containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
automation-tests/docs/source
History
Paul Holzinger e88d8dbeae
fix rootless port forwarding with network dis-/connect 
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]

To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.

Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().

Fixes #10052

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 		2021-08-03 16:29:09 +02:00
..
_static Cirrus: Upload swagger YAML in every context 2021-01-21 10:26:57 -05:00
markdown fix rootless port forwarding with network dis-/connect 2021-08-03 16:29:09 +02:00
Commands.rst Use secrets and machine rst file properly 2021-06-01 15:31:56 -04:00
Introduction.rst [CI:DOCS] Update first line in intro page 2021-05-14 17:08:35 -04:00
Reference.rst [CI:DOCS] Docs revamp. 2020-05-21 17:16:10 -04:00
Search.rst [CI:DOCS] Docs revamp. 2020-05-21 17:16:10 -04:00
Tutorials.rst Replace old RESTful tutorial with updated README 2021-07-07 10:03:01 -05:00
conf.py Add host.serviceIsRemote to podman info results 2021-05-10 14:13:15 -07:00
connection.rst Add missing pages for docs.podman.io 2020-08-10 19:35:23 -04:00
generate.rst Update document formatting and packaging code 2019-10-31 12:31:39 -05:00
healthcheck.rst Update document formatting and packaging code 2019-10-31 12:31:39 -05:00
image.rst Created scp.go image_scp_test.go and podman-image-scp.1.md 2021-07-30 17:19:24 -04:00
includes.rst [CI:DOCS] Fix GitHub URL to Podman logo 2021-07-21 11:22:01 -04:00
index.rst [CI:DOCS]update state of restful service 2021-01-26 09:12:07 -06:00
machine.rst Fix spacing in buildthedocs 2021-06-02 16:56:12 -04:00
managecontainers.rst Initial implementation of renaming containers 2021-01-14 18:29:28 -05:00
manifest.rst Add support for podman manifest rm command 2021-05-19 17:32:02 -04:00
network.rst add network prune 2021-02-06 07:37:29 -06:00
play.rst Update document formatting and packaging code 2019-10-31 12:31:39 -05:00
pod.rst Remove containers when pruning a stopped pod. 2019-11-26 13:19:31 -05:00
secret.rst Implement Secrets 2021-02-09 09:13:21 -05:00
system.rst Cross-reference *.rst files too 2020-08-11 08:03:37 -06:00
volume.rst podman volume exists 2021-01-21 19:18:51 +01:00