Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set network namespace in the container #2473

Open
jprendes opened this issue Oct 26, 2023 · 3 comments
Open

Set network namespace in the container #2473

jprendes opened this issue Oct 26, 2023 · 3 comments

Comments

@jprendes
Copy link
Contributor

From all the namespaces specified in the container spec, youki only sets the user and pid namespaces.
Other namespace, like the nerwork namespace, are ignored.

See containerd/runwasi#364 and this slack thread for context.
@utam0k
Copy link
Member

utam0k commented Oct 29, 2023

Thanks for creating the issue. Why did they think that? I think youki apply the rest of the namespace here:

youki/crates/libcontainer/src/process/container_init_process.rs

Line 299 in a6735b1

apply_rest_namespaces(&namespaces, spec, syscall.as_ref())?;

@jprendes
Copy link
Contributor Author

You are 100% correct.
Youki is setting the network namespace, but for some reason it's not taking effect.
It might be related to what point in the container lifecycle the call is done, maybe the runwasi shim needs to create the container earlier.
I need to dig dipper into this.

@utam0k
Copy link
Member

utam0k commented Nov 13, 2023

Pods share a network namespace among the containers, right? If it is right, perhaps runwasi is responsible for creating a network namespace for a pod. But I'm not sure...

@Mossaka Mossaka mentioned this issue Feb 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jprendes @utam0k