summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-10-29 18:45:49 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-10-30 05:21:34 -0400
commit916825b6753086d7712ba593e5381b9bd49aae96 (patch)
tree49fd5ad65e97f4a3fd79685203e5722d77dcab8d
parent228396a99dc88fc828f23d4072a46ca8de90282f (diff)
downloadpodman-916825b6753086d7712ba593e5381b9bd49aae96.tar.gz
podman-916825b6753086d7712ba593e5381b9bd49aae96.tar.bz2
podman-916825b6753086d7712ba593e5381b9bd49aae96.zip
Pod's that share the IPC Namespace need to share /dev/shm
Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--libpod/runtime_pod_infra_linux.go1
-rw-r--r--pkg/specgen/generate/namespaces.go1
-rw-r--r--test/e2e/pod_pod_namespaces.go19
-rw-r--r--test/system/200-pod.bats24
4 files changed, 45 insertions, 0 deletions
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index 7f58e86d8..76419587a 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -131,6 +131,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
logrus.Debugf("Using %q as infra container entrypoint", entryCmd)
+ g.RemoveMount("/dev/shm")
if isRootless {
g.RemoveMount("/dev/pts")
devPts := spec.Mount{
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 7e4f09dc4..55a0118cb 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -127,6 +127,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
return nil, errNoInfra
}
toReturn = append(toReturn, libpod.WithIPCNSFrom(infraCtr))
+ toReturn = append(toReturn, libpod.WithShmDir(infraCtr.ShmDir()))
case specgen.FromContainer:
ipcCtr, err := rt.LookupContainer(s.IpcNS.Value)
if err != nil {
diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go
index 41e9c5683..20b8bdb39 100644
--- a/test/e2e/pod_pod_namespaces.go
+++ b/test/e2e/pod_pod_namespaces.go
@@ -60,6 +60,25 @@ var _ = Describe("Podman pod create", func() {
Expect(NAMESPACE1).To(Equal(NAMESPACE2))
})
+ It("podman pod container share ipc && /dev/shm ", func() {
+ session := podmanTest.Podman([]string{"pod", "create"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ podID := session.OutputToString()
+
+ session = podmanTest.Podman([]string{"pod", "start", podID})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "touch", "/dev/shm/test"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "ls", "/dev/shm/test"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ })
+
It("podman pod container dontshare PIDNS", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 1d17c8cad..b0f645c53 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -116,6 +116,30 @@ function teardown() {
run_podman 1 pod exists $podname
}
+@test "podman pod - communicating via /dev/shm " {
+ if is_remote && is_rootless; then
+ skip "FIXME: pending #7139"
+ fi
+
+ podname=pod$(random_string)
+ run_podman 1 pod exists $podname
+ run_podman pod create --infra=true --name=$podname
+ podid="$output"
+ run_podman pod exists $podname
+ run_podman pod exists $podid
+
+ run_podman run --rm --pod $podname $IMAGE touch /dev/shm/test1
+ run_podman run --rm --pod $podname $IMAGE ls /dev/shm/test1
+ is "$output" "/dev/shm/test1"
+
+ # ...then rm the pod, then rmi the pause image so we don't leave strays.
+ run_podman pod rm $podname
+
+ # Pod no longer exists
+ run_podman 1 pod exists $podid
+ run_podman 1 pod exists $podname
+}
+
# Random byte
function octet() {
echo $(( $RANDOM & 255 ))