diff --git a/common/docs/containers.conf.5.md b/common/docs/containers.conf.5.md index 94ce775423..3985e6b2e8 100644 --- a/common/docs/containers.conf.5.md +++ b/common/docs/containers.conf.5.md @@ -279,10 +279,21 @@ Options are: The `network` table contains settings pertaining to the management of CNI plugins. -**cni_plugin_dirs**=["/opt/cni/bin/",] +**cni_plugin_dirs**=[] List of paths to directories where CNI plugin binaries are located. +The default list is: +``` +cni_plugin_dirs = [ + "/usr/local/libexec/cni", + "/usr/libexec/cni", + "/usr/local/lib/cni", + "/usr/lib/cni", + "/opt/cni/bin", +] +``` + **default_network**="podman" The network name of the default CNI network to attach pods to. diff --git a/common/pkg/config/config.go b/common/pkg/config/config.go index e554bac707..f840472cca 100644 --- a/common/pkg/config/config.go +++ b/common/pkg/config/config.go @@ -778,7 +778,7 @@ func (c *NetworkConfig) Validate() error { } } - if stringsEq(c.CNIPluginDirs, cniBinDir) { + if stringsEq(c.CNIPluginDirs, DefaultCNIPluginDirs) { return nil } diff --git a/common/pkg/config/config_test.go b/common/pkg/config/config_test.go index 183e48fdf0..51b37fde4a 100644 --- a/common/pkg/config/config_test.go +++ b/common/pkg/config/config_test.go @@ -155,9 +155,7 @@ var _ = Describe("Config", func() { pluginDirs := []string{ "/usr/libexec/cni", - "/usr/lib/cni", - "/usr/local/lib/cni", - "/opt/cni/bin", + "/usr/libexec/foo", } envs := []string{ @@ -262,13 +260,6 @@ var _ = Describe("Config", func() { }, } - pluginDirs := []string{ - "/usr/libexec/cni", - "/usr/lib/cni", - "/usr/local/lib/cni", - "/opt/cni/bin", - } - envs := []string{ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", @@ -290,7 +281,7 @@ var _ = Describe("Config", func() { gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal(apparmor.Profile)) gomega.Expect(config.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048)) gomega.Expect(config.Containers.Env).To(gomega.BeEquivalentTo(envs)) - gomega.Expect(config.Network.CNIPluginDirs).To(gomega.Equal(pluginDirs)) + gomega.Expect(config.Network.CNIPluginDirs).To(gomega.Equal(DefaultCNIPluginDirs)) gomega.Expect(config.Engine.NumLocks).To(gomega.BeEquivalentTo(2048)) gomega.Expect(config.Engine.OCIRuntimes["runc"]).To(gomega.Equal(OCIRuntimeMap["runc"])) if useSystemd() { diff --git a/common/pkg/config/containers.conf b/common/pkg/config/containers.conf index 0068a9a174..481405a1a0 100644 --- a/common/pkg/config/containers.conf +++ b/common/pkg/config/containers.conf @@ -262,7 +262,13 @@ default_sysctls = [ # Path to directory where CNI plugin binaries are located. # -#cni_plugin_dirs = ["/usr/libexec/cni"] +#cni_plugin_dirs = [ +# "/usr/local/libexec/cni", +# "/usr/libexec/cni", +# "/usr/local/lib/cni", +# "/usr/lib/cni", +# "/opt/cni/bin", +#] # The network name of the default CNI network to attach pods to. # diff --git a/common/pkg/config/default.go b/common/pkg/config/default.go index 66531a2ba1..b8dc214750 100644 --- a/common/pkg/config/default.go +++ b/common/pkg/config/default.go @@ -76,10 +76,12 @@ var ( "CAP_SYS_CHROOT", } - cniBinDir = []string{ + // It may seem a bit unconventional, but it is necessary to do so + DefaultCNIPluginDirs = []string{ + "/usr/local/libexec/cni", "/usr/libexec/cni", - "/usr/lib/cni", "/usr/local/lib/cni", + "/usr/lib/cni", "/opt/cni/bin", } @@ -207,7 +209,7 @@ func DefaultConfig() (*Config, error) { DefaultNetwork: "podman", DefaultSubnet: DefaultSubnet, NetworkConfigDir: cniConfig, - CNIPluginDirs: cniBinDir, + CNIPluginDirs: DefaultCNIPluginDirs, }, Engine: *defaultEngineConfig, Secrets: defaultSecretConfig(), diff --git a/common/pkg/config/testdata/containers_default.conf b/common/pkg/config/testdata/containers_default.conf index b2cc341112..02dafb9eb5 100644 --- a/common/pkg/config/testdata/containers_default.conf +++ b/common/pkg/config/testdata/containers_default.conf @@ -99,10 +99,8 @@ rootless_networking = "cni" # Path to directory where CNI plugin binaries are located. cni_plugin_dirs = [ - "/usr/libexec/cni", - "/usr/lib/cni", - "/usr/local/lib/cni", - "/opt/cni/bin", + "/usr/libexec/cni", + "/usr/libexec/foo", ] # Path to the directory where CNI configuration files are located.