Merge pull request #419 from AkihiroSuda/fix-moby-47327

lxc-user-nic: fix /etc/resolv.conf missing IP; release v2.0.1
rootless-containers · Feb 6, 2024 · de6f288 · de6f288
2 parents c2f647c + e93cf76
commit de6f288
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 8 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -39,6 +39,22 @@ jobs:
       run: docker run --rm --net=host --privileged rootlesskit:test-integration ./integration-port.sh
     - name: "Integration test: IPv6 routing"
       run: docker run  --rm --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 rootlesskit:test-integration ./integration-ipv6.sh
+    - name: "Integration test: Network (network driver=slirp4netns)"
+      run: |
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh slirp4netns
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh slirp4netns --detach-netns
+    - name: "Integration test: Network (network driver=vpnkit)"
+      run: |
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh vpnkit
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh vpnkit --detach-netns
+    - name: "Integration test: Network (network driver=lxc-user-nic)"
+      run: |
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh lxc-user-nic
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh lxc-user-nic --detach-netns
+    - name: "Integration test: Network (network driver=pasta)"
+      run: |
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh pasta
+        docker run --rm --privileged rootlesskit:test-integration ./integration-net.sh pasta --detach-netns
 # ===== Benchmark: Network (MTU=1500) =====
     - name: "Benchmark: Network (MTU=1500, network driver=slirp4netns)"
       run: |

diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@ ARG SHADOW_VERSION=4.13
 ARG SLIRP4NETNS_VERSION=v1.2.0
 ARG VPNKIT_VERSION=0.5.0
 ARG PASST_VERSION=2023_12_30.f091893
-ARG DOCKER_VERSION=24.0.7
+ARG DOCKER_VERSION=25.0.2
 ARG DOCKER_CHANNEL=stable
 
 FROM golang:${GO_VERSION}-alpine AS build
@@ -62,7 +62,8 @@ FROM ubuntu:${UBUNTU_VERSION} AS test-integration
 # busybox: only for debugging purpose
 # sudo: only for lxc-user-nic benchmark and rootful veth benchmark (for comparison)
 # libcap2-bin and curl: used by the RUN instructions in this Dockerfile.
-RUN apt-get update && apt-get install -y iproute2 liblxc-common lxc-utils iperf3 busybox sudo libcap2-bin curl
+# bind9-dnsutils: for `nslookup` command used by integration-net.sh
+RUN apt-get update && apt-get install -y iproute2 liblxc-common lxc-utils iperf3 busybox sudo libcap2-bin curl bind9-dnsutils
 COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap
 COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap
 RUN /sbin/setcap cap_setuid+eip /usr/bin/newuidmap && \

diff --git a/hack/integration-net.sh b/hack/integration-net.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# Integration tests for network drivers.
+# See also: benchmark-iperf3-net.sh
+
+source $(realpath $(dirname $0))/common.inc.sh
+if [ $# -lt 1 ]; then
+	ERROR "Usage: $0 NETDRIVER [FLAGS...]"
+	exit 1
+fi
+net=$1
+shift 1
+flags=$@
+INFO "net=${net} flags=$@"
+
+# Test DNS
+set -x
+if [ "${net}" = "lxc-user-nic" ]; then
+	# ignore "lxc-net is already running" error
+	sudo /usr/lib/$(uname -m)-linux-gnu/lxc/lxc-net start || true
+fi
+$ROOTLESSKIT --net=${net} --copy-up=/etc --copy-up=/run --disable-host-loopback ${flags} -- nslookup example.com
diff --git a/pkg/child/child.go b/pkg/child/child.go
@@ -153,16 +153,16 @@ func setupCopyDir(driver copyup.ChildDriver, dirs []string) (bool, error) {
 	return false, nil
 }
 
+// setupNet sets up the network driver.
+//
+// NOTE: msg is altered during calling driver.ConfigureNetworkChild
 func setupNet(stateDir string, msg *messages.ParentInitNetworkDriverCompleted, etcWasCopied bool, driver network.ChildDriver, detachedNetNSPath string) error {
 	// HostNetwork
 	if driver == nil {
 		return nil
 	}
 
 	stateDirResolvConf := filepath.Join(stateDir, "resolv.conf")
-	if err := os.WriteFile(stateDirResolvConf, generateResolvConf(msg.DNS), 0644); err != nil {
-		return fmt.Errorf("writing %s: %w", stateDirResolvConf, err)
-	}
 	hostsContent, err := generateEtcHosts()
 	if err != nil {
 		return err
@@ -177,10 +177,13 @@ func setupNet(stateDir string, msg *messages.ParentInitNetworkDriverCompleted, e
 		if err := activateLoopback(); err != nil {
 			return err
 		}
-		dev, err := driver.ConfigureNetworkChild(msg, detachedNetNSPath)
+		dev, err := driver.ConfigureNetworkChild(msg, detachedNetNSPath) // alters msg
 		if err != nil {
 			return err
 		}
+		if err := os.WriteFile(stateDirResolvConf, generateResolvConf(msg.DNS), 0644); err != nil {
+			return fmt.Errorf("writing %s: %w", stateDirResolvConf, err)
+		}
 		if err := activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU); err != nil {
 			return err
 		}
@@ -213,10 +216,13 @@ func setupNet(stateDir string, msg *messages.ParentInitNetworkDriverCompleted, e
 		}); err != nil {
 			return err
 		}
-		dev, err := driver.ConfigureNetworkChild(msg, detachedNetNSPath)
+		dev, err := driver.ConfigureNetworkChild(msg, detachedNetNSPath) // alters msg
 		if err != nil {
 			return err
 		}
+		if err := os.WriteFile(stateDirResolvConf, generateResolvConf(msg.DNS), 0644); err != nil {
+			return fmt.Errorf("writing %s: %w", stateDirResolvConf, err)
+		}
 		if err := ns.WithNetNSPath(detachedNetNSPath, func(_ ns.NetNS) error {
 			return activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU)
 		}); err != nil {

diff --git a/pkg/version/version.go b/pkg/version/version.go
@@ -1,3 +1,3 @@
 package version
 
-const Version = "2.0.0+dev"
+const Version = "2.0.1+dev"