diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index 3f3856906f3..ac4f8d2bea4 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -1327,26 +1327,10 @@ func AutocompleteNetworkFlag(cmd *cobra.Command, _ []string, toComplete string) "none": nil, "host": nil, "private": nil, - "slirp4netns:": func(s string) ([]string, cobra.ShellCompDirective) { - skv := keyValueCompletion{ - "allow_host_loopback=": getBoolCompletion, - "cidr=": nil, - "enable_ipv6=": getBoolCompletion, - "mtu=": nil, - "outbound_addr=": nil, - "outbound_addr6=": nil, - "port_handler=": func(_ string) ([]string, cobra.ShellCompDirective) { - return []string{"rootlesskit", "slirp4netns"}, cobra.ShellCompDirectiveNoFileComp - }, - } - return completeKeyValues(s, skv) - }, } networks, _ := getNetworks(cmd, toComplete, completeDefault) suggestions, dir := completeKeyValues(toComplete, kv) - // add slirp4netns here it does not work correct if we add it to the kv map - suggestions = append(suggestions, "slirp4netns") return append(networks, suggestions...), dir } diff --git a/cmd/podman/root.go b/cmd/podman/root.go index ae9e0cf6313..95f483b5670 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -582,12 +582,6 @@ func rootFlags(cmd *cobra.Command, podmanConfig *entities.PodmanConfig) { pFlags.StringVar(&podmanConfig.ConmonPath, conmonFlagName, "", "Path of the conmon binary") _ = cmd.RegisterFlagCompletionFunc(conmonFlagName, completion.AutocompleteDefault) - // TODO (6.0): --network-cmd-path is deprecated, remove this option with the next major release - // We need to find all the places that use r.config.Engine.NetworkCmdPath and remove it - networkCmdPathFlagName := "network-cmd-path" - pFlags.StringVar(&podmanConfig.ContainersConf.Engine.NetworkCmdPath, networkCmdPathFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.NetworkCmdPath, "Path to the command for configuring the network") - _ = cmd.RegisterFlagCompletionFunc(networkCmdPathFlagName, completion.AutocompleteDefault) - networkConfigDirFlagName := "network-config-dir" pFlags.StringVar(&podmanConfig.ContainersConf.Network.NetworkConfigDir, networkConfigDirFlagName, podmanConfig.ContainersConfDefaultsRO.Network.NetworkConfigDir, "Path of the configuration directory for networks") _ = cmd.RegisterFlagCompletionFunc(networkConfigDirFlagName, completion.AutocompleteDefault) diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 07f622c0acd..d8b52b43a83 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -125,7 +125,6 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities maybeMoveToSubCgroup() - maybeStartServiceReaper() infra.StartWatcher(libpodRuntime) server, err := api.NewServerWithSettings(libpodRuntime, listener, opts) if err != nil { diff --git a/cmd/podman/system/service_abi_linux.go b/cmd/podman/system/service_abi_linux.go index 6282efc2070..c501c69b136 100644 --- a/cmd/podman/system/service_abi_linux.go +++ b/cmd/podman/system/service_abi_linux.go @@ -5,14 +5,8 @@ package system import ( "github.com/sirupsen/logrus" "go.podman.io/common/pkg/cgroups" - "go.podman.io/common/pkg/servicereaper" ) -// Currently, we only need servicereaper on Linux to support slirp4netns. -func maybeStartServiceReaper() { - servicereaper.Start() -} - func maybeMoveToSubCgroup() { if err := cgroups.MaybeMoveToSubCgroup(); err != nil { // it is a best effort operation, so just print the diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index 1d4cee7d012..2576e420579 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -47,7 +47,6 @@ case $1 in passt podman skopeo - slirp4netns ) case $OS_RELEASE_ID in fedora) diff --git a/docs/source/locale/ja/LC_MESSAGES/markdown.po b/docs/source/locale/ja/LC_MESSAGES/markdown.po index 4ae143667a7..4dba97e236a 100644 --- a/docs/source/locale/ja/LC_MESSAGES/markdown.po +++ b/docs/source/locale/ja/LC_MESSAGES/markdown.po @@ -3257,29 +3257,6 @@ msgid "" "supported for rootful users." msgstr "" -#: ../../source/markdown/podman-build.1.md:694 -#: ../../source/markdown/podman-create.1.md:1187 -#: ../../source/markdown/podman-kube-play.1.md:291 -#: ../../source/markdown/podman-pod-create.1.md:410 -#: ../../source/markdown/podman-run.1.md:1214 -msgid "" -"**slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user " -"network stack. This is the default for rootless containers. It is " -"possible to specify these additional options, they can also be set with " -"`network_cmd_options` in containers.conf:" -msgstr "" - -#: ../../source/markdown/podman-build.1.md:695 -#: ../../source/markdown/podman-create.1.md:1188 -#: ../../source/markdown/podman-kube-play.1.md:292 -#: ../../source/markdown/podman-pod-create.1.md:411 -#: ../../source/markdown/podman-run.1.md:1215 -msgid "" -"**allow_host_loopback=true|false**: Allow slirp4netns to reach the host " -"loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr " -"subnet when changed, see the cidr option below). The default is false." -msgstr "" - #: ../../source/markdown/podman-build.1.md:696 #: ../../source/markdown/podman-create.1.md:1189 #: ../../source/markdown/podman-kube-play.1.md:293 @@ -3310,42 +3287,6 @@ msgid "" "`outbound_addr6`)." msgstr "" -#: ../../source/markdown/podman-build.1.md:699 -#: ../../source/markdown/podman-create.1.md:1192 -#: ../../source/markdown/podman-kube-play.1.md:296 -#: ../../source/markdown/podman-pod-create.1.md:415 -#: ../../source/markdown/podman-run.1.md:1219 -msgid "" -"**outbound_addr=INTERFACE**: Specify the outbound interface slirp binds " -"to (ipv4 traffic only)." -msgstr "" - -#: ../../source/markdown/podman-build.1.md:700 -#: ../../source/markdown/podman-create.1.md:1193 -#: ../../source/markdown/podman-kube-play.1.md:297 -#: ../../source/markdown/podman-pod-create.1.md:416 -#: ../../source/markdown/podman-run.1.md:1220 -msgid "**outbound_addr=IPv4**: Specify the outbound ipv4 address slirp binds to." -msgstr "" - -#: ../../source/markdown/podman-build.1.md:701 -#: ../../source/markdown/podman-create.1.md:1194 -#: ../../source/markdown/podman-kube-play.1.md:298 -#: ../../source/markdown/podman-pod-create.1.md:417 -#: ../../source/markdown/podman-run.1.md:1221 -msgid "" -"**outbound_addr6=INTERFACE**: Specify the outbound interface slirp binds " -"to (ipv6 traffic only)." -msgstr "" - -#: ../../source/markdown/podman-build.1.md:702 -#: ../../source/markdown/podman-create.1.md:1195 -#: ../../source/markdown/podman-kube-play.1.md:299 -#: ../../source/markdown/podman-pod-create.1.md:418 -#: ../../source/markdown/podman-run.1.md:1222 -msgid "**outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp binds to." -msgstr "" - #: ../../source/markdown/podman-build.1.md:703 msgid "" "**pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode " @@ -3394,8 +3335,8 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:1252 msgid "" "**pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-" -"forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, equivalent " -"to default slirp4netns(1) options: disable IPv6, assign `10.0.2.0/24` " +"forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, " +"assign `10.0.2.0/24` " "to the `tap0` interface in the container, with gateway `10.0.2.3`, " "enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500 bytes, " "disable NDP, DHCPv6 and DHCP support." @@ -3408,8 +3349,8 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:1257 msgid "" "**pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-" -"forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, equivalent to " -"default slirp4netns(1) options with Podman overrides: same as above, " +"forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, " +"same as above, " "but leave the MTU to 65520 bytes" msgstr "" @@ -9586,8 +9527,7 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:1213 msgid "" "**private**: Create a new namespace for the container. This uses the " -"**bridge** mode for rootful containers and **slirp4netns** for rootless " -"ones." +"**bridge** mode for rootful containers." msgstr "" #: ../../source/markdown/podman-create.1.md:1196 @@ -9604,16 +9544,6 @@ msgid "" "defined networks." msgstr "" -#: ../../source/markdown/podman-create.1.md:1198 -#: ../../source/markdown/podman-kube-play.1.md:302 -#: ../../source/markdown/podman-pod-create.1.md:421 -#: ../../source/markdown/podman-run.1.md:1225 -msgid "" -"**port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is " -"slower than rootlesskit but preserves the correct source IP address. This" -" port handler cannot be used for user-defined networks." -msgstr "" - #: ../../source/markdown/podman-create.1.md:1200 #: ../../source/markdown/podman-kube-play.1.md:304 #: ../../source/markdown/podman-pod-create.1.md:423 @@ -12214,7 +12144,7 @@ msgstr "" #: ../../source/markdown/podman-create.1.md:2453 msgid "" -"Rootless Podman works better if the fuse-overlayfs and slirp4netns " +"Rootless Podman works better if the fuse-overlayfs and pasta " "packages are installed. The fuse-overlayfs package provides a userspace " "overlay storage driver, otherwise users need to use the vfs storage " "driver, which can be disk space expensive and less performant than other " @@ -12224,7 +12154,7 @@ msgstr "" #: ../../source/markdown/podman-create.1.md:2458 #: ../../source/markdown/podman-run.1.md:2836 msgid "" -"To enable VPN on the container, slirp4netns or pasta needs to be " +"To enable VPN on the container, pasta needs to be " "specified; without either, containers need to be run with the " "--network=host flag." msgstr "" @@ -12342,8 +12272,7 @@ msgid "" " " "**[systemd.unit(5)](https://www.freedesktop.org/software/systemd/man/systemd.unit.html)**," " **[setsebool(8)](https://man7.org/linux/man-" -"pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com" -"/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, " +"pages/man8/setsebool.8.html)**," "**[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, " "**[fuse-overlayfs(1)](https://github.com/containers/fuse-" "overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, " @@ -20795,24 +20724,14 @@ msgid "" " that this is only done when no containers are running." msgstr "" -#: ../../source/markdown/podman-network.1.md:45 -msgid "Slirp4netns" -msgstr "" - #: ../../source/markdown/podman-network.1.md:46 msgid "" "When Podman is run as rootless, the internet connectivity is provided " -"with slirp4netns by default. Slirp4nents uses 10.0.2.0/24 for its default" +"with Pasta by default. Slirp4nents uses 10.0.2.0/24 for its default" " network. This can also be changed in " "**[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**" " but under the `[engine]` section. Use the `network_cmd_options` key and " -"add `[\"cidr=X.X.X.X/24\"]` as a value. Note that slirp4netns needs a " -"network prefix size between 1 and 25. This option accepts an array, so " -"more options can be added in a comma-separated string as described on the" -" **[podman-network-create(1)](podman-network-create.1.md)** man page. To " -"change the CIDR for just one container, specify it on the cli using the " -"`--network` option like this: `--network " -"slirp4netns:cidr=192.168.1.0/24`." +"add `[\"cidr=X.X.X.X/24\"]` as a value." msgstr "" #: ../../source/markdown/podman-network.1.md:48 @@ -25500,7 +25419,7 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:2831 msgid "" -"Rootless Podman works better if the fuse-overlayfs and slirp4netns " +"Rootless Podman works better if the fuse-overlayfs and pasta " "packages are installed. The **fuse-overlayfs** package provides a " "userspace overlay storage driver, otherwise users need to use the **vfs**" " storage driver, which can be disk space expensive and less performant " @@ -26528,13 +26447,6 @@ msgstr "" msgid "Do not truncate output" msgstr "" -#: ../../source/markdown/podman-stats.1.md:146 -msgid "" -"Note: When using a slirp4netns network with the rootlesskit port handler," -" the traffic sent via the port forwarding is accounted to the `lo` " -"device. Traffic accounted to `lo` is not accounted in the stats output." -msgstr "" - #: ../../source/markdown/podman-stats.1.md:156 msgid "July 2017, Originally compiled by Ryan Cole " msgstr "" @@ -31337,16 +31249,6 @@ msgstr "" msgid "**--network-cmd-path**=*path*" msgstr "" -#: ../../source/markdown/podman.1.md:99 -msgid "" -"Path to the `slirp4netns(1)` command binary to use for setting up a " -"slirp4netns network. If \"\" is used, then the binary will first be " -"searched using the `helper_binaries_dir` option in `containers.conf`, and" -" second using the `$PATH` environment variable. **Note:** This option is " -"deprecated and will be removed with Podman 5.0. Use the " -"`helper_binaries_dir` option in `containers.conf` instead." -msgstr "" - #: ../../source/markdown/podman.1.md:103 msgid "**--network-config-dir**=*directory*" msgstr "" @@ -31961,7 +31863,7 @@ msgstr "" #: ../../source/markdown/podman.1.md:444 msgid "" -"Currently slirp4netns or pasta is required to be installed to create a " +"Currently pasta is required to be installed to create a " "network device, otherwise rootless containers need to run in the network " "namespace of the host." msgstr "" @@ -32033,8 +31935,6 @@ msgid "" "**[runc(8)](https://github.com/opencontainers/runc/blob/main/man/runc.8.md)**," " **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, " "**[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, " -"**[slirp4netns(1)](https://github.com/rootless-" -"containers/slirp4netns/blob/master/slirp4netns.1.md)**, " "**[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, " "**[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**" msgstr "" diff --git a/docs/source/markdown/options/network.image.md b/docs/source/markdown/options/network.image.md index f03a38d9cae..282353f04c9 100644 --- a/docs/source/markdown/options/network.image.md +++ b/docs/source/markdown/options/network.image.md @@ -15,15 +15,6 @@ considered insecure. - **ns:**_path_: path to a network namespace to join. - **private**: create a new namespace for the container (default) - **\**: Join the network with the given name or ID, e.g. use `--network mynet` to join the network with the name mynet. Only supported for rootful users. -- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). - - **outbound_addr=INTERFACE**: Specify the outbound interface slirp binds to (ipv4 traffic only). - - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp binds to. - - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp binds to (ipv6 traffic only). - - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp binds to. - **pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode networking stack. \ This is the default for rootless containers and only supported in rootless mode. \ @@ -49,13 +40,11 @@ considered insecure. - **pasta:--mtu,1500**: Specify a 1500 bytes MTU for the _tap_ interface in the container. - **pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options: disable IPv6, assign - `10.0.2.0/24` to the `tap0` interface in the container, with gateway + disable IPv6, assign `10.0.2.0/24` to the `tap0` interface in the container, with gateway `10.0.2.3`, enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500 bytes, disable NDP, DHCPv6 and DHCP support. - **pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options with Podman overrides: same as - above, but leave the MTU to 65520 bytes + same as above, but leave the MTU to 65520 bytes - **pasta:-t,auto,-u,auto,-T,auto,-U,auto**: enable automatic port forwarding based on observed bound ports from both host and container sides - **pasta:-T,5201**: enable forwarding of TCP port 5201 from container to diff --git a/docs/source/markdown/options/network.md b/docs/source/markdown/options/network.md index eb0d304f4a4..231ecd488d6 100644 --- a/docs/source/markdown/options/network.md +++ b/docs/source/markdown/options/network.md @@ -31,21 +31,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. -- **private**: Create a new namespace for the container. This uses the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - -- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - - **mtu=**_MTU_: Specify the MTU to use for this network. (Default is `65520`). - - **cidr=**_CIDR_: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). - - **outbound_addr=**_INTERFACE_: Specify the outbound interface slirp binds to (ipv4 traffic only). - - **outbound_addr=**_IPv4_: Specify the outbound ipv4 address slirp binds to. - - **outbound_addr6=**_INTERFACE_: Specify the outbound interface slirp binds to (ipv6 traffic only). - - **outbound_addr6=**_IPv6_: Specify the outbound ipv6 address slirp binds to. - - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. \ - Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If the application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks. - - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks. +- **private**: Create a new namespace for the container. This uses the **bridge** mode for rootful containers. - **pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode networking stack. \ @@ -80,13 +66,11 @@ Valid _mode_ values are: - **pasta:--mtu,1500**: Specify a 1500 bytes MTU for the _tap_ interface in the container. - **pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options: disable IPv6, assign - `10.0.2.0/24` to the `tap0` interface in the container, with gateway + disable IPv6, assign `10.0.2.0/24` to the `tap0` interface in the container, with gateway `10.0.2.3`, enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500 bytes, disable NDP, DHCPv6 and DHCP support. - **pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options with Podman overrides: same as - above, but leave the MTU to 65520 bytes + same as above, but leave the MTU to 65520 bytes - **pasta:-t,auto,-u,auto,-T,auto,-U,auto**: enable automatic port forwarding based on observed bound ports from both host and container sides - **pasta:-T,5201**: enable forwarding of TCP port 5201 from container to diff --git a/docs/source/markdown/options/publish.md b/docs/source/markdown/options/publish.md index 05ec22f1973..c861a5a9947 100644 --- a/docs/source/markdown/options/publish.md +++ b/docs/source/markdown/options/publish.md @@ -23,4 +23,4 @@ If it is not, the container port is randomly assigned a port on the host. Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. Port publishing is only supported for containers utilizing their own network namespace -through `bridge` networks, or the `pasta` and `slirp4netns` network modes. +through `bridge` networks, or the `pasta` network mode. diff --git a/docs/source/markdown/podman-container-inspect.1.md.in b/docs/source/markdown/podman-container-inspect.1.md.in index 354f07df38b..401532b465e 100644 --- a/docs/source/markdown/podman-container-inspect.1.md.in +++ b/docs/source/markdown/podman-container-inspect.1.md.in @@ -239,7 +239,7 @@ $ podman container inspect foobar "Tag": "", "Size": "0B" }, - "NetworkMode": "slirp4netns", + "NetworkMode": "pasta", "PortBindings": {}, "RestartPolicy": { "Name": "", diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 8cc18f0f75c..558be159e9d 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -488,12 +488,12 @@ be installed. The shadow-utils package must include the newuidmap and newgidmap In order for users to run rootless, there must be an entry for their username in /etc/subuid and /etc/subgid which lists the UIDs for their user namespace. -Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed. +Rootless Podman works better if the fuse-overlayfs package is installed. The fuse-overlayfs package provides a userspace overlay storage driver, otherwise users need to use the vfs storage driver, which can be disk space expensive and less performant than other drivers. -To enable VPN on the container, slirp4netns or pasta needs to be specified; +To enable VPN on the container, pasta needs to be specified; without either, containers need to be run with the --network=host flag. ## ENVIRONMENT @@ -543,7 +543,7 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** +**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** ### Troubleshooting diff --git a/docs/source/markdown/podman-generate-spec.1.md