Added 'default' network config as fallback + passed through missing C…

…NI args

README.md

@@ -65,7 +65,7 @@ chmod +x ctnr &&
 sudo mv ctnr /usr/local/bin/
 ```
 If you need [PRoot](https://github.com/rootless-containers/PRoot) or [CNI plugins](https://github.com/containernetworking/plugins)
-you can build them by calling `make proot cni-plugins` within this repository's directory.
+you can build them by calling `make proot cni-plugins-static` within this repository's directory.
 
 
 ## Build

bundle/builder/hook.go

@@ -36,6 +36,7 @@ type NetConfig struct {
 	Hosts         map[string]string `json:"hosts,omitempty"`
 	Networks      []string          `json:"networks,omitempty"`
 	Ports         []PortMapEntry    `json:"ports,omitempty"`
+	IPAMDataDir   string            `json:"dataDir,omitempty"`
 }
 
 type PortMapEntry struct {
@@ -78,6 +79,10 @@ func NewHookBuilderFromSpec(spec *specs.Spec) (b HookBuilder, err error) {
 	return
 }
 
+func (b *HookBuilder) SetIPAMDataDir(ipamDataDir string) {
+	b.hook.IPAMDataDir = ipamDataDir
+}
+
 func (b *HookBuilder) SetDomainname(domainname string) {
 	b.hook.Domainname = domainname
 }
@@ -136,6 +141,17 @@ func (b *HookBuilder) Build(spec *generate.Generator) (err error) {
 		"PATH=" + os.Getenv("PATH"),
 		"CNI_PATH=" + cniPluginPaths,
 	}
+	netConfPath := os.Getenv("NETCONFPATH")
+	if netConfPath != "" {
+		cniEnv = append(cniEnv, "NETCONFPATH="+netConfPath)
+	}
+	ipamDataDir := b.hook.IPAMDataDir
+	if ipamDataDir == "" {
+		ipamDataDir = os.Getenv("IPAMDATADIR")
+	}
+	if ipamDataDir != "" {
+		cniEnv = append(cniEnv, "IPAMDATADIR="+ipamDataDir)
+	}
 
 	netInitHookArgs := make([]string, 0, 10)
 	netInitHookArgs = append(netInitHookArgs, "ctnr", "net", "init")

cmd/common.go

@@ -179,7 +179,7 @@ func closeLockedImageStore() {
 }
 
 func newContainerManager() (run.ContainerManager, error) {
-	return factory.NewContainerManager(flagStateDir, flagRootless, loggers)
+	return factory.NewContainerManager(filepath.Join(flagStateDir, "containers"), flagRootless, loggers)
 }
 
 func resourceResolver(baseDir string, volumes map[string]model.Volume) model.ResourceResolver {
@@ -274,14 +274,15 @@ func createRuntimeBundle(service *model.Service, res model.ResourceResolver) (b
 	if service.Image != "" {
 		var img image.Image
 		if img, err = image.GetImage(istore, service.Image); err != nil {
-			return nil, err
+			return b, err
 		}
 		builder.SetImage(image.NewUnpackableImage(&img, istore))
 	}
 
 	// Apply config.json
-	if err = oci.ToSpec(service, res, flagRootless, flagPRootPath, builder); err != nil {
-		return nil, err
+	netDataDir := filepath.Join(flagStateDir, "networks")
+	if err = oci.ToSpec(service, res, flagRootless, netDataDir, flagPRootPath, builder); err != nil {
+		return b, err
 	}
 
 	return b, builder.Build(b)

image/builder/imagebuilder.go

@@ -141,31 +141,20 @@ func (b *ImageBuilder) deleteBundle(lb *bundle.LockedBundle) error { return lb.D
 func (b *ImageBuilder) Close() (err error) {
 	succeededBundles := b.lockedBundles
 	b.lockedBundles = nil
-	fmt.Println("###### CLOSE: ", succeededBundles)
 	var failedBundle *bundle.LockedBundle
 	hasFailedBundle := b.bundle == nil && len(succeededBundles) > 0
 	if hasFailedBundle {
 		failedBundle = succeededBundles[len(succeededBundles)-1]
 		succeededBundles = succeededBundles[:len(succeededBundles)-1]
 	}
-	if b.bundle != nil {
-		fmt.Println("CLOSE LAST BUNDLE", b.bundle.ID())
-	}
 	err = exterrors.Append(err, b.resetBundle())
 	closeBundle := b.closeBundle
 	if b.removeSucceededBundles {
 		closeBundle = b.deleteBundle
 	}
-	fmt.Println("###### 1")
 	for _, lb := range succeededBundles {
-		// TODO: do not unlock bundle when container is closed but
-		// - create container immediately (also in runc impl),
-		// - unlock bundle after creation and
-		// - consider running containers in bundle gc
-		fmt.Println("CLOSE", lb.ID())
 		err = exterrors.Append(err, closeBundle(lb))
 	}
-	fmt.Println("###### 2")
 	if failedBundle != nil {
