| Copyright 2020 The Monogon Project Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| |
| |
| From 3e7a8cebf9d40487adc7d4a22b5c628add5e7eac Mon Sep 17 00:00:00 2001 |
| From: Lorenz Brun <lorenz@nexantic.com> |
| Date: Wed, 27 Jan 2021 13:05:30 +0100 |
| Subject: [PATCH] Move netns directory into StateDir |
| |
| --- |
| pkg/netns/netns_unix.go | 12 +++++------- |
| pkg/server/sandbox_run.go | 3 ++- |
| 2 files changed, 7 insertions(+), 8 deletions(-) |
| |
| diff --git a/pkg/netns/netns_unix.go b/pkg/netns/netns_unix.go |
| index 7449e235..b31716cb 100644 |
| --- a/pkg/netns/netns_unix.go |
| +++ b/pkg/netns/netns_unix.go |
| @@ -48,14 +48,12 @@ import ( |
| osinterface "github.com/containerd/cri/pkg/os" |
| ) |
| |
| -const nsRunDir = "/var/run/netns" |
| - |
| // Some of the following functions are migrated from |
| // https://github.com/containernetworking/plugins/blob/master/pkg/testutils/netns_linux.go |
| |
| // newNS creates a new persistent (bind-mounted) network namespace and returns the |
| // path to the network namespace. |
| -func newNS() (nsPath string, err error) { |
| +func newNS(baseDir string) (nsPath string, err error) { |
| b := make([]byte, 16) |
| if _, err := rand.Reader.Read(b); err != nil { |
| return "", errors.Wrap(err, "failed to generate random netns name") |
| @@ -64,13 +62,13 @@ func newNS() (nsPath string, err error) { |
| // Create the directory for mounting network namespaces |
| // This needs to be a shared mountpoint in case it is mounted in to |
| // other namespaces (containers) |
| - if err := os.MkdirAll(nsRunDir, 0755); err != nil { |
| + if err := os.MkdirAll(baseDir, 0755); err != nil { |
| return "", err |
| } |
| |
| // create an empty file at the mount point |
| nsName := fmt.Sprintf("cni-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:]) |
| - nsPath = path.Join(nsRunDir, nsName) |
| + nsPath = path.Join(baseDir, nsName) |
| mountPointFd, err := os.Create(nsPath) |
| if err != nil { |
| return "", err |
| @@ -164,8 +162,8 @@ type NetNS struct { |
| } |
| |
| // NewNetNS creates a network namespace. |
| -func NewNetNS() (*NetNS, error) { |
| - path, err := newNS() |
| +func NewNetNS(baseDir string) (*NetNS, error) { |
| + path, err := newNS(baseDir) |
| if err != nil { |
| return nil, errors.Wrap(err, "failed to setup netns") |
| } |
| diff --git a/pkg/server/sandbox_run.go b/pkg/server/sandbox_run.go |
| index dd4c51e3..32a2d6e8 100644 |
| --- a/pkg/server/sandbox_run.go |
| +++ b/pkg/server/sandbox_run.go |
| @@ -19,6 +19,7 @@ package server |
| import ( |
| "encoding/json" |
| "math" |
| + "path/filepath" |
| goruntime "runtime" |
| "strings" |
| |
| @@ -117,7 +118,7 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox |
| // handle. NetNSPath in sandbox metadata and NetNS is non empty only for non host network |
| // namespaces. If the pod is in host network namespace then both are empty and should not |
| // be used. |
| - sandbox.NetNS, err = netns.NewNetNS() |
| + sandbox.NetNS, err = netns.NewNetNS(filepath.Join(c.config.StateDir, "netns")) |
| if err != nil { |
| return nil, errors.Wrapf(err, "failed to create network namespace for sandbox %q", id) |
| } |
| -- |
| 2.25.1 |
| |