setupNetworkDevices sets up and initializes any defined network interface inside the container.
()
| 1080 | |
| 1081 | // setupNetworkDevices sets up and initializes any defined network interface inside the container. |
| 1082 | func (p *initProcess) setupNetworkDevices() error { |
| 1083 | // host network pods does not move network devices. |
| 1084 | if !p.config.Config.Namespaces.Contains(configs.NEWNET) { |
| 1085 | return nil |
| 1086 | } |
| 1087 | // the container init process has already joined the provided net namespace, |
| 1088 | // so we can use the process's net ns path directly. |
| 1089 | nsPath := fmt.Sprintf("/proc/%d/ns/net", p.pid()) |
| 1090 | |
| 1091 | // If moving any of the network devices fails, we return an error immediately. |
| 1092 | // The runtime spec requires that the kernel handles moving back any devices |
| 1093 | // that were successfully moved before the failure occurred. |
| 1094 | // See: https://github.com/opencontainers/runtime-spec/blob/27cb0027fd92ef81eda1ea3a8153b8337f56d94a/config-linux.md#namespace-lifecycle-and-container-termination |
| 1095 | for name, netDevice := range p.config.Config.NetDevices { |
| 1096 | err := devChangeNetNamespace(name, nsPath, *netDevice) |
| 1097 | if err != nil { |
| 1098 | return fmt.Errorf("move netDevice %s to namespace %s: %w", name, nsPath, err) |
| 1099 | } |
| 1100 | } |
| 1101 | |
| 1102 | return nil |
| 1103 | } |
| 1104 | |
| 1105 | func pidGetFd(pid, srcFd int) (*os.File, error) { |
| 1106 | pidFd, err := unix.PidfdOpen(pid, 0) |
no test coverage detected