1.0.1 — IPv6 lease file per-user (mirror of 0.9.27 v4 fix)#190
Merged
Conversation
Mirror the 0.9.27 IPv4 lazy-resolve pattern into network_lease6.cpp. When the crated privops socket is detected, the v6 lease file resolves to /var/run/crate/<uid>/network-leases6.txt instead of the legacy shared /var/run/crate/network-leases6.txt path. Without this fix, rootless multi-tenant deployments raced on v6 allocations even though v4 was already isolated since 0.9.27 — an asymmetry that masked the bug from single-stack v4 setups. Wire/format/signatures unchanged. Suite stays at 1303.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
lib/network_lease6.cpp— mirror the 0.9.27 IPv4effectivePath()lazy-resolve pattern; when crated's privops socket is detected at first call, the v6 lease file resolves to/var/run/crate/<uid>/network-leases6.txtinstead of the legacy shared/var/run/crate/network-leases6.txtlib/network_lease6.h— header comment documents per-user storagecli/args.cpp— versioncrate 1.0.1CHANGELOG.md— entry covering the asymmetry that masked the bugWhy this matters
Without this fix, rootless multi-tenant deployments raced on v6 lease allocations even though IPv4 was already isolated since 0.9.27. Single-stack v4 setups never saw the bug; dual-stack setups hit it whenever two operators ran
crate runconcurrently with overlapping v6 names.Behaviour
crated)/var/run/crate/network-leases.txt/var/run/crate/network-leases6.txt/var/run/crate/network-leases6.txt/var/run/crate/<uid>/.../var/run/crate/network-leases6.txt/var/run/crate/<uid>/network-leases6.txt✓Wire / API compatibility
None of the lease format, allocation algorithm, or public function signatures changed.
NetworkLease6::leasePath()now returns the resolved per-user path (matching whatNetworkLease::leasePath()has done since 0.9.27).Test plan
cratedrunning +rootless_per_user: true,crate runan IPv6 jail and verifyls /var/run/crate/$(id -u)/network-leases6.txtexistscratedstopped,crate --helpworks (no daemon dependency for v6 path resolution at process start)/var/run/crate/network-leases6.txtunchanged when privops socket not detectedGenerated by Claude Code