aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman/create.go
diff options
context:
space:
mode:
authorhaircommander <pehunt@redhat.com>2018-07-27 13:58:50 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-23 18:16:28 +0000
commitd5e690914dc78eca8664442e7677eb5004522bfd (patch)
tree3f7ed30e4302c871c16126a0032b8a3d51c46f98 /cmd/podman/create.go
parent63dd200e7e47261454c7e55fed2ad972144e147f (diff)
downloadpodman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.gz
podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.bz2
podman-d5e690914dc78eca8664442e7677eb5004522bfd.zip
Added option to share kernel namespaces in libpod and podman
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
Diffstat (limited to 'cmd/podman/create.go')
-rw-r--r--cmd/podman/create.go74
1 files changed, 52 insertions, 22 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 96934560f..d6bcea7bd 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -368,16 +368,6 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
tty := c.Bool("tty")
- pidMode := container.PidMode(c.String("pid"))
- if !cc.IsNS(string(pidMode)) && !pidMode.Valid() {
- return nil, errors.Errorf("--pid %q is not valid", c.String("pid"))
- }
-
- usernsMode := container.UsernsMode(c.String("userns"))
- if !cc.IsNS(string(usernsMode)) && !usernsMode.Valid() {
- return nil, errors.Errorf("--userns %q is not valid", c.String("userns"))
- }
-
if c.Bool("detach") && c.Bool("rm") {
return nil, errors.Errorf("--rm and --detach can not be specified together")
}
@@ -388,14 +378,62 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
return nil, errors.Errorf("--cpu-quota and --cpus cannot be set together")
}
- utsMode := container.UTSMode(c.String("uts"))
- if !cc.IsNS(string(utsMode)) && !utsMode.Valid() {
+ // Kernel Namespaces
+ var pod *libpod.Pod
+ if c.IsSet("pod") {
+ pod, err = runtime.LookupPod(c.String("pod"))
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ pidModeStr := c.String("pid")
+ if !c.IsSet("pid") && pod != nil && pod.SharesPID() {
+ pidModeStr = "pod"
+ }
+ pidMode := container.PidMode(pidModeStr)
+ if !cc.Valid(string(pidMode), pidMode) {
+ return nil, errors.Errorf("--pid %q is not valid", c.String("pid"))
+ }
+
+ usernsModeStr := c.String("userns")
+ if !c.IsSet("userns") && pod != nil && pod.SharesUser() {
+ usernsModeStr = "pod"
+ }
+ usernsMode := container.UsernsMode(usernsModeStr)
+ if !cc.Valid(string(usernsMode), usernsMode) {
+ return nil, errors.Errorf("--userns %q is not valid", c.String("userns"))
+ }
+
+ utsModeStr := c.String("uts")
+ if !c.IsSet("uts") && pod != nil && pod.SharesUTS() {
+ utsModeStr = "pod"
+ }
+ utsMode := container.UTSMode(utsModeStr)
+ if !cc.Valid(string(utsMode), utsMode) {
return nil, errors.Errorf("--uts %q is not valid", c.String("uts"))
}
- ipcMode := container.IpcMode(c.String("ipc"))
- if !cc.IsNS(string(ipcMode)) && !ipcMode.Valid() {
+
+ ipcModeStr := c.String("ipc")
+ if !c.IsSet("ipc") && pod != nil && pod.SharesIPC() {
+ ipcModeStr = "pod"
+ }
+ ipcMode := container.IpcMode(ipcModeStr)
+ if !cc.Valid(string(ipcMode), ipcMode) {
return nil, errors.Errorf("--ipc %q is not valid", ipcMode)
}
+ netModeStr := c.String("net")
+ if !c.IsSet("net") && pod != nil && pod.SharesNet() {
+ netModeStr = "pod"
+ }
+ // Make sure if network is set to container namespace, port binding is not also being asked for
+ netMode := container.NetworkMode(netModeStr)
+ if netMode.IsContainer() || cc.IsPod(netModeStr) {
+ if len(c.StringSlice("publish")) > 0 || c.Bool("publish-all") {
+ return nil, errors.Errorf("cannot set port bindings on an existing container network namespace")
+ }
+ }
+
shmDir := ""
if ipcMode.IsHost() {
shmDir = "/dev/shm"
@@ -534,14 +572,6 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
if err != nil {
return nil, errors.Wrapf(err, "unable to translate --shm-size")
}
- // Network
- netMode := container.NetworkMode(c.String("network"))
- // Make sure if network is set to container namespace, port binding is not also being asked for
- if netMode.IsContainer() {
- if len(c.StringSlice("publish")) > 0 || c.Bool("publish-all") {
- return nil, errors.Errorf("cannot set port bindings on an existing container network namespace")
- }
- }
// Verify the additional hosts are in correct format
for _, host := range c.StringSlice("add-host") {