diff --git a/components/blobserve/go.sum b/components/blobserve/go.sum index e1775176d841bf..38e843c7ed403d 100644 --- a/components/blobserve/go.sum +++ b/components/blobserve/go.sum @@ -310,6 +310,7 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= diff --git a/components/ws-daemon/nsinsider/main.go b/components/ws-daemon/nsinsider/main.go index 72950139944ab0..e66fb3e1ef03ad 100644 --- a/components/ws-daemon/nsinsider/main.go +++ b/components/ws-daemon/nsinsider/main.go @@ -202,6 +202,30 @@ func main() { return os.Chmod("/dev/fuse", os.FileMode(0666)) }, }, + { + Name: "mknod-devnettun", + Usage: "creates /dev/net/tun", + Action: func(c *cli.Context) error { + _ = os.MkdirAll("/dev/net", 0755) + + err := unix.Mknod("/dev/net/tun", 0666|unix.S_IFCHR, int(unix.Mkdev(10, 200))) + if err != nil { + return err + } + + err = os.Chmod("/dev/net/tun", os.FileMode(0666)) + if err != nil { + return err + } + + err = os.Chown("/dev/net/tun", c.Int("uid"), c.Int("gid")) + if err != nil { + return err + } + + return nil + }, + }, }, } diff --git a/components/ws-daemon/pkg/iws/iws.go b/components/ws-daemon/pkg/iws/iws.go index b63ff76bdee98c..3465171deb6022 100644 --- a/components/ws-daemon/pkg/iws/iws.go +++ b/components/ws-daemon/pkg/iws/iws.go @@ -221,6 +221,13 @@ func (wbs *InWorkspaceServiceServer) PrepareForUserNS(ctx context.Context, req * log.WithError(err).WithFields(wbs.Session.OWI()).Error("PrepareForUserNS: cannot mknod fuse") return nil, status.Errorf(codes.Internal, "cannot prepare FUSE") } + err = nsinsider(wbs.Session.InstanceID, int(containerPID), func(c *exec.Cmd) { + c.Args = append(c.Args, "mknod-devnettun") + }) + if err != nil { + log.WithError(err).WithFields(wbs.Session.OWI()).Error("PrepareForUserNS: cannot create /dev/net/tun") + return nil, status.Errorf(codes.Internal, "cannot create /dev/net/tun") + } // create overlayfs directories to be used in ring2 as rootfs and also upper layer to track changes in the workspace _ = os.MkdirAll(filepath.Join(wbs.Session.ServiceLocDaemon, "upper"), 0755) diff --git a/components/ws-manager/pkg/manager/create.go b/components/ws-manager/pkg/manager/create.go index 24f8d4c5c2b427..649abbeb1e35c8 100644 --- a/components/ws-manager/pkg/manager/create.go +++ b/components/ws-manager/pkg/manager/create.go @@ -305,7 +305,6 @@ func (m *Manager) createDefiniteWorkspacePod(startContext *startWorkspaceContext // - the TAP driver documentation says so (see https://www.kernel.org/doc/Documentation/networking/tuntap.txt) // - systemd's nspawn does the same thing (if it's good enough for them, it's good enough for us) var ( - devType = corev1.HostPathFile hostPathOrCreate = corev1.HostPathDirectoryOrCreate daemonVolumeName = "daemon-mount" ) @@ -328,15 +327,6 @@ func (m *Manager) createDefiniteWorkspacePod(startContext *startWorkspaceContext RestartPolicy: corev1.RestartPolicyNever, Volumes: []corev1.Volume{ workspaceVolume, - { - Name: "dev-net-tun", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/dev/net/tun", - Type: &devType, - }, - }, - }, { Name: daemonVolumeName, VolumeSource: corev1.VolumeSource{ @@ -490,10 +480,6 @@ func (m *Manager) createWorkspaceContainer(startContext *startWorkspaceContext) ReadOnly: false, MountPropagation: &mountPropagation, }, - { - MountPath: "/dev/net/tun", - Name: "dev-net-tun", - }, { MountPath: "/.workspace", Name: "daemon-mount", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_admission.golden b/components/ws-manager/pkg/manager/testdata/cdwp_admission.golden index 51163694eeefb2..8e8727e7622a64 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_admission.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_admission.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -157,10 +150,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_empty_resource_req.golden b/components/ws-manager/pkg/manager/testdata/cdwp_empty_resource_req.golden index 8ed80e98831342..351f00531882f2 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_empty_resource_req.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_empty_resource_req.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -151,10 +144,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_fixedresources.golden b/components/ws-manager/pkg/manager/testdata/cdwp_fixedresources.golden index e263946f576dad..69d2471a0a1e44 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_fixedresources.