diff options
| author | Paul Holzinger <pholzing@redhat.com> | 2024-04-10 18:21:01 +0200 |
|---|---|---|
| committer | openshift-cherrypick-robot <> | 2024-05-29 15:06:35 +0000 |
| commit | 556948a666aa15c691d0edbacabb0e824400820d (patch) | |
| tree | 62634f3f38b24b726073370b64bcfdfcffd8ef76 | |
| parent | 8053881ae499347bd381bdca755ea74a06a8944e (diff) | |
fix "concurrent map writes" in network ls compat endpoint
Not sure why this only triggers now but this code was broken for a
while. It is racy as reported on the issue but because it changes the
actual map part of the network backend it means it can also alter the
behavior of the network which is very bad.
Fixes #22330
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| -rw-r--r-- | pkg/api/handlers/compat/networks.go | 5 | ||||
| -rw-r--r-- | test/apiv2/35-networks.at | 16 |
2 files changed, 20 insertions, 1 deletions
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index d205a327f..975407aba 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -17,6 +17,7 @@ import ( "github.com/containers/podman/v4/pkg/domain/infra/abi" "github.com/containers/podman/v4/pkg/util" "github.com/docker/docker/api/types" + "golang.org/x/exp/maps" dockerNetwork "github.com/docker/docker/api/types/network" "github.com/sirupsen/logrus" @@ -147,7 +148,9 @@ func convertLibpodNetworktoDockerNetwork(runtime *libpod.Runtime, statuses []con if changeDefaultName && name == runtime.Network().DefaultNetworkName() { name = nettypes.BridgeNetworkDriver } - options := network.Options + // Make sure to clone the map as we have access to the map stored in + // the network backend and will overwrite it which is not good. + options := maps.Clone(network.Options) // bridge always has isolate set in the compat API but we should not return it to not confuse callers // https://github.com/containers/podman/issues/15580 delete(options, nettypes.IsolateOption) diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at index 2d76a61e5..2123184c2 100644 --- a/test/apiv2/35-networks.at +++ b/test/apiv2/35-networks.at @@ -191,6 +191,22 @@ t DELETE libpod/networks/macvlan1 200 \ .[0].Name~macvlan1 \ .[0].Err=null + +# create network with isolate option and make sure it is not shown in docker compat endpoint +podman network create --opt isolate=true isolate-test +# Note the order of both list calls is important to test for https://github.com/containers/podman/issues/22330 +# First call the compat endpoint, then the libpod one. Previously this would have removed +# the internal option for the libpod endpoint as well. +t GET networks?filters='{"name":["isolate-test"]}' 200 \ + .[0].Name=isolate-test \ + .[0].Options="{}" + +t GET libpod/networks/json?filters='{"name":["isolate-test"]}' 200 \ + .[0].name=isolate-test \ + .[0].options.isolate="true" + +t DELETE libpod/networks/isolate-test 200 + # # test networks with containers # |