b/docs/source/markdown/podman-generate-spec.1.md index 27c4d2187a5..7d602fb9172 100644 --- a/docs/source/markdown/podman-generate-spec.1.md +++ b/docs/source/markdown/podman-generate-spec.1.md @@ -86,7 +86,7 @@ $ podman generate spec container1 "nsmode": "default" }, "netns": { - "nsmode": "slirp4netns" + "nsmode": "pasta" }, "Networks": null, "use_image_hosts": false, @@ -161,7 +161,7 @@ $ cat output.json "nsmode": "default" }, "netns": { - "nsmode": "slirp4netns" + "nsmode": "pasta" }, "Networks": null, "use_image_hosts": false, diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 62114f84c76..e82daa64b17 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -119,15 +119,6 @@ host: seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false - slirp4netns: - executable: /bin/slirp4netns - package: slirp4netns-1.1.12-2.fc34.x86_64 - version: |- - slirp4netns version 1.1.12 - commit: 7a104a101aa3278a2152351a082a6df71f57c9a3 - libslirp: 4.4.0 - SLIRP_CONFIG_VERSION_MAX: 3 - libseccomp: 2.5.0 swapFree: 15687475200 swapTotal: 16886259712 uptime: 47h 15m 9.91s (Approximately 1.96 days) @@ -262,11 +253,6 @@ $ podman info --format json "seccompProfilePath": "/usr/share/containers/seccomp.json", "selinuxEnabled": true }, - "slirp4netns": { - "executable": "/bin/slirp4netns", - "package": "slirp4netns-1.1.12-2.fc34.x86_64", - "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" - }, "pasta": { "executable": "/usr/bin/passt", "package": "passt-0^20221116.gace074c-1.fc34.x86_64", diff --git a/docs/source/markdown/podman-network.1.md b/docs/source/markdown/podman-network.1.md index 5506ad88004..7faafeb21ee 100644 --- a/docs/source/markdown/podman-network.1.md +++ b/docs/source/markdown/podman-network.1.md @@ -44,10 +44,7 @@ The default bridge network (called `podman`) uses 10.88.0.0/16 as a subnet. When ### Pasta Pasta by default performs no Network Address Translation (NAT) and copies the IPs from your main interface into the container namespace. If pasta cannot find an interface with the default route, it will select an interface if there is only one interface with a valid route. If you do not have a default route and several interfaces have defined routes, pasta will be unable to figure out the correct interface and it will fail to start. To specify the interface, use `-i` option to pasta. A default set of pasta options can be set in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with the `pasta_options` key. -The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which can be set to `pasta` (default) or `slirp4netns`. - -### Slirp4netns -Slirp4netns uses 10.0.2.0/24 for its default network. This can also be changed in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** but under the `[engine]` section. Use the `network_cmd_options` key and add `["cidr=X.X.X.X/24"]` as a value. Note that slirp4netns needs a network prefix size between 1 and 25. This option accepts an array, so more options can be added in a comma-separated string as described on the **[podman-network-create(1)](podman-network-create.1.md)** man page. To change the CIDR for just one container, specify it on the cli using the `--network` option like this: `--network slirp4netns:cidr=192.168.1.0/24`. +The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which should be set to `pasta` (default). ### Podman network create When a new network is created with a `podman network create` command, and no subnet is given with the --subnet option, Podman starts picking a free subnet from 10.89.0.0/24 to 10.255.255.0/24. Use the `default_subnet_pools` option under the `[network]` section in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** to change the range and/or size that is assigned by default. diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 54e0a7d9aa1..08121491337 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -212,11 +212,6 @@ Create a pod with published ports on the host. $ podman pod create --publish 8443:443 ``` -Create a pod with the specified network configuration. -``` -$ podman pod create --network slirp4netns:outbound_addr=127.0.0.1,allow_host_loopback=true -``` - Create a pod with the specified network. ``` $ podman pod create --network pasta diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 3afd707c8a5..947a59ba013 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -937,12 +937,12 @@ be installed. The **shadow-utils** package must include the **newuidmap**(1) and In order for users to run rootless, there must be an entry for their username in _/etc/subuid_ and _/etc/subgid_ which lists the UIDs for their user namespace. -Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed. +Rootless Podman works better if the fuse-overlayfs package is installed. The **fuse-overlayfs** package provides a userspace overlay storage driver, otherwise users need to use the **vfs** storage driver, which can be disk space expensive and less performant than other drivers. -To enable VPN on the container, slirp4netns or pasta needs to be specified; +To enable VPN on the container, pasta needs to be specified; without either, containers need to be run with the --network=host flag. ## ENVIRONMENT @@ -990,7 +990,7 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** +**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** ### Troubleshooting diff --git a/docs/source/markdown/podman-stats.1.md.in b/docs/source/markdown/podman-stats.1.md.in index 13dc48f3f44..a0e9ba5028b 100644 --- a/docs/source/markdown/podman-stats.1.md.in +++ b/docs/source/markdown/podman-stats.1.md.in @@ -118,11 +118,6 @@ ID NAME MEM USAGE / LIMIT 6eae9e25a564 clever_bassi 3.031MB / 16.7GB ``` -Note: When using a slirp4netns network with the rootlesskit port -handler, the traffic sent via the port forwarding is accounted to -the `lo` device. Traffic accounted to `lo` is not accounted in the -stats output. - ## SEE ALSO **[podman(1)](podman.1.md)** diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 77fdab2978b..cf8c6715947 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -104,11 +104,6 @@ Load the specified `containers.conf(5)` module. Can be an absolute or relative This flag is not supported on the remote client, including Mac and Windows (excluding WSL2) machines. Further note that the flag is a root-level flag and must be specified before any Podman sub-command. -#### **--network-cmd-path**=*path* -Path to the `slirp4netns(1)` command binary to use for setting up a slirp4netns network. -If "" is used, then the binary will first be searched using the `helper_binaries_dir` option in `containers.conf`, and second using the `$PATH` environment variable. -**Note:** This option is deprecated and will be removed with Podman 6.0. Use the `helper_binaries_dir` option in `containers.conf` instead. - #### **--network-config-dir**=*directory* Path to the directory where network configuration files are located. @@ -477,7 +472,7 @@ Note: whitespace in any row of `/etc/subuid` or `/etc/subgid`, including trailin Images are pulled under `XDG_DATA_HOME` when specified, otherwise in the home directory of the user under `.local/share/containers/storage`. -Currently slirp4netns or pasta is required to be installed to create a network +Currently, pasta is required to be installed to create a network device, otherwise rootless containers need to run in the network namespace of the host. @@ -490,7 +485,7 @@ The Overlay file system (OverlayFS) is not supported with kernels prior to 5.12. The Network File System (NFS) and other distributed file systems (for example: Lustre, Spectrum Scale, the General Parallel File System (GPFS)) are not supported when running in rootless mode as these file systems do not understand user namespace. However, rootless Podman can make use of an NFS Homedir by modifying the `$HOME/.config/containers/storage.conf` to have the `graphroot` option point to a directory stored on local (Non NFS) storage. ## SEE ALSO -**[containers-mounts.conf(5)](https://github.com/containers/common/blob/main/docs/containers-mounts.conf.5.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)**, **[containers-storage.conf(5)](https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md)**, **[buildah(1)](https://github.com/containers/buildah/blob/main/docs/buildah.1.md)**, **[oci-hooks(5)](https://github.com/containers/common/blob/main/pkg/hooks/docs/oci-hooks.5.md)**, **[containers-policy.json(5)](https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md)**, **[crun(1)](https://github.com/containers/crun/blob/main/crun.1.md)**, **[runc(8)](https://github.com/opencontainers/runc/blob/main/man/runc.8.md)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **[podman-quadlet(1)](podman-quadlet.1.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)** +**[containers-mounts.conf(5)](https://github.com/containers/common/blob/main/docs/containers-mounts.conf.5.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)**, **[containers-storage.conf(5)](https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md)**, **[buildah(1)](https://github.com/containers/buildah/blob/main/docs/buildah.1.md)**, **[oci-hooks(5)](https://github.com/containers/common/blob/main/pkg/hooks/docs/oci-hooks.5.md)**, **[containers-policy.json(5)](https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md)**, **[crun(1)](https://github.com/containers/crun/blob/main/crun.1.md)**, **[runc(8)](https://github.com/opencontainers/runc/blob/main/man/runc.8.md)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **[podman-quadlet(1)](podman-quadlet.1.