Skip to content

Commit 94e147b

Browse files
csweichelroboquat
csweichel
authored and
roboquat
committed
[ws-daemon] Enable workspace IP forwarding
to make the new nftables setup work
1 parent 274a435 commit 94e147b

File tree

1 file changed

+20
-8
lines changed
  • components/ws-daemon/pkg/iws

1 file changed

+20
-8
lines changed

components/ws-daemon/pkg/iws/iws.go

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -344,9 +344,9 @@ func (wbs *InWorkspaceServiceServer) SetupPairVeths(ctx context.Context, req *ap
344344
return nil, status.Errorf(codes.Internal, "cannot setup a peer veths")
345345
}
346346

347-
err = nsinsider(wbs.Session.InstanceID, int(pid), func(c *exec.Cmd) {
347+
err = nsinsider(wbs.Session.InstanceID, int(containerPID), func(c *exec.Cmd) {
348348
c.Args = append(c.Args, "enable-ip-forward")
349-
}, enterMountNS(true))
349+
}, enterNetNS(true), enterMountNSPid(1))
350350
if err != nil {
351351
log.WithError(err).WithFields(wbs.Session.OWI()).Error("SetupPairVeths: cannot enable IP forwarding")
352352
return nil, status.Errorf(codes.Internal, "cannot enable IP forwarding")
@@ -736,9 +736,10 @@ func cleanupMaskedMount(owi map[string]interface{}, base string, paths []string)
736736
}
737737

738738
type nsinsiderOpts struct {
739-
MountNS bool
740-
PidNS bool
741-
NetNS bool
739+
MountNS bool
740+
PidNS bool
741+
NetNS bool
742+
MountNSPid int
742743
}
743744

744745
func enterMountNS(enter bool) nsinsiderOpt {
@@ -759,6 +760,13 @@ func enterNetNS(enter bool) nsinsiderOpt {
759760
}
760761
}
761762

763+
func enterMountNSPid(pid int) nsinsiderOpt {
764+
return func(o *nsinsiderOpts) {
765+
o.MountNS = true
766+
o.MountNSPid = pid
767+
}
768+
}
769+
762770
type nsinsiderOpt func(*nsinsiderOpts)
763771

764772
func nsinsider(instanceID string, targetPid int, mod func(*exec.Cmd), opts ...nsinsiderOpt) error {
@@ -781,10 +789,14 @@ func nsinsider(instanceID string, targetPid int, mod func(*exec.Cmd), opts ...ns
781789
}
782790
var nss []mnt
783791
if cfg.MountNS {
792+
tpid := targetPid
793+
if cfg.MountNSPid != 0 {
794+
tpid = cfg.MountNSPid
795+
}
784796
nss = append(nss,
785-
mnt{"_LIBNSENTER_ROOTFD", fmt.Sprintf("/proc/%d/root", targetPid), unix.O_PATH},
786-
mnt{"_LIBNSENTER_CWDFD", fmt.Sprintf("/proc/%d/cwd", targetPid), unix.O_PATH},
787-
mnt{"_LIBNSENTER_MNTNSFD", fmt.Sprintf("/proc/%d/ns/mnt", targetPid), os.O_RDONLY},
797+
mnt{"_LIBNSENTER_ROOTFD", fmt.Sprintf("/proc/%d/root", tpid), unix.O_PATH},
798+
mnt{"_LIBNSENTER_CWDFD", fmt.Sprintf("/proc/%d/cwd", tpid), unix.O_PATH},
799+
mnt{"_LIBNSENTER_MNTNSFD", fmt.Sprintf("/proc/%d/ns/mnt", tpid), os.O_RDONLY},
788800
)
789801
}
790802
if cfg.PidNS {

0 commit comments

Comments
 (0)