashley Cui --- go.mod | 2 +- go.sum | 2 ++ vendor/github.com/containers/common/pkg/config/config.go | 4 ++++ .../github.com/containers/common/pkg/config/containers.conf | 5 +++++ vendor/github.com/containers/common/version/version.go | 2 +- vendor/modules.txt | 2 +- 6 files changed, 14 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e594930faf..9abfc6dc9a 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/containernetworking/cni v0.8.0 github.com/containernetworking/plugins v0.8.7 github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c - github.com/containers/common v0.29.0 + github.com/containers/common v0.30.0 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.8.1 github.com/containers/psgo v1.5.1 diff --git a/go.sum b/go.sum index 3a146c6173..44365d4424 100644 --- a/go.sum +++ b/go.sum @@ -95,6 +95,8 @@ github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c h1:vyc2iYz9b github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c/go.mod h1:B+0OkXUogxdwsEy4ax3a5/vDtJjL6vCisiV6frQZJ4A= github.com/containers/common v0.29.0 h1:hTMC+urdkk5bKfhL/OgCixIX5xjJgQ2l2jPG745ECFQ= github.com/containers/common v0.29.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA= +github.com/containers/common v0.30.0 h1:yKhrhnOxIymtMk+oLJMKEbG/VkYyU0DRJWSdCT0LhOY= +github.com/containers/common v0.30.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.8.1 h1:aHW8a/Kd0dTJ7PTL/fc6y12sJqHxWgqilu+XyHfjD8Q= diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 2769781f2b..6a44d353a7 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -268,6 +268,10 @@ type EngineConfig struct { // NetworkCmdPath is the path to the slirp4netns binary. NetworkCmdPath string `toml:"network_cmd_path,omitempty"` + // NetworkCmdOptions is the default options to pass to the slirp4netns binary. + // For example "allow_host_loopback=true" + NetworkCmdOptions []string `toml:"network_cmd_options,omitempty"` + // NoPivotRoot sets whether to set no-pivot-root in the OCI runtime. NoPivotRoot bool `toml:"no_pivot_root,omitempty"` diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index ed7c919311..5b5d3f9b68 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -348,6 +348,11 @@ default_sysctls = [ # # network_cmd_path="" +# Default options to pass to the slirp4netns binary. +# For example "allow_host_loopback=true" +# +# network_cmd_options=[] + # Whether to use chroot instead of pivot_root in the runtime # # no_pivot_root = false diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 72f4e00f7f..141168961f 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.29.0" +const Version = "0.30.0" diff --git a/vendor/modules.txt b/vendor/modules.txt index 19a87d31d9..43c8ebb953 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -86,7 +86,7 @@ github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/util -# github.com/containers/common v0.29.0 +# github.com/containers/common v0.30.0 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/apparmor/internal/supported github.com/containers/common/pkg/auth From d6d3af9e8ebda9229a5d92d71c66e416c3f99a91 Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Fri, 4 Dec 2020 13:37:22 -0500 Subject: [PATCH 2/2] Add ability to set system wide options for slirp4netns Wire in containers.conf options for slirp Signed-off-by: Ashley Cui --- libpod/networking_linux.go | 119 ++++++++++++++++--------------- test/e2e/config/containers.conf | 4 ++ test/e2e/containers_conf_test.go | 7 ++ 3 files changed, 71 insertions(+), 59 deletions(-) diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 15e470c80c..463378af75 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -245,7 +245,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { // setupSlirp4netns can be called in rootful as well as in rootless func (r *Runtime) setupSlirp4netns(ctr *Container) error { path := r.config.Engine.NetworkCmdPath - + slirpOptions := r.config.Engine.NetworkCmdOptions if path == "" { var err error path, err = exec.LookPath("slirp4netns") @@ -273,68 +273,69 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error { outboundAddr6 := "" if ctr.config.NetworkOptions != nil { - slirpOptions := ctr.config.NetworkOptions["slirp4netns"] - for _, o := range slirpOptions { - parts := strings.SplitN(o, "=", 