diff --git a/libcontainer/README.md b/libcontainer/README.md index 36553af..4c8da8e 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -48,16 +48,17 @@ Sample `container.json` file: "MAC_ADMIN", "NET_ADMIN" ], - "network": { - "type": "veth", - "context": { - "bridge": "docker0", - "prefix": "dock" - }, - "address": "172.17.0.100/16", - "gateway": "172.17.42.1", - "mtu": 1500 - }, + "networks": [{ + "type": "veth", + "context": { + "bridge": "docker0", + "prefix": "dock" + }, + "address": "172.17.0.100/16", + "gateway": "172.17.42.1", + "mtu": 1500 + } + ], "cgroups": { "name": "docker-koye", "parent": "docker", diff --git a/libcontainer/container.go b/libcontainer/container.go index 4a47977..12a3d7b 100644 --- a/libcontainer/container.go +++ b/libcontainer/container.go @@ -19,7 +19,7 @@ type Container struct { Tty bool `json:"tty,omitempty"` // setup a proper tty or not Namespaces Namespaces `json:"namespaces,omitempty"` // namespaces to apply Capabilities Capabilities `json:"capabilities,omitempty"` // capabilities to drop - Network *Network `json:"network,omitempty"` // nil for host's network stack + Networks []*Network `json:"networks,omitempty"` // nil for host's network stack Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"` } diff --git a/libcontainer/container.json b/libcontainer/container.json index c2b21f8..83e4074 100644 --- a/libcontainer/container.json +++ b/libcontainer/container.json @@ -31,16 +31,17 @@ "MAC_ADMIN", "NET_ADMIN" ], - "network": { - "type": "veth", - "context": { - "bridge": "docker0", - "prefix": "dock" - }, - "address": "172.17.0.100/16", - "gateway": "172.17.42.1", - "mtu": 1500 - }, + "networks": [{ + "type": "veth", + "context": { + "bridge": "docker0", + "prefix": "dock" + }, + "address": "172.17.0.100/16", + "gateway": "172.17.42.1", + "mtu": 1500 + } + ], "cgroups": { "name": "docker-koye", "parent": "docker", diff --git a/libcontainer/network/strategy.go b/libcontainer/network/strategy.go index 8ecc11a..a2f4f8f 100644 --- a/libcontainer/network/strategy.go +++ b/libcontainer/network/strategy.go @@ -16,7 +16,7 @@ var strategies = map[string]NetworkStrategy{ // NetworkStrategy represends a specific network configuration for // a containers networking stack type NetworkStrategy interface { - Create(*libcontainer.Network, int) (libcontainer.Context, error) + Create(*libcontainer.Network, int, libcontainer.Context) error Initialize(*libcontainer.Network, libcontainer.Context) error } diff --git a/libcontainer/network/veth.go b/libcontainer/network/veth.go index 49e63f0..3ab1b23 100644 --- a/libcontainer/network/veth.go +++ b/libcontainer/network/veth.go @@ -12,39 +12,37 @@ import ( type Veth struct { } -func (v *Veth) Create(n *libcontainer.Network, nspid int) (libcontainer.Context, error) { +func (v *Veth) Create(n *libcontainer.Network, nspid int, context libcontainer.Context) error { var ( bridge string prefix string exists bool ) if bridge, exists = n.Context["bridge"]; !exists { - return nil, fmt.Errorf("bridge does not exist in network context") + return fmt.Errorf("bridge does not exist in network context") } if prefix, exists = n.Context["prefix"]; !exists { - return nil, fmt.Errorf("veth prefix does not exist in network context") + return fmt.Errorf("veth prefix does not exist in network context") } name1, name2, err := createVethPair(prefix) if err != nil { - return nil, err - } - context := libcontainer.Context{ - "vethHost": name1, - "vethChild": name2, + return err } + context["veth-host"] = name1 + context["veth-child"] = name2 if err := SetInterfaceMaster(name1, bridge); err != nil { - return context, err + return err } if err := SetMtu(name1, n.Mtu); err != nil { - return context, err + return err } if err := InterfaceUp(name1); err != nil { - return context, err + return err } if err := SetInterfaceInNamespacePid(name2, nspid); err != nil { - return context, err + return err } - return context, nil + return nil } func (v *Veth) Initialize(config *libcontainer.Network, context libcontainer.Context) error { @@ -52,7 +50,7 @@ func (v *Veth) Initialize(config *libcontainer.Network, context libcontainer.Con vethChild string exists bool ) - if vethChild, exists = context["vethChild"]; !exists { + if vethChild, exists = context["veth-child"]; !exists { return fmt.Errorf("vethChild does not exist in network context") } if err := InterfaceDown(vethChild); err != nil { diff --git a/libcontainer/nsinit/exec.go b/libcontainer/nsinit/exec.go index b13326b..f7a9c17 100644 --- a/libcontainer/nsinit/exec.go +++ b/libcontainer/nsinit/exec.go @@ -84,18 +84,15 @@ func (ns *linuxNs) SetupCgroups(container *libcontainer.Container, nspid int) er } func (ns *linuxNs) InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error { - if container.Network != nil { - strategy, err := network.GetStrategy(container.Network.Type) + context := libcontainer.Context{} + for _, config := range container.Networks { + strategy, err := network.GetStrategy(config.Type) if err != nil { return err } - networkContext, err := strategy.Create(container.Network, nspid) - if err != nil { - return err - } - if err := pipe.SendToChild(networkContext); err != nil { + if err := strategy.Create(config, nspid, context); err != nil { return err } } - return nil + return pipe.SendToChild(context) } diff --git a/libcontainer/nsinit/init.go b/libcontainer/nsinit/init.go index 1229560..cfc5058 100644 --- a/libcontainer/nsinit/init.go +++ b/libcontainer/nsinit/init.go @@ -56,7 +56,7 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol if err := setupNewMountNamespace(rootfs, console, container.ReadonlyFs); err != nil { return fmt.Errorf("setup mount namespace %s", err) } - if err := setupNetwork(container.Network, context); err != nil { + if err := setupNetwork(container, context); err != nil { return fmt.Errorf("setup networking %s", err) } if err := system.Sethostname(container.Hostname); err != nil { @@ -130,8 +130,8 @@ func dupSlave(slave *os.File) error { // setupVethNetwork uses the Network config if it is not nil to initialize // the new veth interface inside the container for use by changing the name to eth0 // setting the MTU and IP address along with the default gateway -func setupNetwork(config *libcontainer.Network, context libcontainer.Context) error { - if config != nil { +func setupNetwork(container *libcontainer.Container, context libcontainer.Context) error { + for _, config := range container.Networks { strategy, err := network.GetStrategy(config.Type) if err != nil { return err