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_fixedresources.golden @@ -43,13 +43,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -154,10 +147,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_fullworkspacebackup.golden b/components/ws-manager/pkg/manager/testdata/cdwp_fullworkspacebackup.golden index 3753609b49fd7d..742bdcbc3ec93f 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_fullworkspacebackup.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_fullworkspacebackup.golden @@ -37,13 +37,6 @@ }, "spec": { "volumes": [ - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -143,10 +136,6 @@ } }, "volumeMounts": [ - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_ghost.golden b/components/ws-manager/pkg/manager/testdata/cdwp_ghost.golden index 8552835aea4f92..67d0115bc16f99 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_ghost.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_ghost.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -157,10 +150,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_prebuild.golden b/components/ws-manager/pkg/manager/testdata/cdwp_prebuild.golden index cda10f3c95c260..b46d7d7dee2286 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_prebuild.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_prebuild.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -157,10 +150,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template.golden b/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template.golden index 841aaffe85c249..ad57447b389a4e 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -161,10 +154,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template_override_resources.golden b/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template_override_resources.golden index 8853a82eab9f3a..f1a722946c105e 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template_override_resources.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_prebuild_template_override_resources.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -161,10 +154,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_probe.golden b/components/ws-manager/pkg/manager/testdata/cdwp_probe.golden index 5bc10d5c60b0e2..d5deee1e1c7094 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_probe.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_probe.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -157,10 +150,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_readinessprobe.golden b/components/ws-manager/pkg/manager/testdata/cdwp_readinessprobe.golden index 591ff833d31678..6e254a21ec0f48 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_readinessprobe.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_readinessprobe.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -153,10 +146,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_tasks.golden b/components/ws-manager/pkg/manager/testdata/cdwp_tasks.golden index 2457f5231d8807..d8f6fc273ace33 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_tasks.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_tasks.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -157,10 +150,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_template.golden b/components/ws-manager/pkg/manager/testdata/cdwp_template.golden index d4259a7e17157a..52843840bbcaa4 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_template.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_template.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -157,10 +150,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_timeout.golden b/components/ws-manager/pkg/manager/testdata/cdwp_timeout.golden index 0ef110d9dbf2be..6cd173176d1237 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_timeout.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_timeout.golden @@ -43,13 +43,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -158,10 +151,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace", diff --git a/components/ws-manager/pkg/manager/testdata/cdwp_userns.golden b/components/ws-manager/pkg/manager/testdata/cdwp_userns.golden index 7a03d69a8fca43..40b1341e522545 100644 --- a/components/ws-manager/pkg/manager/testdata/cdwp_userns.golden +++ b/components/ws-manager/pkg/manager/testdata/cdwp_userns.golden @@ -42,13 +42,6 @@ "type": "DirectoryOrCreate" } }, - { - "name": "dev-net-tun", - "hostPath": { - "path": "/dev/net/tun", - "type": "File" - } - }, { "name": "daemon-mount", "hostPath": { @@ -153,10 +146,6 @@ "mountPath": "/workspace", "mountPropagation": "HostToContainer" }, - { - "name": "dev-net-tun", - "mountPath": "/dev/net/tun" - }, { "name": "daemon-mount", "mountPath": "/.workspace",