From 24ae9e749e978c470908df9cd30ffaf5ae9d76fa Mon Sep 17 00:00:00 2001 From: Jiri Konecny Date: Fri, 16 Aug 2024 12:08:21 +0200 Subject: [PATCH] infra: Remove use of host network in containers We have added this to cover VPN access where containers run as root don't have access to VPN network. However, it makes a mess elsewhere because the host network configuration could be much harder to predict. To resolve this just give user a heads-up that he might need that and how to enable this feature. However, let's leave things simple and don't use host network if not required. --- Makefile.am | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 44cadb03403..ffca2296424 100644 --- a/Makefile.am +++ b/Makefile.am @@ -76,8 +76,7 @@ CONTAINER_ENGINE ?= podman # Network needs to use host configuration so it is sharing VPN connection CONTAINER_BUILD_ARGS ?= --no-cache --network=host # run tweaks for all containers -# Network needs to use host configuration so it is sharing VPN connection -CONTAINER_RUN_ARGS ?= --tty --interactive --network=host +CONTAINER_RUN_ARGS ?= --tty --interactive # HACK: bash's builtin `test -r` fails when running on Ubuntu host (GitHub) due to incompatible seccomp profile CONTAINER_TEST_ARGS ?= $(shell grep -q ID=ubuntu /etc/os-release && echo --security-opt=seccomp=unconfined) CONTAINER_REGISTRY ?= quay.io @@ -363,6 +362,8 @@ container-iso-build: exit 1; \ fi + @echo 'If you need VPN access, please use `CONTAINER_ADD_ARGS=--network=host`' + mkdir -p result/iso sudo $(CONTAINER_ENGINE) run \ --rm \ @@ -388,6 +389,8 @@ container-live-iso-build: @sudo -nv 2>/dev/null || echo "You will be prompted for sudo password because of loop device mounting in Lorax!" + @echo 'If you need VPN access, please use `CONTAINER_ADD_ARGS=--network=host`' + @if ! ls $(srcdir)/result/build/01-rpm-build/anaconda-*.rpm >/dev/null 2>/dev/null; then \ echo "You need to have anaconda RPMs build first. Please run 'make -f ./Makefile.am container-rpms-scratch' before this command."; \ exit 1; \