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)** ### Troubleshooting diff --git a/docs/tutorials/performance.md b/docs/tutorials/performance.md index 92e07d12acc..06451ba0160 100644 --- a/docs/tutorials/performance.md +++ b/docs/tutorials/performance.md @@ -171,8 +171,7 @@ You can avoid using _pasta_ in the following ways: * Use `--network=host`. No network namespace is created. The container will use the host’s network. Note: By using `--network=host`, the container is given full access to local system services such as D-bus and is therefore considered insecure. -Side note: Pasta is faster than the network driver [slirp4netns](https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md#slirp4netns). -Pasta is the default network driver since Podman 5.0.0. +Side note: Pasta is the default network driver since Podman 5.0.0. Slirp4netns support has been removed since 6.0.0. Since Podman 5.1.0 the default network driver can be shown with diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md index 955348b62a8..ad99648f2a7 100644 --- a/docs/tutorials/rootless_tutorial.md +++ b/docs/tutorials/rootless_tutorial.md @@ -18,20 +18,18 @@ For building Podman, see the [build instructions](https://podman.io/getting-star A user-mode networking tool for unprivileged network namespaces must be installed on the machine in order for Podman to run in a rootless environment. -Podman supports two rootless networking tools: [pasta](https://passt.top/passt/about/#pasta) (provided by [passt](https://passt.top/passt/about/)) and [slirp4netns](https://github.com/rootless-containers/slirp4netns). +Podman supports two rootless networking tools: [pasta](https://passt.top/passt/about/#pasta) (provided by [passt](https://passt.top/passt/about/)). pasta is the default since Podman 5.0, while slirp4netns was the default for previous versions. Passt is a more modern replacement for SLIRP that amongst other things fully supports IPv6 and is more secure architecturally (runs in a separate process, uses modern Linux mechanisms for isolation etc). Passt is [available on most Linux distributions](https://passt.top/passt/about/#availability) via their package distribution software such as `yum`, `dnf`, `apt`, `zypper`, etc. under the name `passt`. If the package is not available, you can build and install `passt` from [its upstream](https://passt.top/passt/about/#try-it). -Alternatively, slirp4netns can be installed in the same fashion either from your distribution's repositories or by following [the instructions](https://github.com/rootless-containers/slirp4netns?tab=readme-ov-file#install) provided on its GitHub. - The major user-facing difference between the two is outlined in [this blog post](https://blog.podman.io/2024/03/podman-5-0-breaking-changes-in-detail/) and expanded upon in **[podman-network(1)](https://github.com/containers/podman/blob/main/docs/source/markdown/podman-network.1.md#pasta)**. > [!note] > pasta's default situation of not being being able to communicate between the container and the host has been fixed in Podman 5.3: see [Podman 5.3 changes for improved networking experience with pasta](https://blog.podman.io/2024/10/podman-5-3-changes-for-improved-networking-experience-with-pasta/). -The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which can be set to `pasta` (default) or `slirp4netns`. +The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which can be set to `pasta` (default). ### `/etc/subuid` and `/etc/subgid` configuration diff --git a/libpod/container.go b/libpod/container.go index 9e322160aa9..72e60ed969f 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -107,9 +107,6 @@ type Container struct { runtime *Runtime ociRuntime OCIRuntime - rootlessSlirpSyncR *os.File - rootlessSlirpSyncW *os.File - rootlessPortSyncR *os.File rootlessPortSyncW *os.File @@ -126,8 +123,7 @@ type Container struct { // This is true if a container is restored from a checkpoint. restoreFromCheckpoint bool - slirp4netnsSubnet *net.IPNet - pastaResult *pasta.SetupResult + pastaResult *pasta.SetupResult } // ContainerState contains the current state of the container diff --git a/libpod/container_api.go b/libpod/container_api.go index 12d0e858bdf..b9d45567d01 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -928,7 +928,7 @@ func (c *Container) Sync() error { // reloaded, and existing rules have been wiped out. It is expected that some // downtime will result, as the rules are destroyed as part of this process. // At present, this only works on root containers; it may be expanded to restart -// slirp4netns in the future to work with rootless containers as well. +// pasta(?) in the future to work with rootless containers as well. // Requires that the container must be running or created. func (c *Container) ReloadNetwork() error { if !c.batched { diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index acaa76ef3ae..e6a79c3472d 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -2262,7 +2262,7 @@ func (c *Container) addResolvConf() error { // add the nameservers from the networks status nameservers = networkNameServers } else { - // pasta and slirp4netns have a built in DNS forwarder. + // pasta has a built in DNS forwarder. nameservers = c.addSpecialDNS(nameservers) } } @@ -2318,11 +2318,7 @@ func (c *Container) checkForIPv6(netStatus map[string]types.StatusBlock) bool { } } - if c.pastaResult != nil { - return c.pastaResult.IPv6 - } - - return c.isSlirp4netnsIPv6() + return c.pastaResult.IPv6 } // Add a new nameserver to the container's resolv.conf, ensuring that it is the @@ -2373,7 +2369,7 @@ func getLocalhostHostEntry(c *Container) etchosts.HostEntries { } // getHostsEntries returns the container ip host entries for the correct netmode -func (c *Container) getHostsEntries() (etchosts.HostEntries, error) { +func (c *Container) getHostsEntries() etchosts.HostEntries { var entries etchosts.HostEntries names := []string{c.Hostname(), c.config.Name} switch { @@ -2384,18 +2380,12 @@ func (c *Container) getHostsEntries() (etchosts.HostEntries, error) { if len(c.pastaResult.IPAddresses) > 0 { entries = etchosts.HostEntries{{IP: c.pastaResult.IPAddresses[0].String(), Names: names}} } - case c.config.NetMode.IsSlirp4netns(): - ip, err := getSlirp4netnsIP(c.slirp4netnsSubnet) - if err != nil { - return nil, err - } - entries = etchosts.HostEntries{{IP: ip.String(), Names: names}} default: if c.hasNetNone() { entries = etchosts.HostEntries{{IP: "127.0.0.1", Names: names}} } } - return entries, nil + return entries } func (c *Container) createHostsFile() error { @@ -2414,10 +2404,7 @@ func (c *Container) addHosts() error { // no host file nothing to do return nil } - containerIPsEntries, err := c.getHostsEntries() - if err != nil { - return fmt.Errorf("failed to get container ip host entries: %w", err) - } + containerIPsEntries := c.getHostsEntries() // Consider container level BaseHostsFile configuration first. // If it is empty, fallback to containers.conf level configuration. diff --git a/libpod/container_internal_freebsd.go b/libpod/container_internal_freebsd.go index 2438f8b4c2e..df3a1b7bbfd 100644 --- a/libpod/container_internal_freebsd.go +++ b/libpod/container_internal_freebsd.go @@ -296,10 +296,6 @@ func (c *Container) addSpecialDNS(nameservers []string) []string { return nameservers } -func (c *Container) isSlirp4netnsIPv6() bool { - return false -} - // check for net=none func (c *Container) hasNetNone() bool { return c.state.NetNS == "" diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index f4bd4734831..bea1e5efc0f 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -22,7 +22,6 @@ import ( "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/sirupsen/logrus" - "go.podman.io/common/libnetwork/slirp4netns" "go.podman.io/common/libnetwork/types" "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" @@ -557,7 +556,7 @@ func (c *Container) setCgroupsPath(g *generate.Generator) error { return nil } -// addSpecialDNS adds special dns servers for slirp4netns and pasta +// addSpecialDNS adds special dns servers for pasta func (c *Container) addSpecialDNS(nameservers []string) []string { switch { case c.config.NetMode.IsBridge(): @@ -567,42 +566,10 @@ func (c *Container) addSpecialDNS(nameservers []string) []string { } case c.pastaResult != nil: nameservers = append(nameservers, c.pastaResult.DNSForwardIPs...) - case c.config.NetMode.IsSlirp4netns(): - // slirp4netns has a built in DNS forwarder. - slirp4netnsDNS, err := slirp4netns.GetDNS(c.slirp4netnsSubnet) - if err != nil { - logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error()) - } else { - nameservers = append(nameservers, slirp4netnsDNS.String()) - } } return nameservers } -func (c *Container) isSlirp4netnsIPv6() bool { - if c.config.NetMode.IsSlirp4netns() { - extraOptions := c.config.NetworkOptions[slirp4netns.BinaryName] - options := make([]string, 0, len(c.runtime.config.Engine.NetworkCmdOptions.Get())+len(extraOptions)) - options = append(options, c.runtime.config.Engine.NetworkCmdOptions.Get()...) - options = append(options, extraOptions...) - - // loop backwards as the last argument wins and we can exit early - // This should be kept in sync with c/common/libnetwork/slirp4netns. - for i := len(options) - 1; i >= 0; i-- { - switch options[i] { - case "enable_ipv6=true": - return true - case "enable_ipv6=false": - return false - } - } - // default is true - return true - } - - return false -} - // check for net=none func (c *Container) hasNetNone() bool { if !c.config.CreateNetNS { diff --git a/libpod/define/info.go b/libpod/define/info.go index 2162a33f05a..26b9009d3e1 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -52,13 +52,12 @@ type HostInfo struct { OS string `json:"os"` // RemoteSocket returns the UNIX domain socket the Podman service is listening on RemoteSocket *RemoteSocket `json:"remoteSocket,omitempty"` - // RootlessNetworkCmd returns the default rootless network command (slirp4netns or pasta) + // RootlessNetworkCmd returns the default rootless network command (pasta) RootlessNetworkCmd string `json:"rootlessNetworkCmd"` RuntimeInfo map[string]any `json:"runtimeInfo,omitempty"` // ServiceIsRemote is true when the podman/libpod service is remote to the client ServiceIsRemote bool `json:"serviceIsRemote"` Security SecurityInfo `json:"security"` - Slirp4NetNS SlirpInfo `json:"slirp4netns"` Pasta PastaInfo `json:"pasta"` SwapFree int64 `json:"swapFree"` @@ -76,13 +75,6 @@ type RemoteSocket struct { Exists bool `json:"exists"` } -// SlirpInfo describes the slirp executable that is being used -type SlirpInfo struct { - Executable string `json:"executable"` - Package