diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2023-08-15 13:51:29 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2023-08-16 08:10:04 +0200 |
commit | da0aeb9080c9d2e39b2ff600a9b2b03046ac219d (patch) | |
tree | 9565c11f6c4614c575988ddb0f7b6c0de5274278 /contrib/selinux/passt.fc | |
parent | b4f8ffd5c4b9afee50bbc8b0003ee7d5d618d048 (diff) | |
download | passt-da0aeb9080c9d2e39b2ff600a9b2b03046ac219d.tar passt-da0aeb9080c9d2e39b2ff600a9b2b03046ac219d.tar.gz passt-da0aeb9080c9d2e39b2ff600a9b2b03046ac219d.tar.bz2 passt-da0aeb9080c9d2e39b2ff600a9b2b03046ac219d.tar.lz passt-da0aeb9080c9d2e39b2ff600a9b2b03046ac219d.tar.xz passt-da0aeb9080c9d2e39b2ff600a9b2b03046ac219d.tar.zst passt-da0aeb9080c9d2e39b2ff600a9b2b03046ac219d.zip |
netlink: Don't propagate host address expiry to the container
When we copy addresses from the host to the container in nl_addr_dup(), we
copy all the address's attributes, including IFA_CACHEINFO, which controls
the address's lifetime. If the host address is managed by, for example,
DHCP, it will typically have a finite lifetime.
When we copy that lifetime to the pasta container, that lifetime will
remain, meaning the kernel will eventually remove the address, typically
some hours later. The container, however, won't have the DHCP client or
whatever was managing and maintaining the address in the host, so it will
just lose connectivity.
Long term, we may want to monitor host address changes and reflect them to
the guest. But for now, we just want to take a snapshot of the host's
address and set those in the container permanently. We can accomplish that
by stripping off the IFA_CACHEINFO attribute as we copy addresses.
Link: https://github.com/containers/podman/issues/19405
Link: https://bugs.passt.top/show_bug.cgi?id=70
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'contrib/selinux/passt.fc')
0 files changed, 0 insertions, 0 deletions