containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
automation-tests/docs/source/markdown
History
Paul Holzinger e88d8dbeae
fix rootless port forwarding with network dis-/connect 
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]

To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.

Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().

Fixes #10052

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 		2021-08-03 16:29:09 +02:00
..
links podman diff accept two images or containers 2021-07-02 17:11:56 +02:00
podman-attach.1.md [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX 2021-06-16 17:44:11 +02:00
podman-auto-update.1.md auto-update: add --dry-run 2021-07-15 11:39:50 +02:00
podman-build.1.md docs: --cert-dir: point to containers-certs.d(5) 2021-05-25 14:00:06 +02:00
podman-commit.1.md [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX 2021-06-16 17:44:11 +02:00
podman-completion.1.md [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX 2021-06-16 17:44:11 +02:00
podman-container-checkpoint.1.md [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX 2021-06-16 17:44:11 +02:00
podman-container-cleanup.1.md [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX 2021-06-16 17:44:11 +02:00
podman-container-diff.1.md podman diff accept two images or containers 2021-07-02 17:11:56 +02:00
podman-container-exists.1.md [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX 2021-06-16 17:44:11 +02:00
podman-container-prune.1.md [CI:DOCS] Follow-up to PR 10676 2021-06-23 20:36:20 +02:00
podman-container-restore.1.md Support checkpoint/restore with pods 2021-07-27 16:10:44 +02:00
podman-container-runlabel.1.md [CI:DOCS] refine the runlabel man page 2021-07-20 14:26:11 +02:00
podman-container.1.md [CI:DOCS] refine the runlabel man page 2021-07-20 14:26:11 +02:00
podman-cp.1.md [CI:DOCS] Update podman-cp manpage 2021-07-28 17:05:06 +05:30
podman-create.1.md Add notes to flags not supported on cgroups V2 2021-07-21 17:50:37 -04:00
podman-diff.1.md podman diff accept two images or containers 2021-07-02 17:11:56 +02:00
podman-events.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-exec.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-export.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-generate-kube.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-generate-systemd.1.md systemd: require network*-online*.target 2021-07-16 14:58:08 +02:00
podman-generate.1.md Add support for play/generate kube volumes 2021-04-09 14:01:13 -06:00
podman-healthcheck-run.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-healthcheck.1.md
podman-history.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-image-diff.1.md podman diff accept two images or containers 2021-07-02 17:11:56 +02:00
podman-image-exists.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-image-mount.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-image-prune.1.md image prune: remove unused images only with `--all` 2021-05-17 13:52:03 +02:00
podman-image-scp.1.md Created scp.go image_scp_test.go and podman-image-scp.1.md 2021-07-30 17:19:24 -04:00
podman-image-sign.1.md docs: --cert-dir: point to containers-certs.d(5) 2021-05-25 14:00:06 +02:00
podman-image-tree.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-image-trust.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-image-unmount.1.md markdown/*: typos 'a image' 2021-06-23 13:46:45 +03:00
podman-image.1.md Created scp.go image_scp_test.go and podman-image-scp.1.md 2021-07-30 17:19:24 -04:00
podman-images.1.md refine dangling checks 2021-07-26 09:28:17 +02:00
podman-import.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-info.1.md Podman info add support for status of cgroup controllers 2021-05-24 16:55:23 +05:30
podman-init.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-inspect.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-kill.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-load.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-login.1.md Add support for podman login --verbose 2021-06-19 10:01:19 +05:30
podman-logout.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-logs.1.md Implemented --until flag for libpod's container logs 2021-07-22 10:56:56 -04:00
podman-machine-init.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-machine-list.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-machine-rm.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-machine-ssh.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-machine-start.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-machine-stop.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-machine.1.md Add documentation on short-names 2021-05-07 09:00:35 -04:00
podman-manifest-add.1.md Merge pull request #10429 from ashley-cui/manifestdocs 2021-05-25 18:11:10 -07:00
podman-manifest-annotate.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-manifest-create.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-manifest-exists.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-manifest-inspect.1.md Manifest remove, push 2020-05-06 10:54:28 -04:00
podman-manifest-push.1.md docs: --cert-dir: point to containers-certs.d(5) 2021-05-25 14:00:06 +02:00
podman-manifest-remove.1.md Manifest remove, push 2020-05-06 10:54:28 -04:00
podman-manifest-rm.1.md System tests: deal with crun 0.20.1 2021-06-09 10:15:12 -06:00
podman-manifest.1.md Add support for podman manifest rm command 2021-05-19 17:32:02 -04:00
podman-mount.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-network-connect.1.md fix rootless port forwarding with network dis-/connect 2021-08-03 16:29:09 +02:00
podman-network-create.1.md System tests: deal with crun 0.20.1 2021-06-09 10:15:12 -06:00
