Merge pull request #221 from giuseppe/permit-rootless-cni

rootless: permit custom configuration for cni
containers · Jul 21, 2020 · fce2cad · fce2cad
2 parents 6b9e533 + c770265
commit fce2cad
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -622,9 +622,17 @@ func (c *ContainersConfig) Validate() error {
 // execution checks. It returns an `error` on validation failure, otherwise
 // `nil`.
 func (c *NetworkConfig) Validate() error {
-	if c.NetworkConfigDir != _cniConfigDir {
-		err := isDirectory(c.NetworkConfigDir)
+	expectedConfigDir := _cniConfigDir
+	if unshare.IsRootless() {
+		home, err := unshare.HomeDir()
 		if err != nil {
+			return err
+		}
+		expectedConfigDir = filepath.Join(home, _cniConfigDirRootless)
+	}
+	if c.NetworkConfigDir != expectedConfigDir {
+		err := isDirectory(c.NetworkConfigDir)
+		if err != nil && !os.IsNotExist(err) {
 			return errors.Wrapf(err, "invalid network_config_dir: %s", c.NetworkConfigDir)
 		}
 	}

diff --git a/pkg/config/default.go b/pkg/config/default.go
@@ -92,8 +92,10 @@ const (
 	// InstallPrefix is the prefix where podman will be installed.
 	// It can be overridden at build time.
 	_installPrefix = "/usr"
-	// _cniConfigDir is the directory where cni plugins are found
+	// _cniConfigDir is the directory where cni configuration is found
 	_cniConfigDir = "/etc/cni/net.d/"
+	// _cniConfigDirRootless is the directory where cni plugins are found
+	_cniConfigDirRootless = ".config/cni/net.d/"
 	// CgroupfsCgroupsManager represents cgroupfs native cgroup manager
 	CgroupfsCgroupsManager = "cgroupfs"
 	// DefaultApparmorProfile  specifies the default apparmor profile for the container.
@@ -138,6 +140,8 @@ func DefaultConfig() (*Config, error) {
 
 	netns := "bridge"
 
+	cniConfig := _cniConfigDir
+
 	defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
 	if unshare.IsRootless() {
 		home, err := unshare.HomeDir()
@@ -152,6 +156,7 @@ func DefaultConfig() (*Config, error) {
 			}
 		}
 		netns = "slirp4netns"
+		cniConfig = filepath.Join(home, _cniConfigDirRootless)
 	}
 
 	cgroupNS := "host"
@@ -198,7 +203,7 @@ func DefaultConfig() (*Config, error) {
 		},
 		Network: NetworkConfig{
 			DefaultNetwork:   "podman",
-			NetworkConfigDir: _cniConfigDir,
+			NetworkConfigDir: cniConfig,
 			CNIPluginDirs:    cniBinDir,
 		},
 		Engine: *defaultEngineConfig,