Merge pull request #5933 from giuseppe/fix-namespaces

podman, v2: handle namespaces specified on the CLI
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2020-04-23 19:32:08 +0200
committer: GitHub <noreply@github.com> 2020-04-23 19:32:08 +0200
commit: 802763c6042e1c9a812f4300c3c717630564c8bc (patch)
tree: 9118ada4b03b965f98141d773469660b7a227ed9 /cmd/podman
parent: e5a3e46746a0db9fcd9b701693d557438420d1e4 (diff)
parent: 48530acbd9a622cf88dbbb10cbc8e91575c476e5 (diff)
download: podman-802763c6042e1c9a812f4300c3c717630564c8bc.tar.gz
podman-802763c6042e1c9a812f4300c3c717630564c8bc.tar.bz2
podman-802763c6042e1c9a812f4300c3c717630564c8bc.zip
3 files changed, 59 insertions, 59 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index bdf762ed7..a0aed984c 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -49,8 +49,9 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 		"cap-drop", []string{},
 		"Drop capabilities from the container",
 	)
+	cgroupNS := ""
 	createFlags.StringVar(
-		&cf.CGroupsNS,
+		&cgroupNS,
 		"cgroupns", containerConfig.CgroupNS(),
 		"cgroup namespace to use",
 	)
@@ -247,8 +248,9 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 		"interactive", "i", false,
 		"Keep STDIN open even if not attached",
 	)
+	ipcNS := ""
 	createFlags.StringVar(
-		&cf.IPC,
+		&ipcNS,
 		"ipc", containerConfig.IPCNS(),
 		"IPC namespace to use",
 	)
@@ -329,8 +331,9 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 		"use `OS` instead of the running OS for choosing images",
 	)
 	// markFlagHidden(createFlags, "override-os")
+	pid := ""
 	createFlags.StringVar(
-		&cf.PID,
+		&pid,
 		"pid", containerConfig.PidNS(),
 		"PID namespace to use",
 	)
@@ -394,8 +397,9 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 		"security-opt", containerConfig.SecurityOptions(),
 		"Security Options",
 	)
+	shmSize := ""
 	createFlags.StringVar(
-		&cf.ShmSize,
+		&shmSize,
 		"shm-size", containerConfig.ShmSize(),
 		"Size of /dev/shm "+sizeWithUnitFormat,
 	)
@@ -460,13 +464,15 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 		"user", "u", "",
 		"Username or UID (format: <name|uid>[:<group|gid>])",
 	)
+	userNS := ""
 	createFlags.StringVar(
-		&cf.UserNS,
+		&userNS,
 		"userns", containerConfig.Containers.UserNS,
 		"User namespace to use",
 	)
+	utsNS := ""
 	createFlags.StringVar(
-		&cf.UTS,
+		&utsNS,
 		"uts", containerConfig.Containers.UTSNS,
 		"UTS namespace to use",
 	)
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 10ae0bb2d..b90030f7f 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -222,55 +222,28 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	s.PortMappings = ep
 	s.Pod = c.Pod
 
-	//s.CgroupNS = specgen.Namespace{
-	//	NSMode: ,
-	//	Value:  "",
-	//}
-
-	//s.UserNS = specgen.Namespace{}
-
-	// Kernel Namespaces
-	// TODO Fix handling of namespace from pod
-	// Instead of integrating here, should be done in libpod
-	// However, that also involves setting up security opts
-	// when the pod's namespace is integrated
-	//namespaces = map[string]string{
-	//	"cgroup": c.CGroupsNS,
-	//	"pid":    c.PID,
-	//	//"net":    c.Net.Network.Value,   // TODO need help here
-	//	"ipc":  c.IPC,
-	//	"user": c.User,
-	//	"uts":  c.UTS,
-	//}
-	//
-	//if len(c.PID) > 0 {
-	//	split := strings.SplitN(c.PID, ":", 2)
-	//	// need a way to do thsi
-	//	specgen.Namespace{
-	//		NSMode: split[0],
-	//	}
-	//	//Value:  split1 if len allows
-	//}
-	// TODO this is going to have be done after things like pod creation are done because
-	// pod creation changes these values.
-	//pidMode := ns.PidMode(namespaces["pid"])
-	//usernsMode := ns.UsernsMode(namespaces["user"])
-	//utsMode := ns.UTSMode(namespaces["uts"])
-	//cgroupMode := ns.CgroupMode(namespaces["cgroup"])
-	//ipcMode := ns.IpcMode(namespaces["ipc"])
-	//// Make sure if network is set to container namespace, port binding is not also being asked for
-	//netMode := ns.NetworkMode(namespaces["net"])
-	//if netMode.IsContainer() {
-	//	if len(portBindings) > 0 {
-	//		return nil, errors.Errorf("cannot set port bindings on an existing container network namespace")
-	//	}
-	//}
-
-	// TODO Remove when done with namespaces for realz
-	// Setting a default for IPC to get this working
-	s.IpcNS = specgen.Namespace{
-		NSMode: specgen.Private,
-		Value:  "",
+	for k, v := range map[string]*specgen.Namespace{
+		c.IPC:       &s.IpcNS,
+		c.PID:       &s.PidNS,
+		c.UTS:       &s.UtsNS,
+		c.CGroupsNS: &s.CgroupNS,
+	} {
+		if k != "" {
+			*v, err = specgen.ParseNamespace(k)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	// userns must be treated differently
+	if c.UserNS != "" {
+		s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
+		if err != nil {
+			return err
+		}
+	}
+	if c.Net != nil {
+		s.NetNS = c.Net.Network
 	}
 
