summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-07-28 09:18:21 -0400
committerMatthew Heon <matthew.heon@pm.me>2020-07-31 11:40:25 -0400
commit828b5474914c4036d3a6135c63604d223ced3610 (patch)
treeaf0903f2e94846666064d24d17924971aeb70e47
parente0774e65b4515418dce25d0487c3e6f23e1b8f12 (diff)
downloadpodman-828b5474914c4036d3a6135c63604d223ced3610.tar.gz
podman-828b5474914c4036d3a6135c63604d223ced3610.tar.bz2
podman-828b5474914c4036d3a6135c63604d223ced3610.zip
Specifying --ipc=host --pid=host is broken
For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--cmd/podman/common/create_opts.go2
-rw-r--r--cmd/podman/common/specgen.go64
-rw-r--r--cmd/podman/containers/create.go2
-rw-r--r--test/e2e/run_ns_test.go31
4 files changed, 75 insertions, 24 deletions
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 08ffa5544..bb50df8c9 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -10,7 +10,7 @@ type ContainerCLIOpts struct {
BlkIOWeightDevice []string
CapAdd []string
CapDrop []string
- CGroupsNS string
+ CgroupNS string
CGroupsMode string
CGroupParent string
CIDFile string
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index aa8669e7a..7716fc150 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -186,6 +186,46 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.Linu
return memory, nil
}
+func setNamespaces(s *specgen.SpecGenerator, c *ContainerCLIOpts) error {
+ var err error
+
+ if c.PID != "" {
+ s.PidNS, err = specgen.ParseNamespace(c.PID)
+ if err != nil {
+ return err
+ }
+ }
+ if c.IPC != "" {
+ s.IpcNS, err = specgen.ParseNamespace(c.IPC)
+ if err != nil {
+ return err
+ }
+ }
+ if c.UTS != "" {
+ s.UtsNS, err = specgen.ParseNamespace(c.UTS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.CgroupNS != "" {
+ s.CgroupNS, err = specgen.ParseNamespace(c.CgroupNS)
+ if err != nil {
+ return err
+ }
+ }
+ // userns must be treated differently
+ if c.UserNS != "" {
+ s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.Net != nil {
+ s.NetNS = c.Net.Network
+ }
+ return nil
+}
+
func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) error {
var (
err error
@@ -250,28 +290,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
s.Expose = expose
- for k, v := range map[string]*specgen.Namespace{
- c.IPC: &s.IpcNS,
- c.PID: &s.PidNS,
- c.UTS: &s.UtsNS,
- c.CGroupsNS: &s.CgroupNS,
- } {
- if k != "" {
- *v, err = specgen.ParseNamespace(k)
- if err != nil {
- return err
- }
- }
- }
- // userns must be treated differently
- if c.UserNS != "" {
- s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
- if err != nil {
- return err
- }
- }
- if c.Net != nil {
- s.NetNS = c.Net.Network
+ if err := setNamespaces(s, c); err != nil {
+ return err
}
if sig := c.StopSignal; len(sig) > 0 {
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 10761be33..41e63da76 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -195,7 +195,7 @@ func createInit(c *cobra.Command) error {
cliVals.IPC = c.Flag("ipc").Value.String()
cliVals.UTS = c.Flag("uts").Value.String()
cliVals.PID = c.Flag("pid").Value.String()
- cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
+ cliVals.CgroupNS = c.Flag("cgroupns").Value.String()
if c.Flag("entrypoint").Changed {
val := c.Flag("entrypoint").Value.String()
cliVals.Entrypoint = &val
diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go
index 1c1b5cfbb..7113fa69e 100644
--- a/test/e2e/run_ns_test.go
+++ b/test/e2e/run_ns_test.go
@@ -4,6 +4,7 @@ package integration
import (
"os"
+ "os/exec"
"strings"
. "github.com/containers/libpod/v2/test/utils"
@@ -104,4 +105,34 @@ var _ = Describe("Podman run ns", func() {
session.WaitWithDefaultTimeout()
Expect(session).To(ExitWithError())
})
+
+ It("podman run --ipc=host --pid=host", func() {
+ cmd := exec.Command("ls", "-l", "/proc/self/ns/pid")
+ res, err := cmd.Output()
+ Expect(err).To(BeNil())
+ fields := strings.Split(string(res), " ")
+ hostPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ cmd = exec.Command("ls", "-l", "/proc/self/ns/ipc")
+ res, err = cmd.Output()
+ Expect(err).To(BeNil())
+ fields = strings.Split(string(res), " ")
+ hostIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ session := podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/pid"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ fields = strings.Split(session.OutputToString(), " ")
+ ctrPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ session = podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/ipc"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ fields = strings.Split(session.OutputToString(), " ")
+ ctrIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ Expect(hostPidNS).To(Equal(ctrPidNS))
+ Expect(hostIpcNS).To(Equal(ctrIpcNS))
+ })
+
})