Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

run: add support for inline --network in RUN statements #4566

Merged
merged 2 commits into from
Mar 14, 2023
Merged

run: add support for inline --network in RUN statements #4566

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e2210c3
vendor: bump imagebuilder to a3c3f8358ca31b1e4daa6
flouthoc Mar 13, 2023
37afb5d
run: add support for inline --network in RUN stmt
flouthoc Mar 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ require (
github.com/opencontainers/runtime-spec v1.1.0-rc.1
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626
github.com/opencontainers/selinux v1.11.0
github.com/openshift/imagebuilder v1.2.4-0.20230214035213-86828bf48fa2
github.com/openshift/imagebuilder v1.2.4-0.20230309135844-a3c3f8358ca3
github.com/seccomp/libseccomp-golang v0.10.0
github.com/sirupsen/logrus v1.9.0
github.com/spf13/cobra v1.6.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -741,8 +741,8 @@ github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho
github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/openshift/imagebuilder v1.2.4-0.20230214035213-86828bf48fa2 h1:B0FCHYdYE5Z9gxdWnkbrBUFtV24tH9H88IBXDjFkWvE=
github.com/openshift/imagebuilder v1.2.4-0.20230214035213-86828bf48fa2/go.mod h1:k1mq/1hUuymyinjudQds8a9YcR+JGib6/9JQWvr5ql8=
github.com/openshift/imagebuilder v1.2.4-0.20230309135844-a3c3f8358ca3 h1:JMtosRja+FqjYFtYk439be/g0DeysMu25sI5PISmVEY=
github.com/openshift/imagebuilder v1.2.4-0.20230309135844-a3c3f8358ca3/go.mod h1:k1mq/1hUuymyinjudQds8a9YcR+JGib6/9JQWvr5ql8=
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
Expand Down
16 changes: 15 additions & 1 deletion imagebuildah/stage_executor.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -599,6 +599,7 @@ func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error {
defer devNull.Close()
stdin = devNull
}
namespaceOptions := append([]define.NamespaceOption{}, s.executor.namespaceOptions...)
options := buildah.RunOptions{
Args: s.executor.runtimeArgs,
Cmd: config.Cmd,
Expand All @@ -609,7 +610,7 @@ func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error {
Hostname: config.Hostname,
Logger: s.executor.logger,
Mounts: append([]Mount{}, s.executor.transientMounts...),
NamespaceOptions: s.executor.namespaceOptions,
NamespaceOptions: namespaceOptions,
NoHosts: s.executor.noHosts,
NoPivot: os.Getenv("BUILDAH_NOPIVOT") != "",
Quiet: s.executor.quiet,
Expand All @@ -627,6 +628,19 @@ func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error {
WorkingDir: config.WorkingDir,
}

// Honor `RUN --network=<>`.
switch run.Network {
case "host":
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{Name: "network", Host: true})
options.ConfigureNetwork = define.NetworkEnabled
case "none":
options.ConfigureNetwork = define.NetworkDisabled
case "":
// do nothing
default:
return fmt.Errorf(`unsupported value %q for "RUN --network", must be either "host" or "none"`, run.Network)
}

if config.NetworkDisabled {
options.ConfigureNetwork = buildah.NetworkDisabled
}
Expand Down
19 changes: 19 additions & 0 deletions tests/bud.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,25 @@ load helpers
expect_output --substring "options use-vc"
}

@test "build with inline RUN --network=host" {
#hostns=$(readlink /proc/self/ns/net)
run readlink /proc/self/ns/net
hostns="$output"
run_buildah build $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile1
expect_output --from="${lines[9]}" "${hostns}"
}

@test "build with inline RUN --network=none" {
run_buildah 1 build $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile2
expect_output --substring "wget: bad address"
nalind marked this conversation as resolved.
Show resolved Hide resolved
}

@test "build with inline RUN --network=fake" {
run_buildah 125 build $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile3
expect_output --substring "unsupported value"
}


@test "bud with ignoresymlink on default file" {
cat > /tmp/private_file << _EOF
hello
Expand Down
2 changes: 2 additions & 0 deletions tests/bud/inline-network/Dockerfile1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
FROM alpine
RUN --network=host readlink /proc/self/ns/net
2 changes: 2 additions & 0 deletions tests/bud/inline-network/Dockerfile2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
FROM alpine
RUN --network=none wget google.com
3 changes: 3 additions & 0 deletions tests/bud/inline-network/Dockerfile3
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
FROM alpine
RUN --network=fake wget google.com

2 changes: 2 additions & 0 deletions vendor/github.com/openshift/imagebuilder/builder.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 7 additions & 3 deletions vendor/github.com/openshift/imagebuilder/dispatchers.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions vendor/github.com/openshift/imagebuilder/dockerclient/client.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/modules.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -564,7 +564,7 @@ github.com/opencontainers/selinux/go-selinux
github.com/opencontainers/selinux/go-selinux/label
github.com/opencontainers/selinux/pkg/pwalk
github.com/opencontainers/selinux/pkg/pwalkdir
# github.com/openshift/imagebuilder v1.2.4-0.20230214035213-86828bf48fa2
# github.com/openshift/imagebuilder v1.2.4-0.20230309135844-a3c3f8358ca3
## explicit; go 1.19
github.com/openshift/imagebuilder
github.com/openshift/imagebuilder/dockerclient
Expand Down