MCPcopy
hub / github.com/opencontainers/runc / setupNetworkDevices

Method setupNetworkDevices

libcontainer/process_linux.go:1082–1103  ·  view source on GitHub ↗

setupNetworkDevices sets up and initializes any defined network interface inside the container.

()

Source from the content-addressed store, hash-verified

1080
1081// setupNetworkDevices sets up and initializes any defined network interface inside the container.
1082func (p *initProcess) setupNetworkDevices() error {
1083 // host network pods does not move network devices.
1084 if !p.config.Config.Namespaces.Contains(configs.NEWNET) {
1085 return nil
1086 }
1087 // the container init process has already joined the provided net namespace,
1088 // so we can use the process's net ns path directly.
1089 nsPath := fmt.Sprintf("/proc/%d/ns/net", p.pid())
1090
1091 // If moving any of the network devices fails, we return an error immediately.
1092 // The runtime spec requires that the kernel handles moving back any devices
1093 // that were successfully moved before the failure occurred.
1094 // See: https://github.com/opencontainers/runtime-spec/blob/27cb0027fd92ef81eda1ea3a8153b8337f56d94a/config-linux.md#namespace-lifecycle-and-container-termination
1095 for name, netDevice := range p.config.Config.NetDevices {
1096 err := devChangeNetNamespace(name, nsPath, *netDevice)
1097 if err != nil {
1098 return fmt.Errorf("move netDevice %s to namespace %s: %w", name, nsPath, err)
1099 }
1100 }
1101
1102 return nil
1103}
1104
1105func pidGetFd(pid, srcFd int) (*os.File, error) {
1106 pidFd, err := unix.PidfdOpen(pid, 0)

Callers 1

startMethod · 0.95

Calls 3

devChangeNetNamespaceFunction · 0.85
ContainsMethod · 0.80
pidMethod · 0.65

Tested by

no test coverage detected