github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
36f520dc04
containerd/pkg/cri/server
History
Rodrigo Campos 36f520dc04 Let OCI runtime create netns when userns is used 
As explained in the comments, this patch lets the OCI runtime create the
netns when userns are in use. This is needed because the netns needs to
be owned by the userns (otherwise can't modify the IP, etc.).

Before this patch, we are creating the netns and then starting the pod
sandbox asking to join this netns. This can't never work with userns, as
the userns needs to be created first for the netns ownership to be
correct.

One option would be to also create the userns in containerd, then create
the netns. But this is painful (needs tricks with the go runtime,
special care to write the mapping, etc.).

So, we just let the OCI runtime create the userns and netns, that
creates them with the proper ownership.

As requested by Mike Brown, the current code when userns is not used is
left unchanged. We can unify the cases (with and without userns) in a
future release.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
2022-12-21 10:40:30 -03:00
..
bandwidth Cleanup build constraints 2022-12-08 09:36:20 -08:00
testing update go-cni/for cni update fixing plugins that don't respond with version 2022-06-01 17:20:18 -05:00
blockio_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
blockio_stub_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
cni_conf_syncer.go Change fsnotify event status condition. 2022-11-20 09:43:54 +08:00
container_attach.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_checkpoint.go Set grpc code for unimplemented cri-api methods 2022-09-22 07:24:48 +00:00
container_create_linux_test.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
container_create_linux.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
container_create_other_test.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
container_create_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
container_create_test.go cri/server: Disable tests on FreeBSD 2022-06-09 18:54:10 -07:00
container_create_windows_test.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
container_create_windows.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
container_create.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
container_events.go Add Evented PLEG support to sandbox server 2022-12-08 19:31:36 +00:00
container_exec.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_execsync_test.go Implicitly discard the input to drain the reader 2022-06-06 09:57:13 -07:00
container_execsync.go Implicitly discard the input to drain the reader 2022-06-06 09:57:13 -07:00
container_list_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_list.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_log_reopen.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_remove_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_remove.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
container_start_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_start.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
container_stats_list_linux_test.go Use github.com/containerd/cgroups/v3 to remove gogo 2022-11-14 21:07:48 +00:00
container_stats_list_linux.go Refactor usageNanoCores be to used for all OSes 2022-07-19 16:49:08 -07:00
container_stats_list_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
container_stats_list_test.go Refactor usageNanoCores be to used for all OSes 2022-07-19 16:49:08 -07:00
container_stats_list_windows.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
container_stats_list.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
container_stats.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
container_status_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_status.go ContainerStatus to return container resources 2022-08-24 19:08:06 +00:00
container_stop_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_stop.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
container_update_resources_linux_test.go cri: make swapping disabled with memory limit 2022-12-08 13:54:55 +01:00
container_update_resources_linux.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_update_resources_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
container_update_resources_windows.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_update_resources.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
events_test.go Fix tests 2022-04-22 15:41:05 +00:00
events.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
fuzz.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
helpers_linux_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
helpers_linux.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
helpers_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
helpers_selinux_linux_test.go move up to CRI v1 and support v1alpha in parallel 2021-06-28 09:34:12 -05:00
helpers_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
helpers_windows.go Remove redundant build tags 2021-08-05 22:27:46 -07:00
helpers.go CRI: Add host networking helper 2022-12-14 01:47:22 -08:00
image_list_test.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
image_list.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
image_pull_test.go Merge pull request #6899 from shuaichang/ISSUE6657-support-runtime-snapshotter 2022-06-03 10:04:53 +02:00
image_pull.go add metrics for image pulling: success/failure count; in progress count; thoughput 2022-12-07 15:11:00 +08:00
image_remove.go Add a thin wrapper around otel Span object 2022-11-11 01:28:27 +00:00
image_status_test.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
image_status.go Add a thin wrapper around otel Span object 2022-11-11 01:28:27 +00:00
imagefs_info_test.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
imagefs_info.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
instrumented_service.go Remove github.com/gogo/protobuf again 2022-12-15 22:54:15 +00:00
list_metric_descriptors.go Update to cri-api v0.26.0-beta.0 2022-11-18 21:13:34 +00:00
list_pod_sandbox_metrics.go Update to cri-api v0.26.0-beta.0 2022-11-18 21:13:34 +00:00
metrics.go add metrics for image pulling: success/failure count; in progress count; thoughput 2022-12-07 15:11:00 +08:00
nri-api_other.go pkg/cri/server: experimental NRI integration for CRI. 2022-11-28 21:51:08 +02:00
nri-api_windows.go pkg/cri/server: experimental NRI integration for CRI. 2022-11-28 21:51:08 +02:00
nri-api.go pkg/cri/server: experimental NRI integration for CRI. 2022-11-28 21:51:08 +02:00
rdt_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
rdt_stub_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
restart.go CRI: Add host networking helper 2022-12-14 01:47:22 -08:00
sandbox_list_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
sandbox_list.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_portforward_linux.go CRI: Add host networking helper 2022-12-14 01:47:22 -08:00
sandbox_portforward_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
sandbox_portforward_windows.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_portforward.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_remove.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
sandbox_run_linux_test.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
sandbox_run_linux.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
sandbox_run_other_test.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
sandbox_run_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
sandbox_run_test.go cri/server: Disable tests on FreeBSD 2022-06-09 18:54:10 -07:00
sandbox_run_windows_test.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
sandbox_run_windows.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
sandbox_run.go Let OCI runtime create netns when userns is used 2022-12-21 10:40:30 -03:00
sandbox_stats_linux.go Use github.com/containerd/cgroups/v3 to remove gogo 2022-11-14 21:07:48 +00:00
sandbox_stats_list.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
sandbox_stats_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
sandbox_stats_windows.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_stats.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
sandbox_status_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
sandbox_status.go CRI: Add host networking helper 2022-12-14 01:47:22 -08:00
sandbox_stop_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
sandbox_stop.go pkg/cri/server: experimental NRI integration for CRI. 2022-11-28 21:51:08 +02:00
service_linux.go CDI: configure registry on start 2022-10-12 13:45:20 +03:00
service_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
service_test.go Copy FuzzCRI from cncf/cncf-fuzzing 2022-06-27 22:54:25 +00:00
service_windows.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
service.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
snapshots.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
status.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
streaming_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
streaming.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
test_config.go Copy FuzzCRI from cncf/cncf-fuzzing 2022-06-27 22:54:25 +00:00
update_runtime_config_test.go test: use T.TempDir to create temporary test directory 2022-03-15 14:03:50 +08:00
update_runtime_config.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
version.go Copy cri-api v1alpha2 from v0.25.4 to containerd internal directory 2022-11-18 21:09:43 +00:00