 	// TODO this is going to have to be done the libpod/server end of things
@@ -403,11 +376,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	}
 
 	// SHM Size
-	shmSize, err := units.FromHumanSize(c.ShmSize)
-	if err != nil {
-		return errors.Wrapf(err, "unable to translate --shm-size")
+	if c.ShmSize != "" {
+		shmSize, err := units.FromHumanSize(c.ShmSize)
+		if err != nil {
+			return errors.Wrapf(err, "unable to translate --shm-size")
+		}
+		s.ShmSize = &shmSize
 	}
-	s.ShmSize = &shmSize
 	s.HostAdd = c.Net.AddHosts
 	s.UseImageResolvConf = c.Net.UseImageResolvConf
 	s.DNSServers = c.Net.DNSServers
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 8c0e40122..8f140e2b8 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -131,6 +131,10 @@ func createInit(c *cobra.Command) error {
 		logrus.Warn("setting security options with --privileged has no effect")
 	}
 
+	if c.Flag("shm-size").Changed {
+		cliVals.ShmSize = c.Flag("shm-size").Value.String()
+	}
+
 	if (c.Flag("dns").Changed || c.Flag("dns-opt").Changed || c.Flag("dns-search").Changed) && (cliVals.Net.Network.NSMode == specgen.NoNetwork || cliVals.Net.Network.IsContainer()) {
 		return errors.Errorf("conflicting options: dns and the network mode.")
 	}
@@ -145,6 +149,21 @@ func createInit(c *cobra.Command) error {
 	if c.Flag("no-hosts").Changed && c.Flag("add-host").Changed {
 		return errors.Errorf("--no-hosts and --add-host cannot be set together")
 	}
+	if c.Flag("userns").Changed {
+		cliVals.UserNS = c.Flag("userns").Value.String()
+	}
+	if c.Flag("ipc").Changed {
+		cliVals.IPC = c.Flag("ipc").Value.String()
+	}
+	if c.Flag("uts").Changed {
+		cliVals.UTS = c.Flag("uts").Value.String()
+	}
+	if c.Flag("pid").Changed {
+		cliVals.PID = c.Flag("pid").Value.String()
+	}
+	if c.Flag("cgroupns").Changed {
+		cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
+	}
 
 	// Docker-compatibility: the "-h" flag for run/create is reserved for
 	// the hostname (see https://github.com/containers/libpod/issues/1367).
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2020-04-23 19:32:08 +0200
committer	GitHub <noreply@github.com>	2020-04-23 19:32:08 +0200
commit	802763c6042e1c9a812f4300c3c717630564c8bc (patch)
tree	9118ada4b03b965f98141d773469660b7a227ed9 /cmd/podman
parent	e5a3e46746a0db9fcd9b701693d557438420d1e4 (diff)
parent	48530acbd9a622cf88dbbb10cbc8e91575c476e5 (diff)
download	podman-802763c6042e1c9a812f4300c3c717630564c8bc.tar.gz podman-802763c6042e1c9a812f4300c3c717630564c8bc.tar.bz2 podman-802763c6042e1c9a812f4300c3c717630564c8bc.zip