summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoropenshift-ci[bot] <75433959+openshift-ci[bot]@users.noreply.github.com>2021-08-06 12:11:32 +0000
committerGitHub <noreply@github.com>2021-08-06 12:11:32 +0000
commit0eb2a02620e28383d3e4458854411f277d1e30f7 (patch)
tree99aa742239301d68d067070bbc5bbb2fa5f76ce5
parenta82ceafb73356d8e3ed825be2f0ad0a29b7c3761 (diff)
parent541e83ffe285cc67f4635d2dd1e7c89135140a13 (diff)
downloadpodman-0eb2a02620e28383d3e4458854411f277d1e30f7.tar.gz
podman-0eb2a02620e28383d3e4458854411f277d1e30f7.tar.bz2
podman-0eb2a02620e28383d3e4458854411f277d1e30f7.zip
Merge pull request #11141 from flouthoc/support-linux-execution-domain
personality: Add support for setting execution domain.
-rw-r--r--cmd/podman/common/create.go8
-rw-r--r--cmd/podman/common/create_opts.go1
-rw-r--r--cmd/podman/common/specgen.go6
-rw-r--r--docs/source/markdown/podman-create.1.md12
-rw-r--r--docs/source/markdown/podman-run.1.md12
-rw-r--r--pkg/specgen/generate/oci.go3
-rw-r--r--pkg/specgen/specgen.go5
-rw-r--r--test/e2e/run_test.go11
8 files changed, 56 insertions, 2 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 96414add4..602ad5d94 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -498,6 +498,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) {
)
_ = cmd.RegisterFlagCompletionFunc(variantFlagName, completion.AutocompleteNone)
+ personalityFlagName := "personality"
+ createFlags.StringVar(
+ &cf.Personality,
+ personalityFlagName, "",
+ "Configure execution domain using personality (e.g., LINUX/LINUX32)",
+ )
+ _ = cmd.RegisterFlagCompletionFunc(personalityFlagName, AutocompleteNamespace)
+
pidFlagName := "pid"
createFlags.String(
pidFlagName, "",
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 61f08b73b..0a969bfd2 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -81,6 +81,7 @@ type ContainerCLIOpts struct {
Arch string
OS string
Variant string
+ Personality string
PID string
PIDsLimit *int64
Platform string
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 118091855..8d6a21cb7 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -651,6 +651,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
if err != nil {
return err
}
+
+ if c.Personality != "" {
+ s.Personality = &specs.LinuxPersonality{}
+ s.Personality.Domain = specs.LinuxPersonalityDomain(c.Personality)
+ }
+
s.Remove = c.Rm
s.StopTimeout = &c.StopTimeout
s.Timeout = c.Timeout
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index b2f7260ae..51f51c10a 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -706,6 +706,10 @@ Tune the host's OOM preferences for containers (accepts -1000 to 1000)
#### **--os**=*OS*
Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
+#### **--personality**=*persona*
+
+Personality sets the execution domain via Linux personality(2).
+
#### **--pid**=*pid*
Set the PID mode for the container
@@ -1429,6 +1433,12 @@ $ podman start --attach container3
$ podman create -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
```
+### Configure execution domain for containers using personality flag
+
+```
+$ podman create --name container1 --personaity=LINUX32 fedora bash
+```
+
### Rootless Containers
Podman runs as a non root user on most systems. This feature requires that a new enough version of shadow-utils
@@ -1491,7 +1501,7 @@ NOTE: Use the environment variable `TMPDIR` to change the temporary storage loca
## SEE ALSO
**podman**(1), **podman-secret**(1), **podman-save**(1), **podman-ps**(1), **podman-attach**(1), **podman-pod-create**(1), **podman-port**(1), **podman-start*(1), **podman-kill**(1), **podman-stop**(1),
-**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8).
+**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8), **personality**(2).
## HISTORY
October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman `<dwalsh@redhat.com>`
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index f08561904..38ed44582 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -726,6 +726,10 @@ Tune the host's OOM preferences for containers (accepts values from **-1000** to
#### **--os**=*OS*
Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
+#### **--personality**=*persona*
+
+Personality sets the execution domain via Linux personality(2).
+
#### **--pid**=*mode*
Set the PID namespace mode for the container.
@@ -1776,6 +1780,12 @@ $ podman run --name container3 --requires container1,container2 -t -i fedora bas
$ podman run -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
```
+### Configure execution domain for containers using personality flag
+
+```
+$ podman run --name container1 --personaity=LINUX32 fedora bash
+```
+
### Rootless Containers
Podman runs as a non root user on most systems. This feature requires that a new enough version of **shadow-utils**
@@ -1836,7 +1846,7 @@ NOTE: Use the environment variable `TMPDIR` to change the temporary storage loca
## SEE ALSO
**podman**(1), **podman-save**(1), **podman-ps**(1), **podman-attach**(1), **podman-pod-create**(1), **podman-port**(1), **podman-start**(1), **podman-kill**(1), **podman-stop**(1),
-**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8).
+**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8), **personality**(2).
## HISTORY
September 2018, updated by Kunal Kushwaha `<kushwaha_kunal_v7@lab.ntt.co.jp>`
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 6e310d8a6..1f3f9e832 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -285,6 +285,9 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
}
g.AddMount(cgroupMnt)
}
+
+ g.Config.Linux.Personality = s.Personality
+
g.SetProcessCwd(s.WorkDir)
g.SetProcessArgs(finalCmd)
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index b4ac337b5..fc647227e 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -186,6 +186,11 @@ type ContainerBasicConfig struct {
// InitContainerType describes if this container is an init container
// and if so, what type: always or oneshot
InitContainerType string `json:"init_container_type"`
+ // Personality allows users to configure different execution domains.
+ // Execution domains tell Linux how to map signal numbers into signal actions.
+ // The execution domain system allows Linux to provide limited support
+ // for binaries compiled under other UNIX-like operating systems.
+ Personality *spec.LinuxPersonality `json:"personality,omitempty"`
}
// ContainerStorageConfig contains information on the storage configuration of a
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 3c65c02d1..d68aa6ac4 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1790,4 +1790,15 @@ WORKDIR /madethis`, BB)
_, err = strconv.Atoi(containerPID) // Make sure it's a proper integer
Expect(err).To(BeNil())
})
+
+ It("podman run check personality support", func() {
+ // TODO: Remove this as soon as this is merged and made available in our CI https://github.com/opencontainers/runc/pull/3126.
+ if !strings.Contains(podmanTest.OCIRuntime, "crun") {
+ Skip("Test only works on crun")
+ }
+ session := podmanTest.Podman([]string{"run", "--personality=LINUX32", "--name=testpersonality", ALPINE, "uname", "-a"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("i686"))
+ })
})