containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1283 from Luap99/net-lock 

libnetwork: change lock path to tmpfs for root
This commit is contained in:
OpenShift Merge Robot 2023-01-05 13:46:34 -05:00 committed by GitHub
parent 480dfbe653 2fae6d9fd6
commit e7c9889895
3 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
common/libnetwork/cni/network.go
View File

@ -18,10 +18,12 @@ import (
"github.com/containers/common/libnetwork/types" "github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config" "github.com/containers/common/pkg/config"
"github.com/containers/storage/pkg/lockfile" "github.com/containers/storage/pkg/lockfile"
"github.com/containers/storage/pkg/unshare"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
) )
const defaultRootLockPath = "/run/lock/podman-cni.lock"
type cniNetwork struct { type cniNetwork struct {
// cniConfigDir is directory where the cni config files are stored. // cniConfigDir is directory where the cni config files are stored.
cniConfigDir string cniConfigDir string
@ -81,19 +83,15 @@ type InitConfig struct {
// NewCNINetworkInterface creates the ContainerNetwork interface for the CNI backend. // NewCNINetworkInterface creates the ContainerNetwork interface for the CNI backend.
// Note: The networks are not loaded from disk until a method is called. // Note: The networks are not loaded from disk until a method is called.
func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
// TODO: consider using a shared memory lock // root needs to use a globally unique lock because there is only one host netns
lock, err := lockfile.GetLockFile(filepath.Join(conf.CNIConfigDir, "cni.lock")) lockPath := defaultRootLockPath
if unshare.IsRootless() {
lockPath = filepath.Join(conf.CNIConfigDir, "cni.lock")
}
lock, err := lockfile.GetLockFile(lockPath)
if err != nil { if err != nil {
// If we're on a read-only filesystem, there is no risk of return nil, err
// contention. Fall back to a local lockfile.
if errors.Is(err, unix.EROFS) {
lock, err = lockfile.GetLockFile(filepath.Join(conf.RunDir, "cni.lock"))
if err != nil {
return nil, err
}
} else {
return nil, err
}
} }
defaultNetworkName := conf.DefaultNetwork defaultNetworkName := conf.DefaultNetwork

2
common/libnetwork/netavark/const.go
View File

@ -4,3 +4,5 @@
package netavark package netavark
const defaultBridgeName = "podman" const defaultBridgeName = "podman"
const defaultRootLockPath = "/run/lock/netavark.lock"

9
common/libnetwork/netavark/network.go
View File

@ -94,8 +94,13 @@ type InitConfig struct {
// NewNetworkInterface creates the ContainerNetwork interface for the netavark backend. // NewNetworkInterface creates the ContainerNetwork interface for the netavark backend.
// Note: The networks are not loaded from disk until a method is called. // Note: The networks are not loaded from disk until a method is called.
func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
// TODO: consider using a shared memory lock // root needs to use a globally unique lock because there is only one host netns
lock, err := lockfile.GetLockFile(filepath.Join(conf.NetworkConfigDir, "netavark.lock")) lockPath := defaultRootLockPath
if unshare.IsRootless() {
lockPath = filepath.Join(conf.NetworkConfigDir, "netavark.lock")
}
lock, err := lockfile.GetLockFile(lockPath)
if err != nil { if err != nil {
return nil, err return nil, err
} }