diff --git a/src/runtime/pkg/katautils/create.go b/src/runtime/pkg/katautils/create.go index 7ecc86301e..d429558f4c 100644 --- a/src/runtime/pkg/katautils/create.go +++ b/src/runtime/pkg/katautils/create.go @@ -155,6 +155,12 @@ func CreateSandbox(ctx context.Context, vci vc.VC, ociSpec specs.Spec, runtimeCo } }() + if ociSpec.Annotations == nil { + ociSpec.Annotations = make(map[string]string) + } + ociSpec.Annotations["nerdctl/network-namespace"] = sandboxConfig.NetworkConfig.NetworkID + sandboxConfig.Annotations["nerdctl/network-namespace"] = ociSpec.Annotations["nerdctl/network-namespace"] + // Run pre-start OCI hooks, in the runtime namespace. if err := PreStartHooks(ctx, ociSpec, containerID, bundlePath); err != nil { return nil, vc.Process{}, err diff --git a/src/runtime/pkg/katautils/create_test.go b/src/runtime/pkg/katautils/create_test.go index 804b4318e7..dab665dce1 100644 --- a/src/runtime/pkg/katautils/create_test.go +++ b/src/runtime/pkg/katautils/create_test.go @@ -264,6 +264,46 @@ func TestCreateSandboxFail(t *testing.T) { assert.True(vcmock.IsMockError(err)) } +func TestCreateSandboxAnnotations(t *testing.T) { + if tc.NotValid(ktu.NeedRoot()) { + t.Skip(ktu.TestDisabledNeedRoot) + } + + assert := assert.New(t) + + tmpdir, bundlePath, _ := ktu.SetupOCIConfigFile(t) + defer os.RemoveAll(tmpdir) + + runtimeConfig, err := newTestRuntimeConfig(tmpdir, testConsole, true) + assert.NoError(err) + + spec, err := compatoci.ParseConfigJSON(bundlePath) + assert.NoError(err) + + rootFs := vc.RootFs{Mounted: true} + + testingImpl.CreateSandboxFunc = func(ctx context.Context, sandboxConfig vc.SandboxConfig) (vc.VCSandbox, error) { + return &vcmock.Sandbox{ + MockID: testSandboxID, + MockContainers: []*vcmock.Container{ + {MockID: testContainerID}, + }, + MockAnnotations: sandboxConfig.Annotations, + }, nil + } + + defer func() { + testingImpl.CreateSandboxFunc = nil + }() + + sandbox, _, err := CreateSandbox(context.Background(), testingImpl, spec, runtimeConfig, rootFs, testContainerID, bundlePath, testConsole, true, true) + assert.NoError(err) + + netNsPath, err := sandbox.Annotations("nerdctl/network-namespace") + assert.NoError(err) + assert.Equal(path.Dir(netNsPath), "/var/run/netns") +} + func TestCheckForFips(t *testing.T) { assert := assert.New(t)