diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-10-29 18:45:49 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-10-30 05:21:34 -0400 |
commit | 916825b6753086d7712ba593e5381b9bd49aae96 (patch) | |
tree | 49fd5ad65e97f4a3fd79685203e5722d77dcab8d | |
parent | 228396a99dc88fc828f23d4072a46ca8de90282f (diff) | |
download | podman-916825b6753086d7712ba593e5381b9bd49aae96.tar.gz podman-916825b6753086d7712ba593e5381b9bd49aae96.tar.bz2 podman-916825b6753086d7712ba593e5381b9bd49aae96.zip |
Pod's that share the IPC Namespace need to share /dev/shm
Containers that share IPC Namespaces share each others
/dev/shm, which means a private /dev/shm needs to be setup
for the infra container.
Added a system test and an e2e test to make sure the
/dev/shm is shared.
Fixes: https://github.com/containers/podman/issues/8181
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r-- | libpod/runtime_pod_infra_linux.go | 1 | ||||
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 1 | ||||
-rw-r--r-- | test/e2e/pod_pod_namespaces.go | 19 | ||||
-rw-r--r-- | test/system/200-pod.bats | 24 |
4 files changed, 45 insertions, 0 deletions
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index 7f58e86d8..76419587a 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -131,6 +131,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm logrus.Debugf("Using %q as infra container entrypoint", entryCmd) + g.RemoveMount("/dev/shm") if isRootless { g.RemoveMount("/dev/pts") devPts := spec.Mount{ diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 7e4f09dc4..55a0118cb 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -127,6 +127,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. return nil, errNoInfra } toReturn = append(toReturn, libpod.WithIPCNSFrom(infraCtr)) + toReturn = append(toReturn, libpod.WithShmDir(infraCtr.ShmDir())) case specgen.FromContainer: ipcCtr, err := rt.LookupContainer(s.IpcNS.Value) if err != nil { diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go index 41e9c5683..20b8bdb39 100644 --- a/test/e2e/pod_pod_namespaces.go +++ b/test/e2e/pod_pod_namespaces.go @@ -60,6 +60,25 @@ var _ = Describe("Podman pod create", func() { Expect(NAMESPACE1).To(Equal(NAMESPACE2)) }) + It("podman pod container share ipc && /dev/shm ", func() { + session := podmanTest.Podman([]string{"pod", "create"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + podID := session.OutputToString() + + session = podmanTest.Podman([]string{"pod", "start", podID}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "touch", "/dev/shm/test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "ls", "/dev/shm/test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman pod container dontshare PIDNS", func() { session := podmanTest.Podman([]string{"pod", "create"}) session.WaitWithDefaultTimeout() diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 1d17c8cad..b0f645c53 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -116,6 +116,30 @@ function teardown() { run_podman 1 pod exists $podname } +@test "podman pod - communicating via /dev/shm " { + if is_remote && is_rootless; then + skip "FIXME: pending #7139" + fi + + podname=pod$(random_string) + run_podman 1 pod exists $podname + run_podman pod create --infra=true --name=$podname + podid="$output" + run_podman pod exists $podname + run_podman pod exists $podid + + run_podman run --rm --pod $podname $IMAGE touch /dev/shm/test1 + run_podman run --rm --pod $podname $IMAGE ls /dev/shm/test1 + is "$output" "/dev/shm/test1" + + # ...then rm the pod, then rmi the pause image so we don't leave strays. + run_podman pod rm $podname + + # Pod no longer exists + run_podman 1 pod exists $podid + run_podman 1 pod exists $podname +} + # Random byte function octet() { echo $(( $RANDOM & 255 )) |