package/podman: add option to use passt as network backend

passt/pasta is the officially supported network backend, with slirp4netns only considered a legacy solution. However, some people have experienced corner cases when using passt/pasta (as it still is a young stack), so we do not want to do a blanket replace of slirp4netns just yet. Still, we make passt/pasta the default option. As a consequence, the existing runtime tests will now test passt/pasta, so we introduce two new tests for slirp4netns as a network backend. Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-03-15 20:57:11 +01:00
parent d038cc47cd
commit 54f79d804f
4 changed files with 51 additions and 11 deletions
--- a/package/podman/Config.in
+++ b/package/podman/Config.in
@@ -4,10 +4,10 @@ config BR2_PACKAGE_PODMAN
 	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS  # host-go
 	depends on BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS  # netavark
 	depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS  # libgpgme
-	depends on BR2_PACKAGE_LIBSECCOMP_ARCH_SUPPORTS  # libseccomp, slirp4netns
-	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_17  # libseccomp, slirp4netns
-	depends on BR2_TOOLCHAIN_HAS_THREADS  # conmon, slirp4netns
-	depends on BR2_USE_WCHAR  # conmon, slirp4netns
+	depends on BR2_PACKAGE_LIBSECCOMP_ARCH_SUPPORTS  # libseccomp
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_17  # libseccomp
+	depends on BR2_TOOLCHAIN_HAS_THREADS  # conmon
+	depends on BR2_USE_WCHAR  # conmon
 	select BR2_PACKAGE_HOST_GO
 	select BR2_PACKAGE_CA_CERTIFICATES  # runtime
 	select BR2_PACKAGE_CGROUPFS_V2_MOUNT if !BR2_PACKAGE_CGROUPFS_MOUNT && !BR2_INIT_SYSTEMD  # runtime
@@ -22,7 +22,6 @@ config BR2_PACKAGE_PODMAN
 	select BR2_PACKAGE_RUNC if !BR2_PACKAGE_CRUN  # runtime
 	select BR2_PACKAGE_SHADOW
 	select BR2_PACKAGE_SHADOW_SUBORDINATE_IDS
-	select BR2_PACKAGE_SLIRP4NETNS  # runtime
 	help
 	  The best free & open source container tools

@@ -67,6 +66,19 @@ config BR2_PACKAGE_PODMAN_INIT_NAME
 	default "tini" if BR2_PACKAGE_PODMAN_INIT_TINI
 	default "catatonit" if BR2_PACKAGE_PODMAN_INIT_CATATONIT

+choice
+	bool "Network backend"
+
+config BR2_PACKAGE_PODMAN_NET_PASST
+	bool "passt/pasta"
+	select BR2_PACKAGE_PASST  # runtime
+
+config BR2_PACKAGE_PODMAN_NET_SLIRP4NETNS
+	bool "slirp4netns"
+	select BR2_PACKAGE_SLIRP4NETNS  # runtime
+
+endchoice
+
 endif

 comment "podman needs a toolchain w/ headers >= 3.17, threads, wchar"
--- a/package/podman/containers.conf
+++ b/package/podman/containers.conf
@@ -1,2 +0,0 @@
-[network]
-default_rootless_network_cmd = "slirp4netns"
--- a/package/podman/podman.mk
+++ b/package/podman/podman.mk
@@ -62,6 +62,19 @@ define PODMAN_HELPER_INIT
 endef
 endif

+ifeq ($(BR2_PACKAGE_PODMAN_NET_PASST),y)
+define PODMAN_HELPER_PASST
+	$(Q)ln -sf ../../bin/pasta $(TARGET_DIR)/usr/libexec/podman/pasta
+endef
+else
+define PODMAN_HELPER_SLIRP4NETNS
+	$(Q)ln -sf ../../bin/slirp4netns $(TARGET_DIR)/usr/libexec/podman/slirp4netns
+	$(Q)mkdir -p $(TARGET_DIR)/etc/containers/containers.conf.d
+	$(Q)printf '[network]\ndefault_rootless_network_cmd = "slirp4netns"\n' \
+		>$(TARGET_DIR)/etc/containers/containers.conf.d/50-buildroot-net-backend.conf
+endef
+endif
+
 define PODMAN_LINUX_CONFIG_FIXUPS
 	$(call KCONFIG_ENABLE_OPT,CONFIG_CPUSETS)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_BPF_SYSCALL)
@@ -87,9 +100,6 @@ define PODMAN_LINUX_CONFIG_FIXUPS
 endef

 define PODMAN_CONFIG
-	$(Q)$(INSTALL) -D -m 0644 \
-		$(PODMAN_PKGDIR)/containers.conf \
-		$(TARGET_DIR)/usr/share/containers/containers.conf
 	$(Q)$(INSTALL) -D -m 0644 \
 		$(PODMAN_PKGDIR)/policy.json \
 		$(TARGET_DIR)/etc/containers/policy.json
@@ -103,8 +113,9 @@ define PODMAN_HELPERS
 	$(Q)mkdir -p $(TARGET_DIR)/usr/libexec/podman
 	$(Q)ln -sf ../../bin/aardvark-dns $(TARGET_DIR)/usr/libexec/podman/aardvark-dns
 	$(Q)ln -sf ../../bin/netavark $(TARGET_DIR)/usr/libexec/podman/netavark
-	$(Q)ln -sf ../../bin/slirp4netns $(TARGET_DIR)/usr/libexec/podman/slirp4netns
 	$(PODMAN_HELPER_INIT)
+	$(PODMAN_HELPER_PASST)
+	$(PODMAN_HELPER_SLIRP4NETNS)
 endef
 PODMAN_POST_INSTALL_TARGET_HOOKS += PODMAN_HELPERS

--- a/support/testing/tests/package/test_podman.py
+++ b/support/testing/tests/package/test_podman.py
@@ -239,3 +239,22 @@ class TestPodmanTini(PodmanBase):

    def test_run(self):
        self.do_test()
+
+
+class TestPodmanSlirpIptables(PodmanBase):
+    config = PodmanBase.config + """
+    BR2_PACKAGE_PODMAN_NET_SLIRP4NETNS=y
+    """
+
+    def test_run(self):
+        self.do_test()
+
+
+class TestPodmanSlirpNftables(PodmanBase):
+    config = PodmanBase.config + """
+    BR2_PACKAGE_NFTABLES=y
+    BR2_PACKAGE_PODMAN_NET_SLIRP4NETNS=y
+    """
+
+    def test_run(self):
+        self.do_test()