diff options
| author | haircommander <pehunt@redhat.com> | 2018-07-27 13:58:50 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-23 18:16:28 +0000 |
| commit | d5e690914dc78eca8664442e7677eb5004522bfd (patch) | |
| tree | 3f7ed30e4302c871c16126a0032b8a3d51c46f98 /cmd/podman/create.go | |
| parent | 63dd200e7e47261454c7e55fed2ad972144e147f (diff) | |
| download | podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.gz podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.bz2 podman-d5e690914dc78eca8664442e7677eb5004522bfd.zip | |
Added option to share kernel namespaces in libpod and podman
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
Diffstat (limited to 'cmd/podman/create.go')
| -rw-r--r-- | cmd/podman/create.go | 74 |
1 files changed, 52 insertions, 22 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 96934560f..d6bcea7bd 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -368,16 +368,6 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim tty := c.Bool("tty") - pidMode := container.PidMode(c.String("pid")) - if !cc.IsNS(string(pidMode)) && !pidMode.Valid() { - return nil, errors.Errorf("--pid %q is not valid", c.String("pid")) - } - - usernsMode := container.UsernsMode(c.String("userns")) - if !cc.IsNS(string(usernsMode)) && !usernsMode.Valid() { - return nil, errors.Errorf("--userns %q is not valid", c.String("userns")) - } - if c.Bool("detach") && c.Bool("rm") { return nil, errors.Errorf("--rm and --detach can not be specified together") } @@ -388,14 +378,62 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim return nil, errors.Errorf("--cpu-quota and --cpus cannot be set together") } - utsMode := container.UTSMode(c.String("uts")) - if !cc.IsNS(string(utsMode)) && !utsMode.Valid() { + // Kernel Namespaces + var pod *libpod.Pod + if c.IsSet("pod") { + pod, err = runtime.LookupPod(c.String("pod")) + if err != nil { + return nil, err + } + } + + pidModeStr := c.String("pid") + if !c.IsSet("pid") && pod != nil && pod.SharesPID() { + pidModeStr = "pod" + } + pidMode := container.PidMode(pidModeStr) + if !cc.Valid(string(pidMode), pidMode) { + return nil, errors.Errorf("--pid %q is not valid", c.String("pid")) + } + + usernsModeStr := c.String("userns") + if !c.IsSet("userns") && pod != nil && pod.SharesUser() { + usernsModeStr = "pod" + } + usernsMode := container.UsernsMode(usernsModeStr) + if !cc.Valid(string(usernsMode), usernsMode) { + return nil, errors.Errorf("--userns %q is not valid", c.String("userns")) + } + + utsModeStr := c.String("uts") + if !c.IsSet("uts") && pod != nil && pod.SharesUTS() { + utsModeStr = "pod" + } + utsMode := container.UTSMode(utsModeStr) + if !cc.Valid(string(utsMode), utsMode) { return nil, errors.Errorf("--uts %q is not valid", c.String("uts")) } - ipcMode := container.IpcMode(c.String("ipc")) - if !cc.IsNS(string(ipcMode)) && !ipcMode.Valid() { + + ipcModeStr := c.String("ipc") + if !c.IsSet("ipc") && pod != nil && pod.SharesIPC() { + ipcModeStr = "pod" + } + ipcMode := container.IpcMode(ipcModeStr) + if !cc.Valid(string(ipcMode), ipcMode) { return nil, errors.Errorf("--ipc %q is not valid", ipcMode) } + netModeStr := c.String("net") + if !c.IsSet("net") && pod != nil && pod.SharesNet() { + netModeStr = "pod" + } + // Make sure if network is set to container namespace, port binding is not also being asked for + netMode := container.NetworkMode(netModeStr) + if netMode.IsContainer() || cc.IsPod(netModeStr) { + if len(c.StringSlice("publish")) > 0 || c.Bool("publish-all") { + return nil, errors.Errorf("cannot set port bindings on an existing container network namespace") + } + } + shmDir := "" if ipcMode.IsHost() { shmDir = "/dev/shm" @@ -534,14 +572,6 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim if err != nil { return nil, errors.Wrapf(err, "unable to translate --shm-size") } - // Network - netMode := container.NetworkMode(c.String("network")) - // Make sure if network is set to container namespace, port binding is not also being asked for - if netMode.IsContainer() { - if len(c.StringSlice("publish")) > 0 || c.Bool("publish-all") { - return nil, errors.Errorf("cannot set port bindings on an existing container network namespace") - } - } // Verify the additional hosts are in correct format for _, host := range c.StringSlice("add-host") { |