diff options
| author | openshift-ci[bot] <75433959+openshift-ci[bot]@users.noreply.github.com> | 2021-08-10 12:55:52 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-10 12:55:52 +0000 |
| commit | e136ad485c626e09e361c37bbd529bb599448ac0 (patch) | |
| tree | e3b1c0a96222831481de1358e13dbb086185a9d3 /cmd/podman | |
| parent | 6f61e229911e399d92f8fbe0574654f308f73b39 (diff) | |
| parent | 221b1add74e17ded10e8f2f832a53065578aa264 (diff) | |
| download | podman-e136ad485c626e09e361c37bbd529bb599448ac0.tar.gz podman-e136ad485c626e09e361c37bbd529bb599448ac0.tar.bz2 podman-e136ad485c626e09e361c37bbd529bb599448ac0.zip | |
Merge pull request #10589 from umohnani8/pod-userns
Add support for pod inside of user namespace.
Diffstat (limited to 'cmd/podman')
| -rw-r--r-- | cmd/podman/containers/create.go | 10 | ||||
| -rw-r--r-- | cmd/podman/pods/create.go | 10 |
2 files changed, 20 insertions, 0 deletions
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 895736144..906ae4452 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -184,6 +184,9 @@ func createInit(c *cobra.Command) error { if c.Flag("cpu-quota").Changed && c.Flag("cpus").Changed { return errors.Errorf("--cpu-quota and --cpus cannot be set together") } + if c.Flag("pod").Changed && !strings.HasPrefix(c.Flag("pod").Value.String(), "new:") && c.Flag("userns").Changed { + return errors.Errorf("--userns and --pod cannot be set together") + } noHosts, err := c.Flags().GetBool("no-hosts") if err != nil { @@ -309,6 +312,12 @@ func createPodIfNecessary(s *specgen.SpecGenerator, netOpts *entities.NetOptions if len(podName) < 1 { return nil, errors.Errorf("new pod name must be at least one character") } + + userns, err := specgen.ParseUserNamespace(cliVals.UserNS) + if err != nil { + return nil, err + } + createOptions := entities.PodCreateOptions{ Name: podName, Infra: true, @@ -318,6 +327,7 @@ func createPodIfNecessary(s *specgen.SpecGenerator, netOpts *entities.NetOptions Cpus: cliVals.CPUS, CpusetCpus: cliVals.CPUSetCPUs, Pid: cliVals.PID, + Userns: userns, } // Unset config values we passed to the pod to prevent them being used twice for the container and pod. s.ContainerBasicConfig.Hostname = "" diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index abc47164b..bf5b9e350 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -48,6 +48,7 @@ var ( podIDFile string replace bool share string + userns string ) func init() { @@ -72,6 +73,10 @@ func init() { flags.StringVar(&createOptions.CGroupParent, cgroupParentflagName, "", "Set parent cgroup for the pod") _ = createCommand.RegisterFlagCompletionFunc(cgroupParentflagName, completion.AutocompleteDefault) + usernsFlagName := "userns" + flags.StringVar(&userns, usernsFlagName, os.Getenv("PODMAN_USERNS"), "User namespace to use") + _ = createCommand.RegisterFlagCompletionFunc(usernsFlagName, common.AutocompleteUserNamespace) + flags.BoolVar(&createOptions.Infra, "infra", true, "Create an infra container associated with the pod to share namespaces with") infraConmonPidfileFlagName := "infra-conmon-pidfile" @@ -178,6 +183,11 @@ func create(cmd *cobra.Command, args []string) error { } } + createOptions.Userns, err = specgen.ParseUserNamespace(userns) + if err != nil { + return err + } + if cmd.Flag("pod-id-file").Changed { podIDFD, err = util.OpenExclusiveFile(podIDFile) if err != nil && os.IsExist(err) { |