libpod: store network status when userns is used

When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes containers#14465 Signed-off-by: Paul Holzinger <[email protected]>
mheon · Jun 14, 2022 · 7ca1c26 · 7ca1c26
1 parent 3dc9a75
commit 7ca1c26
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -1000,6 +1000,9 @@ func (c *Container) completeNetworkSetup() error {
 	if err := c.runtime.setupNetNS(c); err != nil {
 		return err
 	}
+	if err := c.save(); err != nil {
+		return err
+	}
 	state := c.state
 	// collect any dns servers that cni tells us to use (dnsname)
 	for _, status := range c.getNetworkStatus() {

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -111,6 +111,10 @@ load helpers
                    $IMAGE nc -l -n -v -p $myport
         cid="$output"
 
+        # check that podman stores the network info correctly when a userns is used (#14465)
+        run_podman container inspect --format "{{.NetworkSettings.SandboxKey}}" $cid
+        assert "$output" =~ ".*/netns/netns-.*" "Netns path should be set"
+
         wait_for_output "listening on .*:$myport .*" $cid
 
         # emit random string, and check it