podman pod create --shm-size

expose the --shm-size flag to podman pod create and add proper handling and inheritance
for the option.

resolves #14609

Signed-off-by: Charlie Doern <cdoern@redhat.com>

11 files changed, 85 insertions, 10 deletions

diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 40bb0df78..e25bdd241 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -452,13 +452,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(secretFlagName, AutocompleteSecrets)
 
-		shmSizeFlagName := "shm-size"
-		createFlags.String(
-			shmSizeFlagName, shmSize(),
-			"Size of /dev/shm "+sizeWithUnitFormat,
-		)
-		_ = cmd.RegisterFlagCompletionFunc(shmSizeFlagName, completion.AutocompleteNone)
-
 		stopSignalFlagName := "stop-signal"
 		createFlags.StringVar(
 			&cf.StopSignal,
@@ -628,6 +621,13 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 	}
 	if isInfra || (!clone && !isInfra) { // infra container flags, create should also pick these up
+		shmSizeFlagName := "shm-size"
+		createFlags.String(
+			shmSizeFlagName, shmSize(),
+			"Size of /dev/shm "+sizeWithUnitFormat,
+		)
+		_ = cmd.RegisterFlagCompletionFunc(shmSizeFlagName, completion.AutocompleteNone)
+
 		sysctlFlagName := "sysctl"
 		createFlags.StringSliceVar(
 			&cf.Sysctl,
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index a214ae8aa..c021aa031 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -217,9 +217,6 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
 	}
 
 	if !isInfra {
-		if c.Flag("shm-size").Changed {
-			vals.ShmSize = c.Flag("shm-size").Value.String()
-		}
 		if c.Flag("cpu-period").Changed && c.Flag("cpus").Changed {
 			return vals, errors.Errorf("--cpu-period and --cpus cannot be set together")
 		}
@@ -283,6 +280,9 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
 			return vals, errors.Errorf("--userns and --pod cannot be set together")
 		}
 	}
+	if c.Flag("shm-size").Changed {
+		vals.ShmSize = c.Flag("shm-size").Value.String()
+	}
 	if (c.Flag("dns").Changed || c.Flag("dns-opt").Changed || c.Flag("dns-search").Changed) && vals.Net != nil && (vals.Net.Network.NSMode == specgen.NoNetwork || vals.Net.Network.IsContainer()) {
 		return vals, errors.Errorf("conflicting options: dns and the network mode: " + string(vals.Net.Network.NSMode))
 	}
diff --git a/cmd/podman/pods/clone.go b/cmd/podman/pods/clone.go
index d95d74b05..391af1cf7 100644
--- a/cmd/podman/pods/clone.go
+++ b/cmd/podman/pods/clone.go
@@ -46,6 +46,7 @@ func cloneFlags(cmd *cobra.Command) {
 
 	common.DefineCreateDefaults(&podClone.InfraOptions)
 	common.DefineCreateFlags(cmd, &podClone.InfraOptions, true, false)
+
 	podClone.InfraOptions.MemorySwappiness = -1 // this is not implemented for pods yet, need to set -1 default manually
 
 	// need to fill an empty ctr create option for each container for sane defaults
@@ -72,6 +73,11 @@ func clone(cmd *cobra.Command, args []string) error {
 	}
 
 	podClone.ID = args[0]
+
+	if cmd.Flag("shm-size").Changed {
+		podClone.InfraOptions.ShmSize = cmd.Flag("shm-size").Value.String()
+	}
+
 	podClone.PerContainerOptions.IsClone = true
 	rep, err := registry.ContainerEngine().PodClone(context.Background(), podClone)
 	if err != nil {
diff --git a/docs/source/markdown/podman-pod-clone.1.md b/docs/source/markdown/podman-pod-clone.1.md
index c2808c6d0..e44e9fa3c 100644
--- a/docs/source/markdown/podman-pod-clone.1.md
+++ b/docs/source/markdown/podman-pod-clone.1.md
@@ -124,6 +124,12 @@ Note: Labeling can be disabled for all pods/containers by setting label=false in
 
 Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.
 
+#### **--shm-size**=*size*
+
+Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
+If the unit is omitted, the system uses bytes. If the size is omitted, the system uses `64m`.
+When size is `0`, there is no limit on the amount of memory used for IPC by the pod. This option conflicts with **--ipc=host** when running containers.
+
 #### **--start**
 
 When set to true, this flag starts the newly created pod after the
diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
index 8d8bded37..e63623169 100644
--- a/docs/source/markdown/podman-pod-create.1.md
+++ b/docs/source/markdown/podman-pod-create.1.md
@@ -298,6 +298,12 @@ This boolean determines whether or not all containers entering the pod will use
 
 Note: This options conflict with **--share=cgroup** since that would set the pod as the cgroup parent but enter the container into the same cgroupNS as the infra container.
 