podman-network-disconnect.1.md fix rootless port forwarding with network dis-/connect 2021-08-03 16:29:09 +02:00
podman-network-exists.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-network-inspect.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-network-ls.1.md Add support for cli network prune --filter flag 2021-05-12 09:05:06 +02:00
podman-network-prune.1.md Add support for cli network prune --filter flag 2021-05-12 09:05:06 +02:00
podman-network-reload.1.md fix rootless port forwarding with network dis-/connect 2021-08-03 16:29:09 +02:00
podman-network-rm.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-network.1.md add network prune 2021-02-06 07:37:29 -06:00
podman-pause.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-play-kube.1.md docs: --cert-dir: point to containers-certs.d(5) 2021-05-25 14:00:06 +02:00
podman-play.1.md Add support for play/generate kube volumes 2021-04-09 14:01:13 -06:00
podman-pod-create.1.md --infra-name command line argument 2021-07-15 21:27:51 -03:00
podman-pod-exists.1.md Make man page headings more consistent 2020-10-16 15:06:33 -05:00
podman-pod-inspect.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-kill.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-pause.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-prune.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-ps.1.md Restore headers of optional information in 'podman pod ps' 2021-07-09 18:08:23 -04:00
podman-pod-restart.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-rm.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-start.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-stats.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-stop.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-top.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod-unpause.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pod.1.md
podman-port.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-ps.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-pull.1.md Fix up documentation of the userns audit flag 2021-07-14 15:28:35 -04:00
podman-push.1.md [CI:DOCS] push/pull docs: clarify supported transports 2021-06-23 16:34:25 +02:00
podman-remote.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-rename.1.md Initial implementation of renaming containers 2021-01-14 18:29:28 -05:00
podman-restart.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-rm.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-rmi.1.md refine dangling checks 2021-07-26 09:28:17 +02:00
podman-run.1.md Add notes to flags not supported on cgroups V2 2021-07-21 17:50:37 -04:00
podman-save.1.md [CI:DOCS] podman save: clarify formats and transports 2021-06-24 09:18:16 +02:00
podman-search.1.md [CI:DOCS] podman search: clarify that results depend on implementation 2021-07-02 11:14:01 +02:00
podman-secret-create.1.md read secret config from config file if no user data. 2021-06-24 12:31:14 +02:00
podman-secret-inspect.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-secret-ls.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-secret-rm.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-secret.1.md Implement Secrets 2021-02-09 09:13:21 -05:00
podman-start.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-stats.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-stop.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-system-connection-add.1.md Enhance system connection add URL input 2021-06-29 16:24:03 -07:00
podman-system-connection-default.1.md [WIP] Refactor podman system connection 2020-07-22 15:25:44 -07:00
podman-system-connection-list.1.md Add --format to connection list 2021-06-22 11:07:12 -07:00
podman-system-connection-remove.1.md [WIP] Refactor podman system connection 2020-07-22 15:25:44 -07:00
podman-system-connection-rename.1.md [WIP] Refactor podman system connection 2020-07-22 15:25:44 -07:00
podman-system-connection.1.md podman-system-connection.1.md: fix copy/paste error 2021-02-24 11:09:19 -06:00
podman-system-df.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-system-migrate.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-system-prune.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-system-renumber.1.md Switch references from libpod.conf to containers.conf 2020-07-20 15:09:54 -04:00
podman-system-reset.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-system-service.1.md Add CORS support 2021-06-04 16:14:52 +03:00
podman-system.1.md Repeat system pruning until there is nothing removed 2020-12-09 06:17:28 -05:00
podman-tag.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-top.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-unmount.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-unpause.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-unshare.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-untag.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-version.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-volume-create.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-volume-exists.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-volume-inspect.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-volume-ls.1.md Add until filter to volume ls filters list 2021-07-22 00:01:07 +02:00
podman-volume-prune.1.md Add prune until filter test for podman volume cli 2021-07-26 22:37:45 +02:00
podman-volume-rm.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman-volume.1.md podman volume exists 2021-01-21 19:18:51 +01:00
podman-wait.1.md Revert escaped double dash man page flag syntax 2021-05-07 18:30:00 +02:00
podman.1.md Add documentation on ignore_chown_errors 2021-06-10 17:02:35 -04:00