From 94e147b90e699fcfd0b22b021198186920cac5b4 Mon Sep 17 00:00:00 2001 From: Christian Weichel Date: Tue, 12 Apr 2022 20:05:13 +0000 Subject: [PATCH] [ws-daemon] Enable workspace IP forwarding to make the new nftables setup work --- components/ws-daemon/pkg/iws/iws.go | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/components/ws-daemon/pkg/iws/iws.go b/components/ws-daemon/pkg/iws/iws.go index cdd5c83d59d9b1..deb2f7e4a82592 100644 --- a/components/ws-daemon/pkg/iws/iws.go +++ b/components/ws-daemon/pkg/iws/iws.go @@ -344,9 +344,9 @@ func (wbs *InWorkspaceServiceServer) SetupPairVeths(ctx context.Context, req *ap return nil, status.Errorf(codes.Internal, "cannot setup a peer veths") } - err = nsinsider(wbs.Session.InstanceID, int(pid), func(c *exec.Cmd) { + err = nsinsider(wbs.Session.InstanceID, int(containerPID), func(c *exec.Cmd) { c.Args = append(c.Args, "enable-ip-forward") - }, enterMountNS(true)) + }, enterNetNS(true), enterMountNSPid(1)) if err != nil { log.WithError(err).WithFields(wbs.Session.OWI()).Error("SetupPairVeths: cannot enable IP forwarding") return nil, status.Errorf(codes.Internal, "cannot enable IP forwarding") @@ -736,9 +736,10 @@ func cleanupMaskedMount(owi map[string]interface{}, base string, paths []string) } type nsinsiderOpts struct { - MountNS bool - PidNS bool - NetNS bool + MountNS bool + PidNS bool + NetNS bool + MountNSPid int } func enterMountNS(enter bool) nsinsiderOpt { @@ -759,6 +760,13 @@ func enterNetNS(enter bool) nsinsiderOpt { } } +func enterMountNSPid(pid int) nsinsiderOpt { + return func(o *nsinsiderOpts) { + o.MountNS = true + o.MountNSPid = pid + } +} + type nsinsiderOpt func(*nsinsiderOpts) func nsinsider(instanceID string, targetPid int, mod func(*exec.Cmd), opts ...nsinsiderOpt) error { @@ -781,10 +789,14 @@ func nsinsider(instanceID string, targetPid int, mod func(*exec.Cmd), opts ...ns } var nss []mnt if cfg.MountNS { + tpid := targetPid + if cfg.MountNSPid != 0 { + tpid = cfg.MountNSPid + } nss = append(nss, - mnt{"_LIBNSENTER_ROOTFD", fmt.Sprintf("/proc/%d/root", targetPid), unix.O_PATH}, - mnt{"_LIBNSENTER_CWDFD", fmt.Sprintf("/proc/%d/cwd", targetPid), unix.O_PATH}, - mnt{"_LIBNSENTER_MNTNSFD", fmt.Sprintf("/proc/%d/ns/mnt", targetPid), os.O_RDONLY}, + mnt{"_LIBNSENTER_ROOTFD", fmt.Sprintf("/proc/%d/root", tpid), unix.O_PATH}, + mnt{"_LIBNSENTER_CWDFD", fmt.Sprintf("/proc/%d/cwd", tpid), unix.O_PATH}, + mnt{"_LIBNSENTER_MNTNSFD", fmt.Sprintf("/proc/%d/ns/mnt", tpid), os.O_RDONLY}, ) } if cfg.PidNS {