diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2017-11-30 09:37:57 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-12-02 15:32:56 +0000 |
| commit | adf8809521733283c364ec7de27c783e324185e8 (patch) | |
| tree | 427ed0c858ee54e760d0b3691e61765cd7429098 /cmd/kpod/spec.go | |
| parent | 1f01faf4375b2dc667b2794e4decdf360d6e32b8 (diff) | |
| download | podman-adf8809521733283c364ec7de27c783e324185e8.tar.gz podman-adf8809521733283c364ec7de27c783e324185e8.tar.bz2 podman-adf8809521733283c364ec7de27c783e324185e8.zip | |
Add NetMode, UTSMode and IPCMode
Allow kpod create/run to create contianers in different network namespaces, uts namespaces and
IPC Namespaces.
This patch just handles the simple join the host, or another containers namespaces.
Lots more work needed to full integrate --net
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #64
Approved by: mheon
Diffstat (limited to 'cmd/kpod/spec.go')
| -rw-r--r-- | cmd/kpod/spec.go | 72 |
1 files changed, 71 insertions, 1 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go index 8d9189a0d..b2a439a9b 100644 --- a/cmd/kpod/spec.go +++ b/cmd/kpod/spec.go @@ -49,7 +49,7 @@ func blockAccessToKernelFilesystems(config *createConfig, g *generate.Generator) func addPidNS(config *createConfig, g *generate.Generator) error { pidMode := config.pidMode if pidMode.IsHost() { - return g.RemoveLinuxNamespace("pid") + return g.RemoveLinuxNamespace(libpod.PIDNamespace) } if pidMode.IsContainer() { ctr, err := config.runtime.LookupContainer(pidMode.Container()) @@ -68,6 +68,65 @@ func addPidNS(config *createConfig, g *generate.Generator) error { return nil } +func addNetNS(config *createConfig, g *generate.Generator) error { + netMode := config.netMode + if netMode.IsHost() { + return g.RemoveLinuxNamespace(libpod.NetNamespace) + } + if netMode.IsNone() { + return libpod.ErrNotImplemented + } + if netMode.IsBridge() { + return libpod.ErrNotImplemented + } + if netMode.IsContainer() { + ctr, err := config.runtime.LookupContainer(netMode.ConnectedContainer()) + if err != nil { + return errors.Wrapf(err, "container %q not found", netMode.ConnectedContainer()) + } + pid, err := ctr.PID() + if err != nil { + return errors.Wrapf(err, "Failed to get pid of container %q", netMode.ConnectedContainer()) + } + nsPath := fmt.Sprintf("/proc/%d/ns/net", pid) + if err := g.AddOrReplaceLinuxNamespace(libpod.NetNamespace, nsPath); err != nil { + return err + } + } + return nil +} + +func addUTSNS(config *createConfig, g *generate.Generator) error { + utsMode := config.utsMode + if utsMode.IsHost() { + return g.RemoveLinuxNamespace(libpod.UTSNamespace) + } + return nil +} + +func addIpcNS(config *createConfig, g *generate.Generator) error { + ipcMode := config.ipcMode + if ipcMode.IsHost() { + return g.RemoveLinuxNamespace(libpod.IPCNamespace) + } + if ipcMode.IsContainer() { + ctr, err := config.runtime.LookupContainer(ipcMode.Container()) + if err != nil { + return errors.Wrapf(err, "container %q not found", ipcMode.Container()) + } + pid, err := ctr.PID() + if err != nil { + return errors.Wrapf(err, "Failed to get pid of container %q", ipcMode.Container()) + } + nsPath := fmt.Sprintf("/proc/%d/ns/ipc", pid) + if err := g.AddOrReplaceLinuxNamespace(libpod.IPCNamespace, nsPath); err != nil { + return err + } + } + + return nil +} + func addRlimits(config *createConfig, g *generate.Generator) error { var ( ul *units.Ulimit @@ -210,6 +269,17 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { return nil, err } + if err := addNetNS(config, &g); err != nil { + return nil, err + } + + if err := addUTSNS(config, &g); err != nil { + return nil, err + } + + if err := addIpcNS(config, &g); err != nil { + return nil, err + } configSpec := g.Spec() if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" { |