Merge pull request #458 from sbrivio-rh/master

Let pasta configure interface, fix IPv6 outbound connectivity
rootless-containers · Aug 17, 2024 · b5b8e22 · b5b8e22
2 parents 9e724e3 + 36ceb0e
commit b5b8e22
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 22 deletions.
diff --git a/pkg/child/child.go b/pkg/child/child.go
@@ -215,8 +215,11 @@ func setupNet(stateDir string, msg *messages.ParentInitNetworkDriverCompleted, e
 		if err := os.WriteFile(stateDirResolvConf, generateResolvConf(msg.DNS), 0644); err != nil {
 			return fmt.Errorf("writing %s: %w", stateDirResolvConf, err)
 		}
-		if err := activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU); err != nil {
-			return err
+		Info, _ := driver.ChildDriverInfo()
+		if !Info.ConfiguresInterface {
+			if err := activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU); err != nil {
+				return err
+			}
 		}
 		if etcWasCopied {
 			// remove copied-up link
@@ -255,7 +258,11 @@ func setupNet(stateDir string, msg *messages.ParentInitNetworkDriverCompleted, e
 			return fmt.Errorf("writing %s: %w", stateDirResolvConf, err)
 		}
 		if err := ns.WithNetNSPath(detachedNetNSPath, func(_ ns.NetNS) error {
-			return activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU)
+			Info, _ := driver.ChildDriverInfo()
+			if !Info.ConfiguresInterface {
+				return activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU)
+			}
+			return nil
 		}); err != nil {
 			return err
 		}

diff --git a/pkg/network/lxcusernic/lxcusernic.go b/pkg/network/lxcusernic/lxcusernic.go
@@ -148,6 +148,12 @@ func exchangeDHCP(c *client4.Client, dev string, detachedNetNSPath string) (*dhc
 	return ack, nil
 }
 
+func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) {
+	return &network.ChildDriverInfo {
+		ConfiguresInterface: false,
+	}, nil
+}
+
 func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (string, error) {
 	dev := netmsg.Dev
 	if dev == "" {

diff --git a/pkg/network/network.go b/pkg/network/network.go
@@ -17,11 +17,17 @@ type ParentDriver interface {
 	ConfigureNetwork(childPID int, stateDir, detachedNetNSPath string) (netmsg *messages.ParentInitNetworkDriverCompleted, cleanup func() error, err error)
 }
 
+type ChildDriverInfo struct {
+	ConfiguresInterface bool // Driver configures own namespace interface
+}
+
 // ChildDriver is called from the child namespace
 type ChildDriver interface {
 	// ConfigureNetworkChild is executed in the child's namespaces, excluding detached-netns.
 	//
 	// netmsg MAY be modified.
 	// devName is like "tap" or "eth0"
 	ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (devName string, err error)
+
+	ChildDriverInfo() (*ChildDriverInfo, error)
 }
diff --git a/pkg/network/pasta/pasta.go b/pkg/network/pasta/pasta.go
@@ -17,7 +17,6 @@ import (
 	"github.com/rootless-containers/rootlesskit/v2/pkg/messages"
 	"github.com/rootless-containers/rootlesskit/v2/pkg/network"
 	"github.com/rootless-containers/rootlesskit/v2/pkg/network/iputils"
-	"github.com/rootless-containers/rootlesskit/v2/pkg/network/parentutils"
 )
 
 // NewParentDriver instantiates new parent driver.
@@ -92,9 +91,6 @@ func (d *parentDriver) MTU() int {
 func (d *parentDriver) ConfigureNetwork(childPID int, stateDir, detachedNetNSPath string) (*messages.ParentInitNetworkDriverCompleted, func() error, error) {
 	tap := d.ifname
 	var cleanups []func() error
-	if err := parentutils.PrepareTap(childPID, detachedNetNSPath, tap); err != nil {
-		return nil, common.Seq(cleanups), fmt.Errorf("setting up tap %s: %w", tap, err)
-	}
 
 	address, err := iputils.AddIPInt(d.ipnet.IP, 100)
 	if err != nil {
@@ -111,12 +107,10 @@ func (d *parentDriver) ConfigureNetwork(childPID int, stateDir, detachedNetNSPat
 	}
 
 	opts := []string{
-		"--foreground",
 		"--stderr",
 		"--ns-ifname=" + d.ifname,
 		"--mtu=" + strconv.Itoa(d.mtu),
-		"--no-dhcp",
-		"--no-ra",
+		"--config-net",
 		"--address=" + address.String(),
 		"--netmask=" + strconv.Itoa(netmask),
 		"--gateway=" + gateway.String(),
@@ -147,21 +141,18 @@ func (d *parentDriver) ConfigureNetwork(childPID int, stateDir, detachedNetNSPat
 	// `Couldn't open user namespace /proc/51813/ns/user: Permission denied`
 	// Possibly related to AppArmor.
 	cmd := exec.Command(d.binary, opts...)
-	cmd.Stdout = d.logWriter
-	cmd.Stderr = d.logWriter
-	cleanups = append(cleanups, func() error {
-		logrus.Debugf("killing pasta")
-		if cmd.Process != nil {
-			_ = cmd.Process.Kill()
-		}
-		wErr := cmd.Wait()
-		logrus.Debugf("killed pasta: %v", wErr)
-		return nil
-	})
 	logrus.Debugf("Executing %v", cmd.Args)
-	if err := cmd.Start(); err != nil {
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		exitErr := &exec.ExitError{}
+		if errors.As(err, &exitErr) {
+			return nil, common.Seq(cleanups),
+			       fmt.Errorf("pasta failed with exit code %d:\n%s",
+					  exitErr.ExitCode(), string(out))
+		}
 		return nil, common.Seq(cleanups), fmt.Errorf("executing %v: %w", cmd, err)
 	}
+
 	netmsg := messages.ParentInitNetworkDriverCompleted{
 		Dev: tap,
 		MTU: d.mtu,
@@ -191,6 +182,12 @@ func NewChildDriver() network.ChildDriver {
 type childDriver struct {
 }
 
+func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) {
+	return &network.ChildDriverInfo {
+		ConfiguresInterface: true,
+	}, nil
+}
+
 func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (string, error) {
 	// NOP
 	return netmsg.Dev, nil

diff --git a/pkg/network/slirp4netns/slirp4netns.go b/pkg/network/slirp4netns/slirp4netns.go
@@ -337,6 +337,12 @@ func NewChildDriver() network.ChildDriver {
 type childDriver struct {
 }
 
+func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) {
+	return &network.ChildDriverInfo {
+		ConfiguresInterface: false,
+	}, nil
+}
+
 func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (string, error) {
 	tap := netmsg.Dev
 	if tap == "" {

diff --git a/pkg/network/vpnkit/vpnkit.go b/pkg/network/vpnkit/vpnkit.go
@@ -172,6 +172,12 @@ func NewChildDriver() network.ChildDriver {
 type childDriver struct {
 }
 
+func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) {
+	return &network.ChildDriverInfo {
+		ConfiguresInterface: false,
+	}, nil
+}
+
 func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (tap string, err error) {
 	tapName := netmsg.Dev
 	if tapName == "" {