github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-27 12:08:58 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8551 from amshinde/runtime-rs-setns-clh

Browse Source 
runtime-rs: Launch cloud-hypervisor in given netns
This commit is contained in:
James O. D. Hunt 2023-12-05 10:18:34 +00:00 committed by GitHub
commit 93c0fc2ad3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs
View File

@ -23,10 +23,12 @@ use kata_sys_util::protection::{available_guest_protection, GuestProtection};
use kata_types::capabilities::{Capabilities, CapabilityBits};
use kata_types::config::default::DEFAULT_CH_ROOTFS_TYPE;
use lazy_static::lazy_static;
use nix::sched::{setns, CloneFlags};
use serde::{Deserialize, Serialize};
use serde_json::Value;
use std::convert::TryFrom;
use std::fs::create_dir_all;
use std::os::unix::io::AsRawFd;
use std::os::unix::net::UnixStream;
use std::path::Path;
use std::process::Stdio;
@ -374,6 +376,26 @@ impl CloudHypervisorInner {
cmd.args(["--seccomp", "false"]);
}
let netns = self.netns.clone();
if self.netns.is_some() {
info!(
sl!(),
"set netns for vmm : {:?}",
self.netns.as_ref().unwrap()
);
}
unsafe {
let _pre = cmd.pre_exec(move || {
if let Some(netns_path) = &netns {
let netns_fd = std::fs::File::open(netns_path);
let _ = setns(netns_fd?.as_raw_fd(), CloneFlags::CLONE_NEWNET)
.context("set netns failed");
}
Ok(())
});
}
debug!(sl!(), "launching {} as: {:?}", CH_NAME, cmd);
let child = cmd.spawn().context(format!("{} spawn failed", CH_NAME))?;