string `json:"package"` - Version string `json:"version"` -} - // PastaInfo describes the pasta executable that is being used type PastaInfo struct { Executable string `json:"executable"` diff --git a/libpod/info_linux.go b/libpod/info_linux.go index 67f1000d36e..c949467cec5 100644 --- a/libpod/info_linux.go +++ b/libpod/info_linux.go @@ -16,7 +16,6 @@ import ( "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" "go.podman.io/common/libnetwork/pasta" - "go.podman.io/common/libnetwork/slirp4netns" "go.podman.io/common/pkg/apparmor" "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/seccomp" @@ -49,27 +48,9 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error { SECCOMPProfilePath: seccompProfilePath, SELinuxEnabled: selinux.GetEnabled(), } - info.Slirp4NetNS = define.SlirpInfo{} info.CgroupsVersion = "v2" - slirp4netnsPath := r.config.Engine.NetworkCmdPath - if slirp4netnsPath == "" { - slirp4netnsPath, _ = r.config.FindHelperBinary(slirp4netns.BinaryName, true) - } - if slirp4netnsPath != "" { - ver, err := version.Program(slirp4netnsPath) - if err != nil { - logrus.Warnf("Failed to retrieve program version for %s: %v", slirp4netnsPath, err) - } - program := define.SlirpInfo{ - Executable: slirp4netnsPath, - Package: version.Package(slirp4netnsPath), - Version: ver, - } - info.Slirp4NetNS = program - } - pastaPath, _ := r.config.FindHelperBinary(pasta.BinaryName, true) if pastaPath != "" { ver, err := version.Program(pastaPath) diff --git a/libpod/networking_common.go b/libpod/networking_common.go index 0ae5069b4f9..0b5cfd6892e 100644 --- a/libpod/networking_common.go +++ b/libpod/networking_common.go @@ -111,8 +111,7 @@ func (r *Runtime) teardownNetwork(ctr *Container) error { return err } - if !ctr.config.NetMode.IsSlirp4netns() && - !ctr.config.NetMode.IsPasta() && len(networks) > 0 { + if !ctr.config.NetMode.IsPasta() && len(networks) > 0 { netOpts := ctr.getNetworkOptions(networks) return r.teardownNetworkBackend(ctr.state.NetNS, netOpts) } @@ -134,7 +133,7 @@ func isBridgeNetMode(n namespaces.NetworkMode) error { // firewall configuration. // Efforts will be made to preserve MAC and IP addresses. // Only works on containers with bridge networking at present, though in the future we could -// extend this to stop + restart slirp4netns +// extend this to stop + restart pasta (?) func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) { if ctr.state.NetNS == "" { return nil, fmt.Errorf("container %s network is not configured, refusing to reload: %w", ctr.ID(), define.ErrCtrStateInvalid) diff --git a/libpod/networking_freebsd.go b/libpod/networking_freebsd.go index 3000ff25ce8..ff4ce8f811c 100644 --- a/libpod/networking_freebsd.go +++ b/libpod/networking_freebsd.go @@ -7,7 +7,6 @@ import ( jdec "encoding/json" "errors" "fmt" - "net" "os/exec" "github.com/containers/buildah/pkg/jail" @@ -44,10 +43,6 @@ type NetstatAddress struct { Collisions uint64 `json:"collisions"` } -func getSlirp4netnsIP(_ *net.IPNet) (*net.IP, error) { - return nil, errors.New("not implemented GetSlirp4netnsIP") -} - // This is called after the container's jail is created but before its // started. We can use this to initialise the container's vnet when we don't // have a separate vnet jail (which is the case in FreeBSD 13.3 and later). diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index e188180697d..79565a6e237 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -29,9 +29,6 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS string) (status map[strin } } }() - if ctr.config.NetMode.IsSlirp4netns() { - return nil, r.setupSlirp4netns(ctr, ctrNS) - } if ctr.config.NetMode.IsPasta() { return nil, r.setupPasta(ctr, ctrNS) } diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go index 0b2243f6a5e..94702c7efac 100644 --- a/libpod/networking_slirp4netns.go +++ b/libpod/networking_slirp4netns.go @@ -5,7 +5,6 @@ package libpod import ( "fmt" "io" - "net" "os" "path/filepath" @@ -15,44 +14,6 @@ import ( "go.podman.io/common/libnetwork/types" ) -// setupSlirp4netns can be called in rootful as well as in rootless -func (r *Runtime) setupSlirp4netns(ctr *Container, netns string) error { - ports := ctr.convertPortMappings() - - if !ctr.config.PostConfigureNetNS { - var err error - ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe() - if err != nil { - return fmt.Errorf("failed to create rootless network sync pipe: %w", err) - } - if len(ports) > 0 { - ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe() - if err != nil { - return fmt.Errorf("failed to create rootless port sync pipe: %w", err) - } - } - } - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR) - if ctr.rootlessPortSyncR != nil { - defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR) - } - - res, err := slirp4netns.Setup(&slirp4netns.SetupOptions{ - Config: r.config, - ContainerID: ctr.ID(), - Netns: netns, - Ports: ports, - ExtraOptions: ctr.config.NetworkOptions[slirp4netns.BinaryName], - Slirp4netnsExitPipeR: ctr.rootlessSlirpSyncR, - RootlessPortExitPipeR: ctr.rootlessPortSyncR, - }) - if err != nil { - return err - } - ctr.slirp4netnsSubnet = res.Subnet - return nil -} - func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath string, netStatus map[string]types.StatusBlock) error { var err error if !ctr.config.PostConfigureNetNS { @@ -100,7 +61,3 @@ func (c *Container) reloadRootlessRLKPortMapping() error { } return nil } - -func getSlirp4netnsIP(subnet *net.IPNet) (*net.IP, error) { - return slirp4netns.GetIP(subnet) -} diff --git a/libpod/oci_conmon_common.go b/libpod/oci_conmon_common.go index 0138f037fa3..65199cb1818 100644 --- a/libpod/oci_conmon_common.go +++ b/libpod/oci_conmon_common.go @@ -1170,33 +1170,6 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co ctr.reservedPorts = nil } - if ctr.config.NetMode.IsSlirp4netns() || rootless.IsRootless() { - if ctr.config.PostConfigureNetNS { - havePortMapping := len(ctr.config.PortMappings) > 0 - if havePortMapping { - ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe() - if err != nil { - return 0, fmt.Errorf("failed to create rootless port sync pipe: %w", err) - } - } - ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe() - if err != nil { - return 0, fmt.Errorf("failed to create rootless network sync pipe: %w", err) - } - } - - if ctr.rootlessSlirpSyncW != nil { - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW) - // Leak one end in conmon, the other one will be leaked into slirp4netns - cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW) - } - - if ctr.rootlessPortSyncW != nil { - defer errorhandling.CloseQuiet(ctr.rootlessPortSyncW) - // Leak one end in conmon, the other one will be leaked into rootlessport - cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessPortSyncW) - } - } var runtimeRestoreStarted time.Time if restoreOptions != nil { runtimeRestoreStarted = time.Now() diff --git a/libpod/options.go b/libpod/options.go index 41d6bc4a78c..5e10a63f04a 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -180,20 +180,6 @@ func WithConmonPath(path string) RuntimeOption { } } -// WithNetworkCmdPath specifies the path to the slirp4netns binary which manages the -// runtime. -func WithNetworkCmdPath(path string) RuntimeOption { - return func(rt *Runtime) error { - if rt.valid { - return define.ErrRuntimeFinalized - } - - rt.config.Engine.NetworkCmdPath = path - - return nil - } -} - // WithNetworkBackend specifies the name of the network backend. func WithNetworkBackend(name string) RuntimeOption { return func(rt *Runtime) error { diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index ec07c41c205..ef1b05f2fa5 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -13,7 +13,6 @@ import ( "github.com/containers/podman/v6/libpod/events" "github.com/containers/podman/v6/pkg/domain/entities" "go.podman.io/common/libnetwork/pasta" - "go.podman.io/common/libnetwork/slirp4netns" "go.podman.io/common/libnetwork/types" netutil "go.podman.io/common/libnetwork/util" ) @@ -180,7 +179,7 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o } func (ic *ContainerEngine) NetworkCreate(_ context.Context, network types.Network, createOptions *types.NetworkCreateOptions) (*types.Network, error) { - if slices.Contains([]string{"none", "host", "bridge", "private", slirp4netns.BinaryName, pasta.BinaryName, "container", "ns", "default"}, network.Name) { + if slices.Contains([]string{"none", "host", "bridge", "private", pasta.BinaryName, "container", "ns", "default"}, network.Name) { return nil, fmt.Errorf("cannot create network with name %q because it conflicts with a valid network mode", network.Name) } network, err := ic.Libpod.Network().NetworkCreate(network, createOptions) diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go index 3c2d02bbb04..64f8992487a 100644 --- a/pkg/domain/infra/runtime_libpod.go +++ b/pkg/domain/infra/runtime_libpod.go @@ -164,9 +164,6 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo if fs.Changed("tmpdir") { options = append(options, libpod.WithTmpDir(cfg.ContainersConf.Engine.TmpDir)) } - if fs.Changed("network-cmd-path") { - options = append(options, libpod.WithNetworkCmdPath(cfg.ContainersConf.Engine.NetworkCmdPath)) - } if fs.Changed("network-backend") { options = append(options, libpod.WithNetworkBackend(cfg.ContainersConf.Network.NetworkBackend)) } diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index ca2c8ed3b8f..8407218e68d 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -16,7 +16,6 @@ const ( podType = "pod" privateType = "private" shareableType = "shareable" - slirpType = "slirp4netns" pastaType = "pasta" ) @@ -202,11 +201,6 @@ func (n NetworkMode) IsBridge() bool { return n == bridgeType } -// IsSlirp4netns indicates if we are running a rootless network stack -func (n NetworkMode) IsSlirp4netns() bool { - return n == slirpType || strings.HasPrefix(string(n), slirpType+":") -} - // IsPasta indicates if we are running a rootless network stack using pasta func (n NetworkMode) IsPasta() bool { return n == pastaType || strings.HasPrefix(string(n), pastaType+":") @@ -230,5 +224,5 @@ func (n