From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH] contrib: Rebase Podman patch to latest upstream Date: Mon, 29 Aug 2022 17:57:45 +0200 Message-ID: <20220829155745.2673805-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2134973597358632755==" --===============2134973597358632755== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Trivial conflicts in man pages only. Signed-off-by: Stefano Brivio --- ...001-libpod-Add-pasta-networking-mode.patch | 94 +++++++++---------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/contrib/podman/0001-libpod-Add-pasta-networking-mode.patch b/con= trib/podman/0001-libpod-Add-pasta-networking-mode.patch index ac82a44..884ebf7 100644 --- a/contrib/podman/0001-libpod-Add-pasta-networking-mode.patch +++ b/contrib/podman/0001-libpod-Add-pasta-networking-mode.patch @@ -1,4 +1,4 @@ -From 27b0bf3a0ad6c57c7713aef1ded8cad6d4cd4d4a Mon Sep 17 00:00:00 2001 +From 9f61d4107f7cce5fb4157e18c67fad9c135d7b9f Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Mon, 2 May 2022 16:12:07 +0200 Subject: [PATCH] libpod: Add pasta networking mode @@ -41,25 +41,25 @@ Signed-off-by: Stefano Brivio SPDX-FileCopyrightText: 2021-2022 Red Hat GmbH SPDX-License-Identifier: Apache-2.0 =20 - docs/source/markdown/podman-create.1.md | 48 ++++++++- - docs/source/markdown/podman-pod-create.1.md | 44 ++++++++ - docs/source/markdown/podman-run.1.md | 49 ++++++++- - docs/source/markdown/podman.1.md | 6 +- - libpod/networking_linux.go | 6 +- - libpod/networking_pasta.go | 107 ++++++++++++++++++++ - pkg/namespaces/namespaces.go | 6 ++ - pkg/specgen/generate/namespaces.go | 10 ++ - pkg/specgen/generate/pod_create.go | 6 ++ - pkg/specgen/namespaces.go | 16 ++- - pkg/specgen/podspecgen.go | 2 +- + docs/source/markdown/podman-create.1.md.in | 48 +++++++- + .../source/markdown/podman-pod-create.1.md.in | 44 +++++++ + docs/source/markdown/podman-run.1.md.in | 49 +++++++- + docs/source/markdown/podman.1.md | 6 +- + libpod/networking_linux.go | 6 +- + libpod/networking_pasta.go | 107 ++++++++++++++++++ + pkg/namespaces/namespaces.go | 6 + + pkg/specgen/generate/namespaces.go | 10 ++ + pkg/specgen/generate/pod_create.go | 6 + + pkg/specgen/namespaces.go | 16 ++- + pkg/specgen/podspecgen.go | 2 +- 11 files changed, 286 insertions(+), 14 deletions(-) create mode 100644 libpod/networking_pasta.go =20 -diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/= podman-create.1.md -index b3e707e45..03a754e4c 100644 ---- a/docs/source/markdown/podman-create.1.md -+++ b/docs/source/markdown/podman-create.1.md -@@ -717,10 +717,15 @@ Valid _mode_ values are: +diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdo= wn/podman-create.1.md.in +index 0a880951d..287dbc4a4 100644 +--- a/docs/source/markdown/podman-create.1.md.in ++++ b/docs/source/markdown/podman-create.1.md.in +@@ -394,10 +394,15 @@ Valid _mode_ values are: - **interface_name**: Specify a name for the created network interface in= side the container. =20 For example to set a static ipv4 address and a static mac address, use `-= -network bridge:ip=3D10.88.0.10,mac=3D44:33:22:11:00:99`. @@ -75,7 +75,7 @@ index b3e707e45..03a754e4c 100644 - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the = **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user ne= twork stack. This is the default for rootless containers. It is possible to s= pecify these additional options, they can also be set with `network_cmd_optio= ns` in containers.conf: -@@ -736,6 +741,40 @@ Valid _mode_ values are: +@@ -413,6 +418,40 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to an= IP address in the container network namespace, usually `10.0.2.100`. If your= application requires the real source IP address, e.g. web server logs, use t= he slirp4netns port handler. The rootlesskit port handler is also used for ro= otless containers when connected to user-defined networks. - **port_handler=3Dslirp4netns**: Use the slirp4netns port forwarding, it= is slower than rootlesskit but preserves the correct source IP address. This= port handler cannot be used for user-defined networks. =20 @@ -113,10 +113,10 @@ index b3e707e45..03a754e4c 100644 + host, using the loopback interface instead of the tap interface for imp= roved + performance + - #### **--network-alias**=3D*alias* + @@option network-alias =20 - Add a network-scoped alias for the container, setting the alias for all net= works that the container joins. To set a -@@ -1595,8 +1634,9 @@ In order for users to run rootless, there must be an e= ntry for their username in + @@option