rootless: fix a regression when using -d

when using -d and port mapping, make sure the correct fd is injected into conmon. Move the pipe creation earlier as the fd must be known at the time we create the container through conmon. Closes: https://github.com/containers/libpod/issues/5167 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2020-02-18 11:46:27 +01:00 · 2020-02-18 11:46:27 +01:00 · 170fd7b038
parent 0bd29f89e9
commit 170fd7b038
2 changed files with 18 additions and 6 deletions
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@ -335,10 +335,13 @@ func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) (er
 		return errors.Wrapf(err, "delete file %s", logPath)
 	}

-	ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
-	if err != nil {
-		return errors.Wrapf(err, "failed to create rootless port sync pipe")
+	if !ctr.config.PostConfigureNetNS {
+		ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
+		if err != nil {
+			return errors.Wrapf(err, "failed to create rootless port sync pipe")
+		}
 	}
+
 	cfg := rootlessport.Config{
 		Mappings:  ctr.config.PortMappings,
 		NetNSPath: netnsPath,
@ -355,6 +358,11 @@ func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) (er
 	cmd := exec.Command(fmt.Sprintf("/proc/%d/exe", os.Getpid()))
 	cmd.Args = []string{rootlessport.ReexecKey}
 	// Leak one end of the pipe in rootlessport process, the other will be sent to conmon
+
+	if ctr.rootlessPortSyncR != nil {
+		defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR)
+	}
+
 	cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessPortSyncR, syncW)
 	cmd.Stdin = cfgR
 	// stdout is for human-readable error, stderr is for debug log
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@ -1161,6 +1161,13 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co

 	if ctr.config.NetMode.IsSlirp4netns() {
 		if ctr.config.PostConfigureNetNS {
+			havePortMapping := len(ctr.Config().PortMappings) > 0
+			if havePortMapping {
+				ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
+				if err != nil {
+					return errors.Wrapf(err, "failed to create rootless port sync pipe")
+				}
+			}
 			ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
 			if err != nil {
 				return errors.Wrapf(err, "failed to create rootless network sync pipe")
@ -1176,9 +1183,6 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 		// Leak one end in conmon, the other one will be leaked into slirp4netns
 		cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW)

-		if ctr.rootlessPortSyncR != nil {
-			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR)
-		}
 		if ctr.rootlessPortSyncW != nil {
 			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncW)
 			// Leak one end in conmon, the other one will be leaked into rootlessport