NetworkMode) IsPod() bool { // IsUserDefined indicates user-created network func (n NetworkMode) IsUserDefined() bool { - return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer() && !n.IsSlirp4netns() && !n.IsPasta() && !n.IsNS() + return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer() && !n.IsPasta() && !n.IsNS() } diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index a5b5b8dec1d..a2c66164f5b 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -443,21 +443,6 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, containerID specg.Expose = toExpose specg.PortMappings = conf.PortMappings specg.NetNS = specgen.Namespace{NSMode: specgen.Bridge} - case conf.NetMode.IsSlirp4netns(): - toExpose := make(map[uint16]string, len(conf.ExposedPorts)) - for _, expose := range []map[uint16][]string{conf.ExposedPorts} { - for port, proto := range expose { - toExpose[port] = strings.Join(proto, ",") - } - } - specg.Expose = toExpose - specg.PortMappings = conf.PortMappings - netMode := strings.Split(string(conf.NetMode), ":") - var val string - if len(netMode) > 1 { - val = netMode[1] - } - specg.NetNS = specgen.Namespace{NSMode: specgen.Slirp, Value: val} case conf.NetMode.IsPrivate(): specg.NetNS = specgen.Namespace{NSMode: specgen.Private} case conf.NetMode.IsDefault(): @@ -631,7 +616,7 @@ func CheckName(rt *libpod.Runtime, n string, kind bool) string { // Note: Update `podman run --publish | -p` docs when modifying this function. func isPortMappingCompatibleNetNSMode(nsMode specgen.NamespaceMode) bool { switch nsMode { - case specgen.Bridge, specgen.Slirp, specgen.Pasta: + case specgen.Bridge, specgen.Pasta: return true default: return false diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index d69b0f3f444..676ce079b02 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -23,7 +23,6 @@ import ( "github.com/sirupsen/logrus" "go.podman.io/common/libimage" "go.podman.io/common/libnetwork/pasta" - "go.podman.io/common/libnetwork/slirp4netns" "tags.cncf.io/container-device-interface/pkg/parser" ) @@ -203,9 +202,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener return nil, nil, nil, err } switch conf.Network.DefaultRootlessNetworkCmd { - case slirp4netns.BinaryName, "": - s.NetNS.NSMode = specgen.Slirp - case pasta.BinaryName: + case pasta.BinaryName, "": s.NetNS.NSMode = specgen.Pasta default: return nil, nil, nil, fmt.Errorf("invalid default_rootless_network_cmd option %q", diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index a7295334cd8..2334ec20bee 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -322,12 +322,6 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod. } else { toReturn = append(toReturn, libpod.WithNetNSFrom(netCtr)) } - case specgen.Slirp: - val := "slirp4netns" - if s.NetNS.Value != "" { - val = fmt.Sprintf("slirp4netns:%s", s.NetNS.Value) - } - toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, val, nil)) case specgen.Pasta: val := "pasta" toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, val, nil)) diff --git a/pkg/specgen/generate/oci_linux.go b/pkg/specgen/generate/oci_linux.go index 8d5a08fa2ae..278e5b30f81 100644 --- a/pkg/specgen/generate/oci_linux.go +++ b/pkg/specgen/generate/oci_linux.go @@ -50,7 +50,7 @@ func canMountSys(isRootless, isNewUserns bool, s *specgen.SpecGenerator) bool { } if isNewUserns { switch s.NetNS.NSMode { - case specgen.Slirp, specgen.Pasta, specgen.Private, specgen.NoNetwork, specgen.Bridge: + case specgen.Pasta, specgen.Private, specgen.NoNetwork, specgen.Bridge: return true default: return false diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go index 9b68daf60c3..6a3d592e047 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go @@ -203,12 +203,6 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) { return nil, fmt.Errorf("cannot set host network if network-related configuration is specified: %w", define.ErrInvalidArg) } spec.NetNS.NSMode = specgen.Host - case specgen.Slirp: - logrus.Debugf("Pod will use slirp4netns") - if spec.NetNS.NSMode != specgen.Host { - spec.NetworkOptions = p.NetworkOptions - spec.NetNS.NSMode = specgen.Slirp - } case specgen.Pasta: logrus.Debugf("Pod will use pasta") if spec.NetNS.NSMode != specgen.Host { diff --git a/pkg/specgen/generate/pod_create_test.go b/pkg/specgen/generate/pod_create_test.go index 191b225e275..b49be42a009 100644 --- a/pkg/specgen/generate/pod_create_test.go +++ b/pkg/specgen/generate/pod_create_test.go @@ -132,23 +132,6 @@ func TestMapSpecNetworkOptions(t *testing.T) { podSpec: createPodSpecWithNetworks(specgen.Host), mustError: true, }, - { - name: "Slirp", - podSpec: createPodSpec(specgen.Slirp), - expectedNSMode: specgen.Slirp, - }, - { - name: "Slirp but if infra spec NS mode is Host", - podSpec: specgen.PodSpecGenerator{ - InfraContainerSpec: &specgen.SpecGenerator{ - ContainerNetworkConfig: specgen.ContainerNetworkConfig{NetNS: specgen.Namespace{NSMode: host}}, - }, - PodNetworkConfig: specgen.PodNetworkConfig{ - NetNS: specgen.Namespace{NSMode: specgen.Slirp}, - }, - }, - expectedNSMode: specgen.Host, - }, { name: "Path", podSpec: createPodSpecWithNetNsPath("/var/run/netns/bla"), diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 0ccd75038cc..bb562016d38 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -49,10 +49,6 @@ const ( // should be used. // Only used with the network namespace, invalid otherwise. Bridge NamespaceMode = "bridge" - // Slirp indicates that a slirp4netns network stack should - // be used. - // Only used with the network namespace, invalid otherwise. - Slirp NamespaceMode = "slirp4netns" // Pasta indicates that a pasta network stack should be used. // Only used with the network namespace, invalid otherwise. Pasta NamespaceMode = "pasta" @@ -158,8 +154,6 @@ func validateNetNS(n *Namespace) error { return nil } switch n.NSMode { - case Slirp: - break case Pasta: // Check if we run rootless/in a userns. Do not use rootless.IsRootless() here. // Pasta switches to nobody when running as root which causes it to fail while @@ -181,7 +175,7 @@ func validateNetNS(n *Namespace) error { if len(n.Value) < 1 { return fmt.Errorf("namespace mode %s requires a value", n.NSMode) } - } else if n.NSMode != Slirp { + } else { // All others except must NOT set a string value if len(n.Value) > 0 { return fmt.Errorf("namespace value %s cannot be provided with namespace mode %s", n.Value, n.NSMode) @@ -211,7 +205,7 @@ func (n *Namespace) validate() error { switch n.NSMode { case "", Default, Host, Path, FromContainer, FromPod, Private: // Valid, do nothing - case NoNetwork, Bridge, Slirp, Pasta: + case NoNetwork, Bridge, Pasta: return errors.New("cannot use network modes with non-network namespace") default: return fmt.Errorf("invalid namespace type %s specified", n.NSMode) @@ -337,13 +331,6 @@ func ParseNetworkFlag(networks []string) (Namespace, map[string]types.PerNetwork podmanNetworks := make(map[string]types.PerNetworkOptions) switch { - case ns == string(Slirp), strings.HasPrefix(ns, string(Slirp)+":"): - key, options, hasOptions := strings.Cut(ns, ":") - if hasOptions { - networkOptions = make(map[string][]string) - networkOptions[key] = strings.Split(options, ",") - } - toReturn.NSMode = Slirp case ns == string(FromPod): toReturn.NSMode = FromPod case ns == "" || ns == string(Default) || ns == string(Private): @@ -416,7 +403,7 @@ func ParseNetworkFlag(networks []string) (Namespace, map[string]types.PerNetwork return toReturn, nil, nil, fmt.Errorf("network name cannot be empty: %w", define.ErrInvalidArg) } if slices.Contains([]string{ - string(Bridge), string(Slirp), string(Pasta), string(FromPod), string(NoNetwork), + string(Bridge), string(Pasta), string(FromPod), string(NoNetwork), string(Default), string(Private), string(Path), string(FromContainer), string(Host), }, name) { return toReturn, nil, nil, fmt.Errorf("can only set extra network names, selected mode %s conflicts with bridge: %w", name, define.ErrInvalidArg) diff --git a/pkg/specgen/namespaces_test.go b/pkg/specgen/namespaces_test.go index 22b84ee6461..636e2c922be 100644 --- a/pkg/specgen/namespaces_test.go +++ b/pkg/specgen/namespaces_test.go @@ -57,12 +57,6 @@ func TestParseNetworkFlag(t *testing.T) { defaultNetName: {}, }, }, - { - name: "slirp4netns mode", - args: []string{"slirp4netns"}, - nsmode: Namespace{NSMode: Slirp}, - networks: map[string]types.PerNetworkOptions{}, - }, { name: "from pod mode", args: []string{"pod"}, @@ -87,15 +81,6 @@ func TestParseNetworkFlag(t *testing.T) { nsmode: Namespace{NSMode: Path, Value: "/path"}, networks: map[string]types.PerNetworkOptions{}, }, - { - name: "slirp4netns mode with options", - args: []string{"slirp4netns:cidr=10.0.0.0/24"}, - nsmode: Namespace{NSMode: Slirp}, - networks: map[string]types.PerNetworkOptions{}, - options: map[string][]string{ - "slirp4netns": {"cidr=10.0.0.0/24"}, - }, - }, { name: "bridge mode with options 1", args: []string{"bridge:ip=10.0.0.1,mac=11:22:33:44:55:66"}, diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go index 636de85c6b6..b0a1c5f09e0 100644 --- a/pkg/specgen/pod_validate.go +++ b/pkg/specgen/pod_validate.go @@ -64,9 +64,9 @@ func (p *PodSpecGenerator) Validate() error { return exclusivePodOptions("NoInfra", "NoManageResolvConf") } } - if p.NetNS.NSMode != "" && p.NetNS.NSMode != Bridge && p.NetNS.NSMode != Slirp && p.NetNS.NSMode != Pasta && p.NetNS.NSMode != Default { + if p.NetNS.NSMode != "" && p.NetNS.NSMode != Bridge && p.NetNS.NSMode != Pasta && p.NetNS.NSMode != Default { if len(p.PortMappings) > 0 { - return errors.New("PortMappings can only be used with Bridge, slirp4netns, or pasta networking") + return errors.New("PortMappings can only be used with Bridge, or pasta networking") } } diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go index ca2bc4aed93..57b21860d22 100644 --- a/pkg/specgen/podspecgen.go +++ b/pkg/specgen/podspecgen.go @@ -106,13 +106,13 @@ type PodNetworkConfig struct { // containers in the pod. // Cannot be set to FromContainer and FromPod. // Setting this to anything except default conflicts with NoInfra=true. - // Defaults to Bridge as root and