From 7ce18d92fc7b3cd0ef8e57df0f869dd1f6671f49 Mon Sep 17 00:00:00 2001
From: Doug Rabson <dfr@rabson.org>
Date: Mon, 14 Aug 2023 17:22:04 +0100
Subject: [PATCH] libnetwork/cni: use 'ifconfig -j' on FreeBSD if it is
 supported

This allows us to use a single jail for containers with networking since
CNI can initialise the network without needing a separate jail to own
the network namespace.

Signed-off-by: Doug Rabson <dfr@rabson.org>
---
 libnetwork/cni/run_freebsd.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libnetwork/cni/run_freebsd.go b/libnetwork/cni/run_freebsd.go
index c356a864a..cca00aa83 100644
--- a/libnetwork/cni/run_freebsd.go
+++ b/libnetwork/cni/run_freebsd.go
@@ -8,6 +8,12 @@ import (
 // add the default address. Note: this will also add ::1 as a side
 // effect.
 func setupLoopback(namespacePath string) error {
-	// The jexec wrapper runs the ifconfig command inside the jail.
+	// Try to run the command using ifconfig's -j flag (supported in 13.3 and later)
+	if err := exec.Command("ifconfig", "-j", namespacePath, "lo0", "inet", "127.0.0.1").Run(); err == nil {
+		return nil
+	}
+
+	// Fall back to using the jexec wrapper to run the ifconfig command
+	// inside the jail.
 	return exec.Command("jexec", namespacePath, "ifconfig", "lo0", "inet", "127.0.0.1").Run()
 }