summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-07-28 09:18:21 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-07-28 14:53:54 -0400
commitbb4d269087d11623e15d1aa3c8cb197f29a601d1 (patch)
tree1927db4a75af39689b937df14c30c423f00bea08 /cmd/podman
parent288ebec6e737c105fa0ef43412de4e0a8997feb9 (diff)
downloadpodman-bb4d269087d11623e15d1aa3c8cb197f29a601d1.tar.gz
podman-bb4d269087d11623e15d1aa3c8cb197f29a601d1.tar.bz2
podman-bb4d269087d11623e15d1aa3c8cb197f29a601d1.zip
Specifying --ipc=host --pid=host is broken
For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/common/create_opts.go2
-rw-r--r--cmd/podman/common/specgen.go64
-rw-r--r--cmd/podman/containers/create.go2
3 files changed, 44 insertions, 24 deletions
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 3802c37b0..f9e4d7ca5 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -10,7 +10,7 @@ type ContainerCLIOpts struct {
BlkIOWeightDevice []string
CapAdd []string
CapDrop []string
- CGroupsNS string
+ CgroupNS string
CGroupsMode string
CGroupParent string
CIDFile string
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 07c88efea..0b6897d3a 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -186,6 +186,46 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.Linu
return memory, nil
}
+func setNamespaces(s *specgen.SpecGenerator, c *ContainerCLIOpts) error {
+ var err error
+
+ if c.PID != "" {
+ s.PidNS, err = specgen.ParseNamespace(c.PID)
+ if err != nil {
+ return err
+ }
+ }
+ if c.IPC != "" {
+ s.IpcNS, err = specgen.ParseNamespace(c.IPC)
+ if err != nil {
+ return err
+ }
+ }
+ if c.UTS != "" {
+ s.UtsNS, err = specgen.ParseNamespace(c.UTS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.CgroupNS != "" {
+ s.CgroupNS, err = specgen.ParseNamespace(c.CgroupNS)
+ if err != nil {
+ return err
+ }
+ }
+ // userns must be treated differently
+ if c.UserNS != "" {
+ s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.Net != nil {
+ s.NetNS = c.Net.Network
+ }
+ return nil
+}
+
func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) error {
var (
err error
@@ -252,28 +292,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
s.Expose = expose
- for k, v := range map[string]*specgen.Namespace{
- c.IPC: &s.IpcNS,
- c.PID: &s.PidNS,
- c.UTS: &s.UtsNS,
- c.CGroupsNS: &s.CgroupNS,
- } {
- if k != "" {
- *v, err = specgen.ParseNamespace(k)
- if err != nil {
- return err
- }
- }
- }
- // userns must be treated differently
- if c.UserNS != "" {
- s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
- if err != nil {
- return err
- }
- }
- if c.Net != nil {
- s.NetNS = c.Net.Network
+ if err := setNamespaces(s, c); err != nil {
+ return err
}
if sig := c.StopSignal; len(sig) > 0 {
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index dcbc52b56..dd77dc9d7 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -195,7 +195,7 @@ func createInit(c *cobra.Command) error {
cliVals.IPC = c.Flag("ipc").Value.String()
cliVals.UTS = c.Flag("uts").Value.String()
cliVals.PID = c.Flag("pid").Value.String()
- cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
+ cliVals.CgroupNS = c.Flag("cgroupns").Value.String()
if c.Flag("entrypoint").Changed {
val := c.Flag("entrypoint").Value.String()
cliVals.Entrypoint = &val