+#### **--shm-size**=*size*
+
+Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
+If the unit is omitted, the system uses bytes. If the size is omitted, the system uses `64m`.
+When size is `0`, there is no limit on the amount of memory used for IPC by the pod. This option conflicts with **--ipc=host** when running containers.
+
 #### **--subgidname**=*name*
 
 Name for GID map from the `/etc/subgid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--gidmap`.
@@ -306,6 +312,7 @@ Name for GID map from the `/etc/subgid` file. Using this flag will run the conta
 
 Name for UID map from the `/etc/subuid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--uidmap`.
 
+
 #### **--sysctl**=_name_=_value_
 
 Configure namespace kernel parameters for all containers in the pod.
diff --git a/libpod/container_config.go b/libpod/container_config.go
index 6558f3c89..76200da5e 100644
--- a/libpod/container_config.go
+++ b/libpod/container_config.go
@@ -432,4 +432,10 @@ type InfraInherit struct {
 	SeccompProfilePath string                   `json:"seccomp_profile_path,omitempty"`
 	SelinuxOpts        []string                 `json:"selinux_opts,omitempty"`
 	Volumes            []*specgen.NamedVolume   `json:"volumes,omitempty"`
+	ShmSize            *int64                   `json:"shm_size"`
+}
+
+// IsDefaultShmSize determines if the user actually set the shm in the parent ctr or if it has been set to the default size
+func (inherit *InfraInherit) IsDefaultShmSize() bool {
+	return inherit.ShmSize == nil || *inherit.ShmSize == 65536000
 }
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 0ed3c79ef..30c759495 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -506,6 +506,7 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s
 	specg.Mounts = mounts
 	specg.HostDeviceList = conf.DeviceHostSrc
 	specg.Networks = conf.Networks
+	specg.ShmSize = &conf.ShmSize
 
 	mapSecurityConfig(conf, specg)
 
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 7faf13465..0dec943d1 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -564,5 +564,10 @@ func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtim
 	if err != nil {
 		return nil, nil, nil, err
 	}
+
+	// this causes errors when shmSize is the default value, it will still get passed down unless we manually override.
+	if s.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) {
+		s.ShmSize = nil
+	}
 	return options, infraSpec, compatibleOptions, nil
 }
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index 777097ac5..02ba06be1 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -183,6 +183,10 @@ type PodStorageConfig struct {
 	// comma-separated options. Valid options are 'ro', 'rw', and 'z'.
 	// Options will be used for all volumes sourced from the container.
 	VolumesFrom []string `json:"volumes_from,omitempty"`
+	// ShmSize is the size of the tmpfs to mount in at /dev/shm, in bytes.
+	// Conflicts with ShmSize if IpcNS is not private.
+	// Optional.
+	ShmSize *int64 `json:"shm_size,omitempty"`
 }
 
 // PodCgroupConfig contains configuration options about a pod's cgroups.
diff --git a/test/e2e/pod_clone_test.go b/test/e2e/pod_clone_test.go
index b62e1205c..b90bf10da 100644
--- a/test/e2e/pod_clone_test.go
+++ b/test/e2e/pod_clone_test.go
@@ -138,4 +138,21 @@ var _ = Describe("Podman pod clone", func() {
 		Expect(data.Mounts[0]).To(HaveField("Name", volName))
 	})
 
+	It("podman pod clone --shm-size", func() {
+		podCreate := podmanTest.Podman([]string{"pod", "create"})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+
+		podClone := podmanTest.Podman([]string{"pod", "clone", "--shm-size", "10mb", podCreate.OutputToString()})
+		podClone.WaitWithDefaultTimeout()
+		Expect(podClone).Should(Exit(0))
+
+		run := podmanTest.Podman([]string{"run", "-it", "--pod", podClone.OutputToString(), ALPINE, "mount"})
+		run.WaitWithDefaultTimeout()
+		Expect(run).Should(Exit(0))
+		t, strings := run.GrepString("shm on /dev/shm type tmpfs")
+		Expect(t).To(BeTrue())
+		Expect(strings[0]).Should(ContainSubstring("size=10240k"))
+	})
+
 })
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 4919cc670..a48193e90 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -1134,4 +1134,27 @@ ENTRYPOINT ["sleep","99999"]
 		Expect(session.OutputToString()).Should(ContainSubstring("/vol2"))
 	})
 
+	It("podman pod create --shm-size", func() {
+		podCreate := podmanTest.Podman([]string{"pod", "create", "--shm-size", "10mb"})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+
+		run := podmanTest.Podman([]string{"run", "-it", "--pod", podCreate.OutputToString(), ALPINE, "mount"})
+		run.WaitWithDefaultTimeout()
+		Expect(run).Should(Exit(0))
+		t, strings := run.GrepString("shm on /dev/shm type tmpfs")
+		Expect(t).To(BeTrue())
+		Expect(strings[0]).Should(ContainSubstring("size=10240k"))
+	})
+
+	It("podman pod create --shm-size and --ipc=host conflict", func() {
+		podCreate := podmanTest.Podman([]string{"pod", "create", "--shm-size", "10mb"})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+
+		run := podmanTest.Podman([]string{"run", "-dt", "--pod", podCreate.OutputToString(), "--ipc", "host", ALPINE})
+		run.WaitWithDefaultTimeout()
+		Expect(run).ShouldNot(Exit(0))
+	})
+
 })