summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorflouthoc <flouthoc.git@gmail.com>2021-08-05 17:12:17 +0530
committerflouthoc <flouthoc.git@gmail.com>2021-08-06 15:04:47 +0530
commit541e83ffe285cc67f4635d2dd1e7c89135140a13 (patch)
tree3e36e1cbe94763c156bf84690de520219bd6daab
parent1f0a24437d71f8fe2b2233a428202afcfe513666 (diff)
downloadpodman-541e83ffe285cc67f4635d2dd1e7c89135140a13.tar.gz
podman-541e83ffe285cc67f4635d2dd1e7c89135140a13.tar.bz2
podman-541e83ffe285cc67f4635d2dd1e7c89135140a13.zip
personality: Add support for setting execution domain.
Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Diffstat
-rw-r--r--cmd/podman/common/create.go8
-rw-r--r--cmd/podman/common/create_opts.go1
-rw-r--r--cmd/podman/common/specgen.go6
-rw-r--r--docs/source/markdown/podman-create.1.md12
-rw-r--r--docs/source/markdown/podman-run.1.md12
-rw-r--r--pkg/specgen/generate/oci.go3
-rw-r--r--pkg/specgen/specgen.go5
-rw-r--r--test/e2e/run_test.go11
8 files changed, 56 insertions, 2 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 96414add4..602ad5d94 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -498,6 +498,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) {
)
_ = cmd.RegisterFlagCompletionFunc(variantFlagName, completion.AutocompleteNone)
+ personalityFlagName := "personality"
+ createFlags.StringVar(
+ &cf.Personality,
+ personalityFlagName, "",
+ "Configure execution domain using personality (e.g., LINUX/LINUX32)",
+ )
+ _ = cmd.RegisterFlagCompletionFunc(personalityFlagName, AutocompleteNamespace)
+
pidFlagName := "pid"
createFlags.String(
pidFlagName, "",
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 61f08b73b..0a969bfd2 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -81,6 +81,7 @@ type ContainerCLIOpts struct {
Arch string
OS string
Variant string
+ Personality string
PID string
PIDsLimit *int64
Platform string
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 118091855..8d6a21cb7 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -651,6 +651,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
if err != nil {
return err
}
+
+ if c.Personality != "" {
+ s.Personality = &specs.LinuxPersonality{}
+ s.Personality.Domain = specs.LinuxPersonalityDomain(c.Personality)
+ }
+
s.Remove = c.Rm
s.StopTimeout = &c.StopTimeout
s.Timeout = c.Timeout
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index b2f7260ae..51f51c10a 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -706,6 +706,10 @@ Tune the host's OOM preferences for containers (accepts -1000 to 1000)
#### **--os**=*OS*
Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
+#### **--personality**=*persona*
+
+Personality sets the execution domain via Linux personality(2).
+
#### **--pid**=*pid*
Set the PID mode for the container
@@ -1429,6 +1433,12 @@ $ podman start --attach container3
$ podman create -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
```
+### Configure execution domain for containers using personality flag
+
+```
+$ podman create --name container1 --personaity=LINUX32 fedora bash
+```
+
### Rootless Containers
Podman runs as a non root user on most systems. This feature requires that a new enough version of shadow-utils
@@ -1491,7 +1501,7 @@ NOTE: Use the environment variable `TMPDIR` to change the temporary storage loca
## SEE ALSO
**podman**(1), **podman-secret**(1), **podman-save**(1), **podman-ps**(1), **podman-attach**(1), **podman-pod-create**(1), **podman-port**(1), **podman-start*(1), **podman-kill**(1), **podman-stop**(1),
-**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8).
+**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8), **personality**(2).
## HISTORY
October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman `<dwalsh@redhat.com>`
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index f08561904..38ed44582 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -726,6 +726,10 @@ Tune the host's OOM preferences for containers (accepts values from **-1000** to
#### **--os**=*OS*
Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`.
+#### **--personality**=*persona*
+
+Personality sets the execution domain via Linux personality(2).
+
#### **--pid**=*mode*
Set the PID namespace mode for the container.
@@ -1776,6 +1780,12 @@ $ podman run --name container3 --requires container1,container2 -t -i fedora bas
$ podman run -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
```
+### Configure execution domain for containers using personality flag
+
+```
+$ podman run --name container1 --personaity=LINUX32 fedora bash
+```
+
### Rootless Containers
Podman runs as a non root user on most systems. This feature requires that a new enough version of **shadow-utils**
@@ -1836,7 +1846,7 @@ NOTE: Use the environment variable `TMPDIR` to change the temporary storage loca
## SEE ALSO
**podman**(1), **podman-save**(1), **podman-ps**(1), **podman-attach**(1), **podman-pod-create**(1), **podman-port**(1), **podman-start**(1), **podman-kill**(1), **podman-stop**(1),
-**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8).
+**podman-generate-systemd**(1) **podman-rm**(1), **subgid**(5), **subuid**(5), **containers.conf**(5), **systemd.unit**(5), **setsebool**(8), **slirp4netns**(1), **fuse-overlayfs**(1), **proc**(5), **conmon**(8), **personality**(2).
## HISTORY
September 2018, updated by Kunal Kushwaha `<kushwaha_kunal_v7@lab.ntt.co.jp>`
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 6e310d8a6..1f3f9e832 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -285,6 +285,9 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
}
g.AddMount(cgroupMnt)
}
+
+ g.Config.Linux.Personality = s.Personality
+
g.SetProcessCwd(s.WorkDir)
g.SetProcessArgs(finalCmd)
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index b4ac337b5..fc647227e 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -186,6 +186,11 @@ type ContainerBasicConfig struct {
// InitContainerType describes if this container is an init container
// and if so, what type: always or oneshot
InitContainerType string `json:"init_container_type"`
+ // Personality allows users to configure different execution domains.
+ // Execution domains tell Linux how to map signal numbers into signal actions.
+ // The execution domain system allows Linux to provide limited support
+ // for binaries compiled under other UNIX-like operating systems.
+ Personality *spec.LinuxPersonality `json:"personality,omitempty"`
}
// ContainerStorageConfig contains information on the storage configuration of a
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 3c65c02d1..d68aa6ac4 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1790,4 +1790,15 @@ WORKDIR /madethis`, BB)
_, err = strconv.Atoi(containerPID) // Make sure it's a proper integer
Expect(err).To(BeNil())
})
+
+ It("podman run check personality support", func() {
+ // TODO: Remove this as soon as this is merged and made available in our CI https://github.com/opencontainers/runc/pull/3126.
+ if !strings.Contains(podmanTest.OCIRuntime, "crun") {
+ Skip("Test only works on crun")
+ }
+ session := podmanTest.Podman([]string{"run", "--personality=LINUX32", "--name=testpersonality", ALPINE, "uname", "-a"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("i686"))
+ })
})
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-20 04:05:36 +0000