rootless: fix a regression when using -d

when using -d and port mapping, make sure the correct fd is injected into conmon. Move the pipe creation earlier as the fd must be known at the time we create the container through conmon. Closes: containers#5167 Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe · Feb 18, 2020 · 170fd7b · 170fd7b
1 parent 0bd29f8
commit 170fd7b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
@@ -335,10 +335,13 @@ func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) (er
 		return errors.Wrapf(err, "delete file %s", logPath)
 	}
 
-	ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
-	if err != nil {
-		return errors.Wrapf(err, "failed to create rootless port sync pipe")
+	if !ctr.config.PostConfigureNetNS {
+		ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
+		if err != nil {
+			return errors.Wrapf(err, "failed to create rootless port sync pipe")
+		}
 	}
+
 	cfg := rootlessport.Config{
 		Mappings:  ctr.config.PortMappings,
 		NetNSPath: netnsPath,
@@ -355,6 +358,11 @@ func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) (er
 	cmd := exec.Command(fmt.Sprintf("/proc/%d/exe", os.Getpid()))
 	cmd.Args = []string{rootlessport.ReexecKey}
 	// Leak one end of the pipe in rootlessport process, the other will be sent to conmon
+
+	if ctr.rootlessPortSyncR != nil {
+		defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR)
+	}
+
 	cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessPortSyncR, syncW)
 	cmd.Stdin = cfgR
 	// stdout is for human-readable error, stderr is for debug log

diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
@@ -1161,6 +1161,13 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 
 	if ctr.config.NetMode.IsSlirp4netns() {
 		if ctr.config.PostConfigureNetNS {
+			havePortMapping := len(ctr.Config().PortMappings) > 0
+			if havePortMapping {
+				ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
+				if err != nil {
+					return errors.Wrapf(err, "failed to create rootless port sync pipe")
+				}
+			}
 			ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe()
 			if err != nil {
 				return errors.Wrapf(err, "failed to create rootless network sync pipe")
@@ -1176,9 +1183,6 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 		// Leak one end in conmon, the other one will be leaked into slirp4netns
 		cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW)
 
-		if ctr.rootlessPortSyncR != nil {
-			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR)
-		}
 		if ctr.rootlessPortSyncW != nil {
 			defer errorhandling.CloseQuiet(ctr.rootlessPortSyncW)
 			// Leak one end in conmon, the other one will be leaked into rootlessport