fix restart always with slirp4netns

When a container is automatically restarted due its restart policy and the container used the slirp4netns netmode, the slirp4netns process died. This caused the container to lose network connectivity. To fix this we have to start a new slirp4netns process. Fixes containers#8047 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Luap99 · May 11, 2021 · fce4e0b · fce4e0b
1 parent 8dcd5b8
commit fce4e0b
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -283,6 +283,14 @@ func (c *Container) handleRestartPolicy(ctx context.Context) (_ bool, retErr err
 		return false, err
 	}
 
+	// setup slirp4netns again because slirp4netns will die when conmon exits
+	if c.config.NetMode.IsSlirp4netns() {
+		err := c.runtime.setupSlirp4netns(c)
+		if err != nil {
+			return false, err
+		}
+	}
+
 	if c.state.State == define.ContainerStateStopped {
 		// Reinitialize the container if we need to
 		if err := c.reinit(ctx, true); err != nil {

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -251,4 +251,44 @@ load helpers
     run_podman network rm -f $mynetname
 }
 
+@test "podman networking: restart always with slirp4netns" {
+    # Check that with podman run --restart always the network connectivity
+    # still works after the restart.
+
+    random_1=$(random_string 30)
+    HOST_PORT=12345
+    SERVER=http://127.0.0.1:$HOST_PORT
+
+    # Create a test file with random content
+    INDEX1=$PODMAN_TMPDIR/hello.txt
+    echo $random_1 > $INDEX1
+
+
+     # Bind-mount this file with a different name to a container running httpd and --restart always
+    run_podman run -d -p "$HOST_PORT:80" --network slirp4netns \
+            --restart always \
+            -v $INDEX1:/var/www/index.txt \
+            -w /var/www \
+            $IMAGE /bin/busybox-extras httpd -f -p 80
+    cid=$output
+
+    # Verify http contents: curl from localhost
+    run curl -s $SERVER/index.txt
+    is "$output" "$random_1" "curl 127.0.0.1:/index.txt"
+
+    # Get the container process pid
+    run_podman container inspect --format "{{.State.Pid}}" $cid
+    pid=$output
+
+    # Kill the process so that the podman restart policy will restart the container
+    run kill $pid
+
+    # Verify http contents again: curl from localhost
+    # Use retry since it can take a moment until the new container is ready
+    run curl --retry 2 -s $SERVER/index.txt
+    is "$output" "$random_1" "curl 127.0.0.1:/index.txt"
+
+    run_podman rm -f $cid
+}
+
 # vim: filetype=sh