2) - if len(parts) < 2 { - return errors.Errorf("unknown option for slirp4netns: %q", o) + slirpOptions = append(slirpOptions, ctr.config.NetworkOptions["slirp4netns"]...) + } + + for _, o := range slirpOptions { + parts := strings.SplitN(o, "=", 2) + if len(parts) < 2 { + return errors.Errorf("unknown option for slirp4netns: %q", o) + } + option, value := parts[0], parts[1] + switch option { + case "cidr": + ipv4, _, err := net.ParseCIDR(value) + if err != nil || ipv4.To4() == nil { + return errors.Errorf("invalid cidr %q", value) } - option, value := parts[0], parts[1] - switch option { - case "cidr": - ipv4, _, err := net.ParseCIDR(value) - if err != nil || ipv4.To4() == nil { - return errors.Errorf("invalid cidr %q", value) - } - cidr = value - case "port_handler": - switch value { - case "slirp4netns": - isSlirpHostForward = true - case "rootlesskit": - isSlirpHostForward = false - default: - return errors.Errorf("unknown port_handler for slirp4netns: %q", value) - } - case "allow_host_loopback": - switch value { - case "true": - disableHostLoopback = false - case "false": - disableHostLoopback = true - default: - return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value) - } - case "enable_ipv6": - switch value { - case "true": - enableIPv6 = true - case "false": - enableIPv6 = false - default: - return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value) - } - case "outbound_addr": - ipv4 := net.ParseIP(value) - if ipv4 == nil || ipv4.To4() == nil { - _, err := net.InterfaceByName(value) - if err != nil { - return errors.Errorf("invalid outbound_addr %q", value) - } + cidr = value + case "port_handler": + switch value { + case "slirp4netns": + isSlirpHostForward = true + case "rootlesskit": + isSlirpHostForward = false + default: + return errors.Errorf("unknown port_handler for slirp4netns: %q", value) + } + case "allow_host_loopback": + switch value { + case "true": + disableHostLoopback = false + case "false": + disableHostLoopback = true + default: + return errors.Errorf("invalid value of allow_host_loopback for slirp4netns: %q", value) + } + case "enable_ipv6": + switch value { + case "true": + enableIPv6 = true + case "false": + enableIPv6 = false + default: + return errors.Errorf("invalid value of enable_ipv6 for slirp4netns: %q", value) + } + case "outbound_addr": + ipv4 := net.ParseIP(value) + if ipv4 == nil || ipv4.To4() == nil { + _, err := net.InterfaceByName(value) + if err != nil { + return errors.Errorf("invalid outbound_addr %q", value) } - outboundAddr = value - case "outbound_addr6": - ipv6 := net.ParseIP(value) - if ipv6 == nil || ipv6.To4() != nil { - _, err := net.InterfaceByName(value) - if err != nil { - return errors.Errorf("invalid outbound_addr6: %q", value) - } + } + outboundAddr = value + case "outbound_addr6": + ipv6 := net.ParseIP(value) + if ipv6 == nil || ipv6.To4() != nil { + _, err := net.InterfaceByName(value) + if err != nil { + return errors.Errorf("invalid outbound_addr6: %q", value) } - outboundAddr6 = value - default: - return errors.Errorf("unknown option for slirp4netns: %q", o) } + outboundAddr6 = value + default: + return errors.Errorf("unknown option for slirp4netns: %q", o) } } diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf index 5f852468df..35153ba054 100644 --- a/test/e2e/config/containers.conf +++ b/test/e2e/config/containers.conf @@ -52,3 +52,7 @@ dns_options=[ "debug", ] tz = "Pacific/Honolulu" umask = "0002" + +[engine] + +network_cmd_options=["allow_host_loopback=true"] diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 866162f7f3..28672cfc60 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -258,6 +258,12 @@ var _ = Describe("Podman run", func() { Expect(session.OutputToString()).To(Equal("0002")) }) + It("podman set network cmd options slirp options to allow host loopback", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "ping", "-c1", "10.0.2.2"}) + session.Wait(30) + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman-remote test localcontainers.conf versus remote containers.conf", func() { if !IsRemote() { Skip("this test is only for remote") @@ -311,4 +317,5 @@ var _ = Describe("Podman run", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal("0022")) }) + })