Skip to content

krun: switch to passt-based networking #1913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
slp wants to merge 4 commits into
base: main
Choose a base branch
from
+201 −71
Draft

krun: switch to passt-based networking #1913

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e18a762
handlers: add new hook to close fds
slp Nov 18, 2025
a2a9b10
krun: process the vm configuration earlier
slp Feb 19, 2026
5b8747c
krun: consolidate configuration in configure_vm
slp Feb 19, 2026
9089428
krun: switch to passt-based networking
slp Nov 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion src/libcrun/container.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1682,7 +1682,16 @@ container_init (void *args, char *notify_socket, int sync_socket, libcrun_error_
This is a best effort operation, because the seccomp filter is already in place and it could
stop some syscalls used by mark_or_close_fds_ge_than.
*/
ret = mark_or_close_fds_ge_than (entrypoint_args->container, entrypoint_args->context->preserve_fds + 3, true, err);
if (entrypoint_args->custom_handler->vtable->close_fds)
Copy link
Contributor

@eriksjolund eriksjolund Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the if statement condition evaluates to true, then no error is created.
I think using crun_error_release (err); (in line 1656) requires that we know for sure err is equal to
NULL or pointing to an allocated error. It's not clear at first sight whether that requirement is fulfilled.

One idea is to replace line 897

  return mark_or_close_fds_ge_than (first_fd_to_close, true, NULL);

with

  return mark_or_close_fds_ge_than (first_fd_to_close, true, err);

and add err as a function argument to libkrun_close_fds()

{
ret = entrypoint_args->custom_handler->vtable->close_fds (entrypoint_args->custom_handler->cookie,
entrypoint_args->container,
entrypoint_args->context->preserve_fds);
}
else
{
ret = mark_or_close_fds_ge_than (entrypoint_args->container, entrypoint_args->context->preserve_fds + 3, true, err);
}
if (UNLIKELY (ret < 0))
crun_error_release (err);

Expand Down
2 changes: 2 additions & 0 deletions src/libcrun/custom-handler.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ struct custom_handler_s
int (*modify_oci_configuration) (void *cookie, libcrun_context_t *context,
runtime_spec_schema_config_schema *def,
libcrun_error_t *err);

int (*close_fds) (void *cookie, libcrun_container_t *container, int preserve_fds);
};

struct custom_handler_manager_s;
Expand Down
Loading
Loading