From 9b7e72a1bf15e93af09abd0b54cb09d287ccaf90 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Wed, 1 Sep 2021 15:54:03 -0400 Subject: [PATCH] Switch default Rootless Networking to "CNI" for OSX This should better support rootless CNI usescases. Fixes https://github.com/containers/podman/issues/11396 Signed-off-by: Matthew Heon --- pkg/config/config.go | 2 +- pkg/config/default.go | 6 +----- pkg/config/default_unsupported.go | 6 ++++++ 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index f840472cc..94f1b4695 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -167,7 +167,7 @@ type ContainersConfig struct { // RootlessNetworking depicts the "kind" of networking for rootless // containers. Valid options are `slirp4netns` and `cni`. Default is - // `slirp4netns` + // `slirp4netns` on Linux, and `cni` on non-Linux OSes. RootlessNetworking string `toml:"rootless_networking,omitempty"` // SeccompProfile is the seccomp.json profile path which is used as the diff --git a/pkg/config/default.go b/pkg/config/default.go index b8dc21475..89193be64 100644 --- a/pkg/config/default.go +++ b/pkg/config/default.go @@ -84,10 +84,6 @@ var ( "/usr/lib/cni", "/opt/cni/bin", } - - // DefaultRootlessNetwork is the kind of of rootless networking - // for containers - DefaultRootlessNetwork = "slirp4netns" ) const ( @@ -197,7 +193,7 @@ func DefaultConfig() (*Config, error) { NoHosts: false, PidsLimit: DefaultPidsLimit, PidNS: "private", - RootlessNetworking: DefaultRootlessNetwork, + RootlessNetworking: getDefaultRootlessNetwork(), ShmSize: DefaultShmSize, TZ: "", Umask: "0022", diff --git a/pkg/config/default_unsupported.go b/pkg/config/default_unsupported.go index 1ae1dd12c..e38fb810d 100644 --- a/pkg/config/default_unsupported.go +++ b/pkg/config/default_unsupported.go @@ -2,6 +2,12 @@ package config +// getDefaultRootlessNetwork returns the default rootless network configuration. +// It is "cni" for non-Linux OSes (to better support `podman-machine` usecases). +func getDefaultRootlessNetwork() string { + return "cni" +} + // isCgroup2UnifiedMode returns whether we are running in cgroup2 mode. func isCgroup2UnifiedMode() (isUnified bool, isUnifiedErr error) { return false, nil