containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,407 Commits 52 Branches 247 Tags 253 MiB
Commit Graph

14 Commits

Author SHA1 Message Date
Daniel J Walsh 44b2404702
Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.14.5 to 0.14.6.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](rootless-containers/rootlesskit@v0.14.5...v0.14.6)

---
updated-dependencies:
- dependency-name: github.com/rootless-containers/rootlesskit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-19 14:26:03 -05:00
dependabot[bot] bd29ec4c3b
Bump github.com/rootless-containers/rootlesskit from 0.14.3 to 0.14.4 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.14.3 to 0.14.4.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.14.3...v0.14.4)

---
updated-dependencies:
- dependency-name: github.com/rootless-containers/rootlesskit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-04 07:48:36 +00:00
Paul Holzinger e88d8dbeae
fix rootless port forwarding with network dis-/connect 
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]

To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.

Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().

Fixes #10052

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2021-08-03 16:29:09 +02:00
dependabot[bot] 5bc6bf8ecd
Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.14.0 to 0.14.1.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.14.0...v0.14.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-03 06:34:41 -04:00
Akihiro Suda 2f0fc2911c
Bump RootlessKit v0.14.0-beta.0 
https://github.com/rootless-containers/rootlesskit/releases/tag/v0.14.0-beta.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-03-02 17:01:25 +09:00
dependabot-preview[bot] 0fd4807080
Bump github.com/rootless-containers/rootlesskit from 0.13.0 to 0.13.1 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.13.0...v0.13.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2021-02-16 07:05:03 -05:00
Giuseppe Scrivano 37319dec17
vendor: update rootlesskit to v0.12.0 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2021-01-22 08:08:25 +01:00
dependabot-preview[bot] b1b6b88f3b
Bump github.com/rootless-containers/rootlesskit from 0.11.0 to 0.11.1 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.11.0...v0.11.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2020-11-12 05:51:44 -05:00
Akihiro Suda 3c333e7a93
Bump github.com/rootless-containers/rootlesskit from 0.9.5 to 0.10.0 
Fix #7016 via https://github.com/rootless-containers/rootlesskit/pull/157

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-07-28 16:35:05 +09:00
Daniel J Walsh cd001a3a9e
Bump github.com/rootless-containers/rootlesskit from 0.9.4 to 0.9.5 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.9.4 to 0.9.5.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](rootless-containers/rootlesskit@v0.9.4...v0.9.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2020-05-22 13:09:53 -04:00
dependabot-preview[bot] ddbe1aef17 build(deps): bump github.com/rootless-containers/rootlesskit 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.9.3 to 0.9.4.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.9.3...v0.9.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2020-04-27 12:28:24 +02:00
dependabot-preview[bot] 4841cd1630
Bump github.com/rootless-containers/rootlesskit from 0.9.2 to 0.9.3 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.9.2 to 0.9.3.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.9.2...v0.9.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2020-03-31 09:05:15 -04:00
dependabot-preview[bot] e8e590ed88 Bump github.com/rootless-containers/rootlesskit from 0.8.0 to 0.9.2 
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.8.0 to 0.9.2.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.8.0...v0.9.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2020-03-25 14:20:34 +01:00
Akihiro Suda da7595a69f rootless: use RootlessKit port forwarder 
RootlessKit port forwarder has a lot of advantages over the slirp4netns port forwarder:

* Very high throughput.
  Benchmark result on Travis: socat: 5.2 Gbps, slirp4netns: 8.3 Gbps, RootlessKit: 27.3 Gbps
  (https://travis-ci.org/rootless-containers/rootlesskit/builds/597056377)

* Connections from the host are treated as 127.0.0.1 rather than 10.0.2.2 in the namespace.
  No UDP issue (#4586)

* No tcp_rmem issue (#4537)

* Probably works with IPv6. Even if not, it is trivial to support IPv6.  (#4311)

* Easily extensible for future support of SCTP

* Easily extensible for future support of `lxc-user-nic` SUID network

RootlessKit port forwarder has been already adopted as the default port forwarder by Rootless Docker/Moby,
and no issue has been reported AFAIK.

As the port forwarder is imported as a Go package, no `rootlesskit` binary is required for Podman.

Fix #4586
May-fix #4559
Fix #4537
May-fix #4311

See https://github.com/rootless-containers/rootlesskit/blob/v0.7.0/pkg/port/builtin/builtin.go

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-08 19:35:17 +09:00