no-healthcheck +@@ -1018,8 +1057,9 @@ In order for users to run rootless, there must be an e= ntry for their username in =20 Rootless Podman works better if the fuse-overlayfs and slirp4netns packages= are installed. The fuse-overlayfs package provides a userspace overlay storage driver, oth= erwise users need to use @@ -128,7 +128,7 @@ index b3e707e45..03a754e4c 100644 =20 ## ENVIRONMENT =20 -@@ -1645,7 +1685,9 @@ page. +@@ -1068,7 +1108,9 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage= location of downloaded container images. Podman defaults to use `/var/tmp`. =20 ## SEE ALSO @@ -139,11 +139,11 @@ index b3e707e45..03a754e4c 100644 =20 ## HISTORY October 2017, converted from Docker documentation to Podman by Dan Walsh fo= r Podman `` -diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markd= own/podman-pod-create.1.md -index 7b63ac51d..03174d1a6 100644 ---- a/docs/source/markdown/podman-pod-create.1.md -+++ b/docs/source/markdown/podman-pod-create.1.md -@@ -263,10 +263,15 @@ Valid _mode_ values are: +diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/ma= rkdown/podman-pod-create.1.md.in +index 702780c65..609a5aee5 100644 +--- a/docs/source/markdown/podman-pod-create.1.md.in ++++ b/docs/source/markdown/podman-pod-create.1.md.in +@@ -181,10 +181,15 @@ Valid _mode_ values are: - **interface_name**: Specify a name for the created network interface in= side the container. =20 For example to set a static ipv4 address and a static mac address, use `-= -network bridge:ip=3D10.88.0.10,mac=3D44:33:22:11:00:99`. @@ -159,7 +159,7 @@ index 7b63ac51d..03174d1a6 100644 - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the = **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user ne= twork stack. This is the default for rootless containers. It is possible to s= pecify these additional options, they can also be set with `network_cmd_optio= ns` in containers.conf: -@@ -282,6 +287,43 @@ Valid _mode_ values are: +@@ -200,6 +205,43 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to an= IP address in the container network namespace, usually `10.0.2.100`. If your= application requires the real source IP address, e.g. web server logs, use t= he slirp4netns port handler. The rootlesskit port handler is also used for ro= otless containers when connected to user-defined networks. - **port_handler=3Dslirp4netns**: Use the slirp4netns port forwarding, it= is slower than rootlesskit but preserves the correct source IP address. This= port handler cannot be used for user-defined networks. =20 @@ -200,10 +200,10 @@ index 7b63ac51d..03174d1a6 100644 + host, using the loopback interface instead of the tap interface for imp= roved + performance + - #### **--network-alias**=3D*alias* + @@option network-alias =20 - Add a network-scoped alias for the pod, setting the alias for all networks = that the container joins. To set a -@@ -672,6 +714,8 @@ $ podman pod create --network slirp4netns:outbound_addr= =3D127.0.0.1,allow_host_loo + @@option no-hosts +@@ -561,6 +603,8 @@ $ podman pod create --network slirp4netns:outbound_addr= =3D127.0.0.1,allow_host_loo =20 $ podman pod create --network slirp4netns:cidr=3D192.168.0.0/24 =20 @@ -212,11 +212,11 @@ index 7b63ac51d..03174d1a6 100644 $ podman pod create --network net1:ip=3D10.89.1.5 --network net2:ip=3D10.89= .10.10 ``` =20 -diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/pod= man-run.1.md -index 8c889f0a5..0ad667fc2 100644 ---- a/docs/source/markdown/podman-run.1.md -+++ b/docs/source/markdown/podman-run.1.md -@@ -734,10 +734,15 @@ Valid _mode_ values are: +diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/= podman-run.1.md.in +index 6798c65da..06dfa0745 100644 +--- a/docs/source/markdown/podman-run.1.md.in ++++ b/docs/source/markdown/podman-run.1.md.in +@@ -409,10 +409,15 @@ Valid _mode_ values are: - **interface_name**: Specify a name for the created network interface in= side the container. =20 For example to set a static ipv4 address and a static mac address, use `-= -network bridge:ip=3D10.88.0.10,mac=3D44:33:22:11:00:99`. @@ -232,7 +232,7 @@ index 8c889f0a5..0ad667fc2 100644 - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the = **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user ne= twork stack. This is the default for rootless containers. It is possible to s= pecify these additional options, they can also be set with `network_cmd_optio= ns` in containers.conf: -@@ -753,6 +758,43 @@ Valid _mode_ values are: +@@ -428,6 +433,43 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to an= IP