Disable ipv6 inside workspace (#20326)

iQQBot · web-flow · commit 1c2d64c6efb9 · 2024-10-29T04:20:54.000-04:00
diff --git a/components/ws-daemon/nsinsider/main.go b/components/ws-daemon/nsinsider/main.go
@@ -402,6 +402,13 @@ func main() {
 					return os.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1"), 0644)
 				},
 			},
+			{
+				Name:  "disable-ipv6",
+				Usage: "disable IPv6",
+				Action: func(c *cli.Context) error {
+					return os.WriteFile("/proc/sys/net/ipv6/conf/all/disable_ipv6", []byte("1"), 0644)
+				},
+			},
 			{
 				Name:  "dump-network-info",
 				Usage: "dump network info",
diff --git a/components/ws-daemon/pkg/iws/iws.go b/components/ws-daemon/pkg/iws/iws.go
@@ -489,6 +489,13 @@ func (wbs *InWorkspaceServiceServer) MountProc(ctx context.Context, req *api.Mou
 	masks = append(masks, procDefaultReadonlyPaths...)
 	cleanupMaskedMount(wbs.Session.OWI(), nodeStaging, masks)
 
+	err = nsi.Nsinsider(wbs.Session.InstanceID, int(procPID), func(c *exec.Cmd) {
+		c.Args = append(c.Args, "disable-ipv6")
+	}, nsi.EnterNetNS(true), nsi.EnterMountNSPid(1))
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "cannot disable IPv6")
+	}
+
 	return &api.MountProcResponse{}, nil
 }
 
