ocihook: Use the passed netns annotation when set

Samuel Ortiz · Samuel Ortiz · commit 17d8c005e6f8 · 2022-02-15T17:49:20.000+01:00
When a runtime specify the labels.NetworkNamespace annotation, we use it over the passed Pid. That allows VM based runtimes to explictly use a networking namespace path they create. Fixes #787 Signed-off-by: Samuel Ortiz <s.ortiz@apple.com>
diff --git a/pkg/ocihook/ocihook.go b/pkg/ocihook/ocihook.go
@@ -262,9 +262,21 @@ func loadSpec(bundle string) (*hookSpec, error) {
 }
 
 func getNetNSPath(state *specs.State) (string, error) {
-	if state.Pid == 0 {
-		return "", errors.New("state.Pid is unset")
+	// If we have a network-namespace annotation we use it over the passed Pid.
+	netNsPath, netNsFound := state.Annotations[NetworkNamespace]
+	if netNsFound {
+		if _, err := os.Stat(netNsPath); err != nil {
+			return "", err
+		}
+
+		return netNsPath, nil
 	}
+
+	if state.Pid == 0 && !netNsFound {
+		return "", errors.New("Both state.Pid and the netNs annotation are unset")
+	}
+
+	// We dont't have a networking namespace annotation, but we have a PID.
 	s := fmt.Sprintf("/proc/%d/ns/net", state.Pid)
 	if _, err := os.Stat(s); err != nil {
 		return "", err