address in the container network namespace, usually `10.0.2.100`. If your= application requires the real source IP address, e.g. web server logs, use t= he slirp4netns port handler. The rootlesskit port handler is also used for ro= otless containers when connected to user-defined networks. - **port_handler=3Dslirp4netns**: Use the slirp4netns port forwarding, it= is slower than rootlesskit but preserves the correct source IP address. This= port handler cannot be used for user-defined networks. =20 @@ -273,10 +273,10 @@ index 8c889f0a5..0ad667fc2 100644 + host, using the loopback interface instead of the tap interface for imp= roved + performance + - #### **--network-alias**=3D*alias* + @@option network-alias =20 - Add a network-scoped alias for the container, setting the alias for all net= works that the container joins. To set a -@@ -1967,8 +2009,9 @@ In order for users to run rootless, there must be an e= ntry for their username in + @@option no-healthcheck +@@ -1383,8 +1425,9 @@ In order for users to run rootless, there must be an e= ntry for their username in =20 Rootless Podman works better if the fuse-overlayfs and slirp4netns packages= are installed. The **fuse-overlayfs** package provides a userspace overlay storage driver,= otherwise users need to use @@ -288,7 +288,7 @@ index 8c889f0a5..0ad667fc2 100644 =20 ## ENVIRONMENT =20 -@@ -2015,7 +2058,7 @@ page. +@@ -1431,7 +1474,7 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage= location of downloaded container images. Podman defaults to use `/var/tmp`. =20 ## SEE ALSO @@ -298,7 +298,7 @@ index 8c889f0a5..0ad667fc2 100644 ## HISTORY September 2018, updated by Kunal Kushwaha `` diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.= 1.md -index 4c019ae97..4c09d4bee 100644 +index d1192b6d2..a79a56253 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -88,7 +88,7 @@ Set libpod namespace. Namespaces are used to separate grou= ps of containers and p @@ -310,7 +310,7 @@ index 4c019ae97..4c09d4bee 100644 =20 #### **--network-config-dir**=3D*directory* =20 -@@ -415,7 +415,7 @@ See the `subuid(5)` and `subgid(5)` man pages for more i= nformation. +@@ -421,7 +421,7 @@ See the `subuid(5)` and `subgid(5)` man pages for more i= nformation. =20 Images are pulled under `XDG_DATA_HOME` when specified, otherwise in the ho= me directory of the user under `.local/share/containers/storage`. =20 @@ -319,7 +319,7 @@ index 4c019ae97..4c09d4bee 100644 =20 In certain environments like HPC (High Performance Computing), users cannot= take advantage of the additional UIDs and GIDs from the /etc/subuid and /etc= /subgid systems. However, in this environment, rootless Podman can operate w= ith a single UID. To make this work, set the `ignore_chown_errors` option in= the /etc/containers/storage.conf or in ~/.config/containers/storage.conf fil= es. This option tells Podman when pulling an image to ignore chown errors whe= n attempting to change a file in a container image to match the non-root UID = in the image. This means all files get saved as the user's UID. Note this cou= ld cause issues when running the container. =20 -@@ -428,7 +428,7 @@ The Network File System (NFS) and other distributed file= systems (for example: L +@@ -434,7 +434,7 @@ The Network File System (NFS) and other distributed file= systems (for example: L For more information, please refer to the [Podman Troubleshooting Page](htt= ps://github.com/containers/podman/blob/main/troubleshooting.md). =20 ## SEE ALSO @@ -329,7 +329,7 @@ index 4c019ae97..4c09d4bee 100644 ## HISTORY Dec 2016, Originally compiled by Dan Walsh diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go -index c05796768..5c1f0ea35 100644 +index c10c3c0b2..0f0c1213c 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -640,6 +640,9 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS n= s.NetNS) (status map[str @@ -511,10 +511,10 @@ index f0d4e9153..2c4b40509 100644 portMappings, expose, err :=3D createPortMappings(s, imageData) if err !=3D nil { diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_c= reate.go -index 4e6362c9b..fa8a01c84 100644 +index d6063b9a0..be94fb251 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go -@@ -200,6 +200,12 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.Spe= cGenerator, error) { +@@ -201,6 +201,12 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.Spe= cGenerator, error) { p.InfraContainerSpec.NetworkOptions =3D p.NetworkOptions p.InfraContainerSpec.NetNS.NSMode =3D specgen.Slirp } --=20 2.35.1 --===============2134973597358632755==--