Slirp as rootless. + // Defaults to Bridge as root and Pasta as rootless. // Mandatory. NetNS Namespace `json:"netns"` // PortMappings is a set of ports to map into the infra container. // As, by default, containers share their network with the infra // container, this will forward the ports to the entire pod. - // Only available if NetNS is set to Bridge, Slirp, or Pasta. + // Only available if NetNS is set to Bridge, or Pasta. // Optional. PortMappings []types.PortMapping `json:"portmappings,omitempty"` // Map of networks names to ids the container should join to. diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 767710e898d..ce2bef447e7 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -477,14 +477,14 @@ type ContainerNetworkConfig struct { // Mandatory. NetNS Namespace `json:"netns"` // PortBindings is a set of ports to map into the container. - // Only available if NetNS is set to bridge, slirp, or pasta. + // Only available if NetNS is set to bridge, or pasta. // Optional. PortMappings []nettypes.PortMapping `json:"portmappings,omitempty"` // PublishExposedPorts will publish ports specified in the image to // random unused ports (guaranteed to be above 1024) on the host. // This is based on ports set in Expose below, and any ports specified // by the Image (if one is given). - // Only available if NetNS is set to Bridge or Slirp. + // Only available if NetNS is set to Bridge. // Optional. PublishExposedPorts *bool `json:"publish_image_ports,omitempty"` // Expose is a number of ports that will be forwarded to the container @@ -493,7 +493,7 @@ type ContainerNetworkConfig struct { // protocol i.e map[uint16]string. Allowed protocols are "tcp", "udp", and "sctp", or some // combination of the three separated by commas. // If protocol is set to "" we will assume TCP. - // Only available if NetNS is set to Bridge or Slirp, and + // Only available if NetNS is set to Bridge, and // PublishExposedPorts is set. // Optional. Expose map[uint16]string `json:"expose,omitempty"` diff --git a/rpm/podman.spec b/rpm/podman.spec index 755a0e2823d..52bbd7f1365 100644 --- a/rpm/podman.spec +++ b/rpm/podman.spec @@ -161,7 +161,6 @@ Requires: nmap-ncat Requires: httpd-tools Requires: openssl Requires: socat -Requires: slirp4netns Requires: buildah Requires: gnupg Requires: xfsprogs diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 4352212f962..9a2aef26ee2 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -379,12 +379,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { Expect(session.OutputToString()).To(Equal("0002")) }) - It("network slirp options to allow host loopback", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "ping", "-c1", "10.0.2.2"}) - session.Wait(30) - Expect(session).Should(ExitCleanly()) - }) - It("podman-remote test localcontainers.conf", func() { SkipIfNotRemote("this test is only for remote") @@ -749,7 +743,7 @@ var _ = Describe("Verify podman containers.conf usage", func() { It("podman default_rootless_network_cmd", func() { SkipIfNotRootless("default_rootless_network_cmd is only used rootless") - for _, mode := range []string{"pasta", "slirp4netns", "invalid"} { + for _, mode := range []string{"pasta", "invalid"} { conffile := filepath.Join(podmanTest.TempDir, "container.conf") content := "[network]\ndefault_rootless_network_cmd=\"" + mode + "\"\n" err := os.WriteFile(conffile, []byte(content), 0o755) diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index 9113fc4522f..99afefe323c 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -31,23 +31,6 @@ var _ = Describe("Podman network connect and disconnect", func() { Expect(dis).Should(ExitWithError(125, `no container with name or ID "foobar" found: no such container`)) }) - It("network disconnect with net mode slirp4netns should result in error", func() { - netName := "slirp" + stringid.GenerateRandomID() - session := podmanTest.Podman([]string{"network", "create", netName}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - session = podmanTest.Podman([]string{"create", "--name", "test", "--network", "slirp4netns", ALPINE}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - con := podmanTest.Podman([]string{"network", "disconnect", netName, "test"}) - con.WaitWithDefaultTimeout() - Expect(con).Should(ExitWithError(125, `"slirp4netns" is not supported: invalid network mode`)) - }) - It("podman network disconnect", func() { netName := "aliasTest" + stringid.GenerateRandomID() session := podmanTest.Podman([]string{"network", "create", netName}) @@ -120,23 +103,6 @@ var _ = Describe("Podman network connect and disconnect", func() { Expect(dis).Should(ExitWithError(125, `no container with name or ID "foobar" found: no such container`)) }) - It("network connect with net mode slirp4netns should result in error", func() { - netName := "slirp" + stringid.GenerateRandomID() - session := podmanTest.Podman([]string{"network", "create", netName}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - session = podmanTest.Podman([]string{"create", "--name", "test", "--network", "slirp4netns", ALPINE}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - con := podmanTest.Podman([]string{"network", "connect", netName, "test"}) - con.WaitWithDefaultTimeout() - Expect(con).Should(ExitWithError(125, `"slirp4netns" is not supported: invalid network mode`)) - }) - It("podman connect on a container that already is connected to the network should error after init", func() { netName := "aliasTest" + stringid.GenerateRandomID() session := podmanTest.Podman([]string{"network", "create", netName}) diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index e48d3c0c036..9aa268302f7 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -561,7 +561,7 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with invalid name", func() { - for _, name := range []string{"none", "host", "bridge", "private", "slirp4netns", "pasta", "container", "ns", "default"} { + for _, name := range []string{"none", "host", "bridge", "private", "pasta", "container", "ns", "default"} { nc := podmanTest.Podman([]string{"network", "create", name}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError(125, fmt.Sprintf("cannot create network with name %q because it conflicts with a valid network mode", name))) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 9eab96fafb6..c993676083c 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -557,18 +557,6 @@ entrypoint ["/fromimage"] Expect(check2.OutputToString()).To(Equal("/fromcommand:[/fromcommand]")) }) - It("podman create pod with slirp network option", func() { - name := "test" - session := podmanTest.Podman([]string{"pod", "create", "--name", name, "--network", "slirp4netns:port_handler=slirp4netns", "-p", "8082:8000"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - check := podmanTest.Podman([]string{"pod", "inspect", "--format", "{{.InfraConfig.NetworkOptions.slirp4netns}}", name}) - check.WaitWithDefaultTimeout() - Expect(check).Should(ExitCleanly()) - Expect(check.OutputToString()).To(Equal("[port_handler=slirp4netns]")) - }) - It("podman pod status test", func() { podName := "testpod" create := podmanTest.Podman([]string{"pod", "create", "--name", podName}) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index ba8b1b91ef4..746a6b8eb2e 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -5,12 +5,9 @@ package integration import ( "encoding/json" "fmt" - "io" "net" "os" - "strconv" "strings" - "sync" "syscall" "github.com/containernetworking/plugins/pkg/ns" @@ -561,112 +558,6 @@ EXPOSE 2004-2005/tcp`, ALPINE) Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0")) }) - It("podman run slirp4netns verify net.ipv6.conf.default.accept_dad=0", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "ip", "addr"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - // check the ipv6 setup id done without delay (https://github.com/containers/podman/issues/11062) - Expect(session.OutputToString()).To(ContainSubstring("inet6 fd00::")) - - const ipv6ConfDefaultAcceptDadSysctl = "/proc/sys/net/ipv6/conf/all/accept_dad" - - cat := SystemExec("cat", []string{ipv6ConfDefaultAcceptDadSysctl}) - cat.WaitWithDefaultTimeout() - Expect(cat).Should(ExitCleanly()) - sysctlValue := cat.OutputToString() - - session = podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "cat", ipv6ConfDefaultAcceptDadSysctl}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(Equal(sysctlValue)) - }) - - It("podman run network expose host port 8080 to container port 8000 using invalid port handler", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=invalid", "-dt", "-p", "8080:8000", ALPINE, "/bin/sh"}) - session.WaitWithDefaultTimeout() - Expect(session).To(ExitWithError(126, `unknown port_handler for slirp4netns: "invalid"`)) - }) - - It("podman run slirp4netns network with host loopback", func() { - session := podmanTest.Podman([]string{"run", "--cap-add", "net_raw", "--network", "slirp4netns:allow_host_loopback=true", ALPINE, "ping", "-c1", "10.0.2.2"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - }) - - It("podman run slirp4netns network with mtu", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:mtu=9000", ALPINE, "ip", "addr"}) - session.Wait(30) - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("mtu 9000")) - }) - - It("podman run slirp4netns network with different cidr", func() { - slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"}) - Expect(slirp4netnsHelp).Should(ExitCleanly()) - - networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true" - session := podmanTest.Podman([]string{"run", "--cap-add", "net_raw", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"}) - session.Wait(30) - - if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") { - Expect(session).Should(ExitCleanly()) - } else { - Expect(session).To(ExitWithError(125, "cidr not supported")) - } - }) - - for _, local := range []bool{true, false} { - testName := "HostIP" - if local { - testName = "127.0.0.1" - } - It(fmt.Sprintf("podman run network slirp4netns bind to %s", testName), func() { - ip := "127.0.0.1" - if !local { - // Determine our likeliest outgoing IP address - conn, err := net.Dial("udp", "8.8.8.8:80") - Expect(err).ToNot(HaveOccurred()) - - defer conn.Close() - ip = conn.LocalAddr().