Skip to content

Commit

Permalink
Remove container.conf file if system mode networking in use
Browse files Browse the repository at this point in the history 
The container.conf file has a setting called machine_enabled in the engine section,
which lets the podman client know that a command is running on an instance created
with the podman machine command. This allows the use of gvisor-tap-vsock when a
container is created with an exposed port. However, this setting should be disabled
for system mode networking, so that it doesn't prevent the creation of containers that
need to expose a port.

With this patch user can able to use microshift/podman preset with
system mode networking and start containers with exposed port but
not able to access that service from the host.

workaround for  #3515
  • Loading branch information
@praveenkumar
praveenkumar committed Mar 31, 2023
1 parent 469aa3e commit 08c1923
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions pkg/crc/machine/start.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,12 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
}
}

if !client.useVSock() {
if err := removeContainerConfFile(sshRunner); err != nil {
return nil, err
}
}

if _, _, err := sshRunner.RunPrivileged("make root Podman socket accessible", "chmod 777 /run/podman/ /run/podman/podman.sock"); err != nil {
return nil, errors.Wrap(err, "Failed to change permissions to root podman socket")
}
Expand Down Expand Up @@ -973,3 +979,17 @@ func startMicroshift(ctx context.Context, sshRunner *crcssh.Runner, ocConfig oc.

return nil
}

// The containers.conf file has a setting called machine_enabled in the engine section,
// which lets the podman client know that a command is running on an instance created
// with the podman machine command. This allows the use of gvisor-tap-vsock when a
// container is created with an exposed port. However, this setting should be disabled
// for system mode networking, so that it doesn't prevent the creation of containers that
// need to expose a port.
// - https://github.com/crc-org/crc/issues/3515
func removeContainerConfFile(sshRunner *crcssh.Runner) error {
if _, _, err := sshRunner.RunPrivileged("remove /etc/containers/containers.conf to disable machine_enabled", "rm -fr /etc/containers/containers.conf"); err != nil {
return errors.Wrap(err, "Failed to remove /etc/containers/containers.conf")
}
return nil
}

0 comments on commit 08c1923

Please sign in to comment.