From 3886aad1994e69b69ad560eb232aca8843cec6a2 Mon Sep 17 00:00:00 2001 From: Danny Canter Date: Thu, 5 Jan 2023 04:24:44 -0800 Subject: [PATCH] nydus: net-ns handling needs to be only executed on Linux hosts Fixes: #5985 With nydus not being its own pkg, it is challenging to implement cleanly in a virtcontainers package that isn't necesarily Linux-only. The existing code utilizes network namespace code in order to ensure nydus is launched in the host netns. This is very Linux specific - so let's make sure we only carry this out in a linux specific file. In the Darwin case, to allow for compilation at least, let's add a stub for doNetNS. Ideally the nydus and vc code can be refactored / decoupled. Signed-off-by: Eric Ernst Signed-off-by: Danny Canter --- src/runtime/virtcontainers/nydusd.go | 10 ---------- src/runtime/virtcontainers/nydusd_linux.go | 21 +++++++++++++++++++++ src/runtime/virtcontainers/nydusd_other.go | 15 +++++++++++++++ 3 files changed, 36 insertions(+), 10 deletions(-) create mode 100644 src/runtime/virtcontainers/nydusd_linux.go create mode 100644 src/runtime/virtcontainers/nydusd_other.go diff --git a/src/runtime/virtcontainers/nydusd.go b/src/runtime/virtcontainers/nydusd.go index 56cd263cff..9a2e1a638b 100644 --- a/src/runtime/virtcontainers/nydusd.go +++ b/src/runtime/virtcontainers/nydusd.go @@ -23,7 +23,6 @@ import ( "syscall" "time" - "github.com/containernetworking/plugins/pkg/ns" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils/retry" @@ -54,8 +53,6 @@ const ( nydusPassthroughfs = "passthrough_fs" sharedPathInGuest = "/containers" - - shimNsPath = "/proc/self/ns/net" ) var ( @@ -85,13 +82,6 @@ type nydusd struct { debug bool } -func startInShimNS(cmd *exec.Cmd) error { - // Create nydusd in shim netns as it needs to access host network - return doNetNS(shimNsPath, func(_ ns.NetNS) error { - return cmd.Start() - }) -} - func (nd *nydusd) Start(ctx context.Context, onQuit onQuitFunc) (int, error) { span, _ := katatrace.Trace(ctx, nd.Logger(), "Start", nydusdTracingTags) defer span.End() diff --git a/src/runtime/virtcontainers/nydusd_linux.go b/src/runtime/virtcontainers/nydusd_linux.go new file mode 100644 index 0000000000..cfb20da725 --- /dev/null +++ b/src/runtime/virtcontainers/nydusd_linux.go @@ -0,0 +1,21 @@ +// Copyright (c) 2017 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +package virtcontainers + +import ( + "os/exec" + + "github.com/containernetworking/plugins/pkg/ns" +) + +const shimNsPath = "/proc/self/ns/net" + +func startInShimNS(cmd *exec.Cmd) error { + // Create nydusd in shim netns as it needs to access host network + return doNetNS(shimNsPath, func(_ ns.NetNS) error { + return cmd.Start() + }) +} diff --git a/src/runtime/virtcontainers/nydusd_other.go b/src/runtime/virtcontainers/nydusd_other.go new file mode 100644 index 0000000000..a50772ff7b --- /dev/null +++ b/src/runtime/virtcontainers/nydusd_other.go @@ -0,0 +1,15 @@ +// Copyright (c) 2023 Apple Inc. +// +// SPDX-License-Identifier: Apache-2.0 +// + +//go:build !linux + +package virtcontainers + +import "os/exec" + +// No-op on net namespace join on other platforms. +func startInShimNS(cmd *exec.Cmd) error { + return cmd.Start() +}