(*net.UDPAddr).IP.String() - } - port := strconv.Itoa(GetPort()) - - networkConfiguration := fmt.Sprintf("slirp4netns:outbound_addr=%s,allow_host_loopback=true", ip) - - listener, err := net.Listen("tcp", ":"+port) - Expect(err).ToNot(HaveOccurred()) - defer listener.Close() - - msg := RandomString(10) - wg := &sync.WaitGroup{} - wg.Add(1) - // now use a new goroutine to start accepting connection in the background and make the checks there - go func() { - defer GinkgoRecover() - defer wg.Done() - conn, err := listener.Accept() - Expect(err).ToNot(HaveOccurred(), "accept new connection") - defer conn.Close() - addr := conn.RemoteAddr() - // addr will be in the form ip:port, we don't care about the port as it is random - Expect(addr.String()).To(HavePrefix(ip+":"), "remote address") - gotBytes, err := io.ReadAll(conn) - Expect(err).ToNot(HaveOccurred(), "read from connection") - Expect(string(gotBytes)).To(Equal(msg), "received correct message from container") - }() - - session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "sh", "-c", "echo -n " + msg + " | nc -w 30 10.0.2.2 " + port}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - // explicitly close the socket here before we wait to unlock Accept() calls in case of hangs - listener.Close() - // wait for the checks in the goroutine to be done - wg.Wait() - }) - } - It("podman run network expose ports in image metadata", func() { session := podmanTest.Podman([]string{"create", "--name", "test", "-t", "-P", NGINX_IMAGE}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index c569ecd3138..bac561daef3 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -149,29 +149,6 @@ var _ = Describe("Podman stats", func() { Expect(session).Should(ExitCleanly()) }) - It("podman stats on container with forced slirp4netns", func() { - // This will force the slirp4netns net mode to be tested as root - session := podmanTest.Podman([]string{"run", "-d", "--net", "slirp4netns", ALPINE, "top"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"stats", "--no-stream", "-a"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - }) - - It("podman reads slirp4netns network stats", func() { - session := podmanTest.Podman([]string{"run", "-d", "--network", "slirp4netns", ALPINE, "top"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - cid := session.OutputToString() - - stats := podmanTest.Podman([]string{"stats", "--format", "'{{.NetIO}}'", "--no-stream", cid}) - stats.WaitWithDefaultTimeout() - Expect(stats).Should(ExitCleanly()) - Expect(stats.OutputToString()).To(Not(ContainSubstring("-- / --"))) - }) - // Regression test for #8265 It("podman stats with custom memory limits", func() { // Run three containers. One with a memory limit. Make sure diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 10127dd3ed2..1b7c55c22de 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -52,7 +52,6 @@ store.configFile | $expr_path store.graphDriverName | [a-z0-9]\\\+\\\$ store.graphRoot | $expr_path store.imageStore.number | 1 -host.slirp4netns.executable | $expr_path " defer-assertion-failures diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index c96122bf4fe..3369adbcce0 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -122,13 +122,8 @@ load helpers.network # force bridge networking also for rootless # this ensures that rootless + bridge + userns + ports works network_arg="--network bridge" - elif has_slirp4netns; then - # Issue #9828 make sure a custom slirp4netns cidr also works - network_arg="--network slirp4netns:cidr=$cidr" - # slirp4netns interface ip is always .100 - match="${cidr%.*}.100" else - echo "# [skipping subtest of $cidr - slirp4netns unavailable]" >&3 + echo "# [skipping subtest of $cidr]" >&3 continue fi @@ -208,57 +203,6 @@ load helpers.network is "$output" "$pid" "Only ID in output (no extra errors)" } -# FIXME: random_rfc1918_subnet is not parallel-safe -@test "podman run with slirp4ns assigns correct addresses to /etc/hosts" { - has_slirp4netns || skip "slirp4netns unavailable" - - CIDR="$(random_rfc1918_subnet)" - IP=$(hostname -I | cut -f 1 -d " ") - local conname=con-$(safename) - run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ - --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be host address" - is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" - - if is_rootless; then - # check the slirp ip also works correct with userns - run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \ - --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be host address" - is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" - fi -} - -# FIXME: random_rfc1918_subnet is not parallel-safe -@test "podman run with slirp4ns adds correct dns address to resolv.conf" { - has_slirp4netns || skip "slirp4netns unavailable" - - CIDR="$(random_rfc1918_subnet)" - run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ - $IMAGE cat /etc/resolv.conf - assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver" - no_userns_out="$output" - - if is_rootless; then - # check the slirp ip also works correct with userns - run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \ - $IMAGE cat /etc/resolv.conf - assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver with userns" - assert "$output" == "$no_userns_out" "resolv.conf should look the same for userns" - fi - -} - -# FIXME: random_rfc1918_subnet is not parallel-safe -@test "podman run with slirp4ns assigns correct ip address container" { - has_slirp4netns || skip "slirp4netns unavailable" - - CIDR="$(random_rfc1918_subnet)" - run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ - $IMAGE sh -c "ip address | grep ${CIDR}" - is "$output" ".*inet ${CIDR}.100/24 \+" "container should have slirp4netns cidr+100 assigned to interface" -} - # "network create" now works rootless, with the help of a special container # FIXME: random_rfc1918_subnet is not parallel-safe @test "podman network create" { @@ -466,16 +410,6 @@ load helpers.network skip "This test needs an ipv6 nameserver in $resolve_file" fi - if has_slirp4netns; then - # ipv4 slirp - run_podman run --rm --network slirp4netns:enable_ipv6=false $IMAGE cat /etc/resolv.conf - assert "$output" !~ "$ipv6_regex" "resolv.conf should not contain ipv6 nameserver" - - # ipv6 slirp - run_podman run --rm --network slirp4netns:enable_ipv6=true $IMAGE cat /etc/resolv.conf - assert "$output" =~ "$ipv6_regex" "resolv.conf should contain ipv6 nameserver" - fi - # ipv4 cni local mysubnet=$(random_rfc1918_subnet) local netname=testnet1-$(safename) @@ -641,9 +575,6 @@ load helpers.network is "$output" "$netname" "output of 'network create'" local -a networks=("$netname") - if has_slirp4netns; then - networks+=("slirp4netns") - fi for network in "${networks[@]}"; do # Start container with the restart always policy local cname=c-$(safename) @@ -782,10 +713,6 @@ nameserver 8.8.8.8" "nameserver order is correct" defer-assertion-failures local -a netmodes=("bridge") - # As of podman 5.0, slirp4netns is optional - if has_slirp4netns; then - netmodes+=("slirp4netns:port_handler=slirp4netns" "slirp4netns:port_handler=rootlesskit") - fi # pasta only works rootless if is_rootless; then netmodes+=("pasta") @@ -1012,16 +939,9 @@ EOF # Now make sure we can still run a container with free ips. run_podman run --rm --network $net1 $IMAGE true - # And now because of all the fun we have to check the same with slirp4netns and pasta because + # And now because of all the fun we have to check the same with pasta because # that uses slightly different code paths. Note this would deadlock before the fix. # https://github.com/containers/podman/issues/21477 - if has_slirp4netns; then - cname2=con2-$(safename) - run_podman 1 run --name $cname2 --network slirp4netns --restart on-failure:2 --userns keep-id $IMAGE false - wait_for_restart_count $cname2 2 "slirp4netns" - run_podman wait $cname2 - fi - if is_rootless; then # pasta can only run rootless cname3=con3-$(safename) diff --git a/test/system/700-play.bats b/test/system/700-play.bats index b7f42a67029..17870bb328a 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -226,14 +226,6 @@ RELABEL="system_u:object_r:container_file_t:s0" is "$output" "true" ".InfraConfig.HostNetwork" run_podman pod rm -t 0 -f $PODNAME - if has_slirp4netns; then - run_podman kube play --network slirp4netns:port_handler=slirp4netns $TESTYAML - run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}" - infraID="$output" - run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID - is "$output" "slirp4netns" "network mode slirp4netns is set for the container" - fi - run_podman pod rm -t 0 -f $PODNAME run_podman kube play --network none $TESTYAML diff --git a/test/system/helpers.network.bash b/test/system/helpers.network.bash index 8d0b419b36a..5eecb7c2302 100644 --- a/test/system/helpers.network.bash +++ b/test/system/helpers.network.bash @@ -1,7 +1,5 @@ # -*- bash -*- -_cached_has_slirp4netns= - ### Feature Checks ############################################################# # has_ipv4() - Check if one default route is available for IPv4 @@ -32,18 +30,6 @@ function skip_if_no_ipv6() { fi } -# has_slirp4netns - Check if the slirp4netns(1) command is available -function has_slirp4netns() { - if [[ -z "$_cached_has_slirp4netns" ]]; then - _cached_has_slirp4netns=n - run_podman info --format '{{.Host.Slirp4NetNS.Executable}}' - if [[ -n "$output" ]]; then - _cached_has_slirp4netns=y - fi - fi - test "$_cached_has_slirp4netns" = "y" -} - ### procfs access ############################################################## # ipv6_to_procfs() - RFC 5952 IPv6 address text representation to procfs format diff --git a/test/tmt/system.sh b/test/tmt/system.sh index 3cd29dae031..682d71d98f4 100644 --- a/test/tmt/system.sh +++ b/test/tmt/system.sh @@ -19,7 +19,6 @@ rpm -q \ podman \ podman-tests \ skopeo \ - slirp4netns \ systemd export system_service_cmd="/usr/bin/podman system service --timeout=0 &"