summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-05-25 08:57:15 -0400
committerGitHub <noreply@github.com>2022-05-25 08:57:15 -0400
commit800a367d737828193de5e41f8ad5587e2dde1f59 (patch)
tree3c0c8badf0ae88decba77d23b3085a26d41244aa
parent1dcd1c970d3438bd6044cce0aba9b7258cb6849d (diff)
parent2ce475576781dc50ec5e2998982d19c80c305117 (diff)
downloadpodman-800a367d737828193de5e41f8ad5587e2dde1f59.tar.gz
podman-800a367d737828193de5e41f8ad5587e2dde1f59.tar.bz2
podman-800a367d737828193de5e41f8ad5587e2dde1f59.zip
Merge pull request #14333 from rhatdan/pod
Allow podman pod create --share +pid
-rw-r--r--cmd/podman/pods/create.go7
-rw-r--r--docs/source/markdown/podman-pod-create.1.md20
-rw-r--r--test/system/200-pod.bats7
3 files changed, 23 insertions, 11 deletions
diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go
index eaf6dd9d5..e2f80bdbc 100644
--- a/cmd/podman/pods/create.go
+++ b/cmd/podman/pods/create.go
@@ -166,7 +166,12 @@ func create(cmd *cobra.Command, args []string) error {
if strings.Contains(share, "cgroup") && shareParent {
return errors.Wrapf(define.ErrInvalidArg, "cannot define the pod as the cgroup parent at the same time as joining the infra container's cgroupNS")
}
- createOptions.Share = strings.Split(share, ",")
+
+ if strings.HasPrefix(share, "+") {
+ createOptions.Share = append(createOptions.Share, strings.Split(specgen.DefaultKernelNamespaces, ",")...)
+ share = share[1:]
+ }
+ createOptions.Share = append(createOptions.Share, strings.Split(share, ",")...)
createOptions.ShareParent = &shareParent
if cmd.Flag("infra-command").Changed {
// Only send content to server side if user changed defaults
diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
index acccc832d..cf749efda 100644
--- a/docs/source/markdown/podman-pod-create.1.md
+++ b/docs/source/markdown/podman-pod-create.1.md
@@ -14,6 +14,15 @@ is not given a random name is generated. The pod id is printed to STDOUT. You
can then use **podman create --pod `<pod_id|pod_name>` ...** to add containers
to the pod, and **podman pod start `<pod_id|pod_name>`** to start the pod.
+The operator can identify a pod in three ways:
+UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
+UUID short identifier (“f78375b1c487”)
+Name (“jonah”)
+
+podman generates a UUID for each pod, and if a name is not assigned
+to the container with **--name** then a random string name will be generated
+for it. The name is useful any place you need to identify a pod.
+
## OPTIONS
#### **--add-host**=_host_:_ip_
@@ -267,16 +276,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the
#### **--share**=*namespace*
-A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts.
-
-The operator can identify a pod in three ways:
-UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
-UUID short identifier (“f78375b1c487”)
-Name (“jonah”)
-
-podman generates a UUID for each pod, and if a name is not assigned
-to the container with **--name** then a random string name will be generated
-for it. The name is useful any place you need to identify a pod.
+A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts)
#### **--share-parent**
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 8761b7131..404ad67ec 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -335,8 +335,15 @@ EOF
is "$output" ".*Invalid kernel namespace to share: bogus. Options are: cgroup, ipc, net, pid, uts or none" \
"pod test for bogus --share option"
run_podman pod create --share ipc --name $pod_name
+ run_podman pod inspect $pod_name --format "{{.SharedNamespaces}}"
+ is "$output" "[ipc]"
run_podman run --rm --pod $pod_name --hostname foobar $IMAGE hostname
is "$output" "foobar" "--hostname should work with non share UTS namespace"
+ run_podman pod create --share +pid --replace --name $pod_name
+ run_podman pod inspect $pod_name --format "{{.SharedNamespaces}}"
+ for ns in uts pid ipc net; do
+ is "$output" ".*$ns"
+ done
}
@test "podman pod create --pod new:$POD --hostname" {