 		closeBundle = b.closeBundle
 		if b.removeFailedBundle {

model/oci/ocitransform.go

@@ -23,7 +23,7 @@ const (
 	ANNOTATION_BUNDLE_ID         = "com.github.mgoltzsche.ctnr.bundle.id"
 )
 
-func ToSpec(service *model.Service, res model.ResourceResolver, rootless bool, prootPath string, spec *builder.BundleBuilder) (err error) {
+func ToSpec(service *model.Service, res model.ResourceResolver, rootless bool, ipamDataDir string, prootPath string, spec *builder.BundleBuilder) (err error) {
 	defer func() {
 		err = errors.Wrap(err, "generate OCI bundle spec")
 	}()
@@ -132,8 +132,6 @@ func ToSpec(service *model.Service, res model.ResourceResolver, rootless bool, p
 		}
 	} else if useNoNetwork || useHostNetwork {
 		networks = []string{}
-	} else if rootless {
-		return errors.New("transform: no networks supported in rootless mode")
 	}
 
 	// Use host network by removing 'network' namespace
@@ -157,6 +155,7 @@ func ToSpec(service *model.Service, res model.ResourceResolver, rootless bool, p
 		if err != nil {
 			return err
 		}
+		hook.SetIPAMDataDir(ipamDataDir)
 		for _, net := range networks {
 			hook.AddNetwork(net)
 		}

net/net.go

@@ -38,10 +38,54 @@ func NewNetConfigs(confDir string) (*NetConfigs, error) {
 }
 
 func (n *NetConfigs) GetConfig(name string) (*libcni.NetworkConfigList, error) {
-	return libcni.LoadConfList(n.confDir, name)
+	l, err := libcni.LoadConfList(n.confDir, name)
+	if err != nil && name == "default" {
+		_, noConfDir := err.(libcni.NoConfigsFoundError)
+		_, confNotFound := err.(libcni.NotFoundError)
+		if noConfDir || confNotFound {
+			return defaultNetConf()
+		}
+	}
+	return l, err
 }
 
-func MapPorts(original *libcni.NetworkConfigList, portMap []PortMapEntry) (*libcni.NetworkConfigList, error) {
+func defaultNetConf() (cfg *libcni.NetworkConfigList, err error) {
+	ipamDataDir := os.Getenv("IPAMDATADIR")
+	if ipamDataDir == "" {
+		return nil, errors.New("default net conf: IPAMDATADIR env var not set")
+	}
+	rawConfigList := map[string]interface{}{
+		"cniVersion": version.Current(),
+		"name":       "default",
+		"plugins": []interface{}{
+			map[string]interface{}{
+				"cniVersion": version.Current(),
+				"type":       "ptp",
+				"ipMasq":     true,
+				"ipam": map[string]interface{}{
+					"type":   "host-local",
+					"subnet": "10.1.0.0/24",
+					"routes": []interface{}{
+						map[string]interface{}{
+							"dst": "0.0.0.0/0",
+						},
+					},
+					"dataDir": ipamDataDir,
+				},
+				"dns": map[string]interface{}{
+					"nameservers": []string{"1.1.1.1"},
+				},
+			},
+		},
+	}
+	b, err := json.Marshal(rawConfigList)
+	if err == nil {
+		cfg, err = libcni.ConfListFromBytes(b)
+	}
+	return cfg, errors.Wrap(err, "load default config")
+}
+
+func MapPorts(original *libcni.NetworkConfigList, portMap []PortMapEntry) (cfg *libcni.NetworkConfigList, err error) {
 	if len(portMap) == 0 {
 		return original, nil
 	}
@@ -67,10 +111,10 @@ func MapPorts(original *libcni.NetworkConfigList, portMap []PortMapEntry) (*libc
 		"plugins":    rawPlugins,
 	}
 	b, err := json.Marshal(rawConfigList)
-	if err != nil {
-		return nil, err
+	if err == nil {
+		cfg, err = libcni.ConfListFromBytes(b)
 	}
-	return libcni.ConfListFromBytes(b)
+	return cfg, errors.Wrap(err, "load portmap config")
 }
 
 type NetManager struct {
@@ -127,13 +171,10 @@ func NewNetManager(state *specs.State) (r *NetManager, err error) {
 func (m *NetManager) AddNet(ifName string, netConf *libcni.NetworkConfigList) (r *current.Result, err error) {
 	rs, err := m.cni.AddNetworkList(netConf, m.rtConf(ifName))
 	if err != nil {
-		return
+		return nil, errors.Wrap(err, "add CNI network "+netConf.Name)
 	}
 	r, err = current.NewResultFromResult(rs)
-	if err != nil {
-		err = errors.Wrap(err, "CNI result for network "+netConf.Name)
-	}
-	return
+	return r, errors.Wrap(err, "convert CNI result for network "+netConf.Name)
 }
 
 func (m *NetManager) DelNet(ifName string, netConf *libcni.NetworkConfigList) (err error) {