aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-07-28 09:18:21 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-07-28 14:53:54 -0400
commitbb4d269087d11623e15d1aa3c8cb197f29a601d1 (patch)
tree1927db4a75af39689b937df14c30c423f00bea08
parent288ebec6e737c105fa0ef43412de4e0a8997feb9 (diff)
downloadpodman-bb4d269087d11623e15d1aa3c8cb197f29a601d1.tar.gz
podman-bb4d269087d11623e15d1aa3c8cb197f29a601d1.tar.bz2
podman-bb4d269087d11623e15d1aa3c8cb197f29a601d1.zip
Specifying --ipc=host --pid=host is broken
For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--cmd/podman/common/create_opts.go2
-rw-r--r--cmd/podman/common/specgen.go64
-rw-r--r--cmd/podman/containers/create.go2
-rw-r--r--test/e2e/run_ns_test.go31
4 files changed, 75 insertions, 24 deletions
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 3802c37b0..f9e4d7ca5 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -10,7 +10,7 @@ type ContainerCLIOpts struct {
BlkIOWeightDevice []string
CapAdd []string
CapDrop []string
- CGroupsNS string
+ CgroupNS string
CGroupsMode string
CGroupParent string
CIDFile string
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 07c88efea..0b6897d3a 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -186,6 +186,46 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.Linu
return memory, nil
}
+func setNamespaces(s *specgen.SpecGenerator, c *ContainerCLIOpts) error {
+ var err error
+
+ if c.PID != "" {
+ s.PidNS, err = specgen.ParseNamespace(c.PID)
+ if err != nil {
+ return err
+ }
+ }
+ if c.IPC != "" {
+ s.IpcNS, err = specgen.ParseNamespace(c.IPC)
+ if err != nil {
+ return err
+ }
+ }
+ if c.UTS != "" {
+ s.UtsNS, err = specgen.ParseNamespace(c.UTS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.CgroupNS != "" {
+ s.CgroupNS, err = specgen.ParseNamespace(c.CgroupNS)
+ if err != nil {
+ return err
+ }
+ }
+ // userns must be treated differently
+ if c.UserNS != "" {
+ s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.Net != nil {
+ s.NetNS = c.Net.Network
+ }
+ return nil
+}
+
func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) error {
var (
err error
@@ -252,28 +292,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
s.Expose = expose
- for k, v := range map[string]*specgen.Namespace{
- c.IPC: &s.IpcNS,
- c.PID: &s.PidNS,
- c.UTS: &s.UtsNS,
- c.CGroupsNS: &s.CgroupNS,
- } {
- if k != "" {
- *v, err = specgen.ParseNamespace(k)
- if err != nil {
- return err
- }
- }
- }
- // userns must be treated differently
- if c.UserNS != "" {
- s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
- if err != nil {
- return err
- }
- }
- if c.Net != nil {
- s.NetNS = c.Net.Network
+ if err := setNamespaces(s, c); err != nil {
+ return err
}
if sig := c.StopSignal; len(sig) > 0 {
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index dcbc52b56..dd77dc9d7 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -195,7 +195,7 @@ func createInit(c *cobra.Command) error {
cliVals.IPC = c.Flag("ipc").Value.String()
cliVals.UTS = c.Flag("uts").Value.String()
cliVals.PID = c.Flag("pid").Value.String()
- cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
+ cliVals.CgroupNS = c.Flag("cgroupns").Value.String()
if c.Flag("entrypoint").Changed {
val := c.Flag("entrypoint").Value.String()
cliVals.Entrypoint = &val
diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go
index 2b6da2888..5242e04d2 100644
--- a/test/e2e/run_ns_test.go
+++ b/test/e2e/run_ns_test.go
@@ -2,6 +2,7 @@ package integration
import (
"os"
+ "os/exec"
"strings"
. "github.com/containers/podman/v2/test/utils"
@@ -102,4 +103,34 @@ var _ = Describe("Podman run ns", func() {
session.WaitWithDefaultTimeout()
Expect(session).To(ExitWithError())
})
+
+ It("podman run --ipc=host --pid=host", func() {
+ cmd := exec.Command("ls", "-l", "/proc/self/ns/pid")
+ res, err := cmd.Output()
+ Expect(err).To(BeNil())
+ fields := strings.Split(string(res), " ")
+ hostPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ cmd = exec.Command("ls", "-l", "/proc/self/ns/ipc")
+ res, err = cmd.Output()
+ Expect(err).To(BeNil())
+ fields = strings.Split(string(res), " ")
+ hostIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ session := podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/pid"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ fields = strings.Split(session.OutputToString(), " ")
+ ctrPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ session = podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/ipc"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ fields = strings.Split(session.OutputToString(), " ")
+ ctrIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ Expect(hostPidNS).To(Equal(ctrPidNS))
+ Expect(hostIpcNS).To(Equal(ctrIpcNS))
+ })
+
})