diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-05-09 23:06:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-09 23:06:51 +0200 |
| commit | dc7d6f4818f4b986cfd15208d53f6765d8fad986 (patch) | |
| tree | fe6e50f86caace33f971446d2356dffecaea5c4c /libpod/container_inspect.go | |
| parent | 3ff96383f306cecfeed75986078144ad757e3d70 (diff) | |
| parent | 8238b7e70688e637d58305287a19e4080f619587 (diff) | |
| download | podman-dc7d6f4818f4b986cfd15208d53f6765d8fad986.tar.gz podman-dc7d6f4818f4b986cfd15208d53f6765d8fad986.tar.bz2 podman-dc7d6f4818f4b986cfd15208d53f6765d8fad986.zip | |
Merge pull request #6152 from mheon/fix_pod_join_cgroupns
Fix bug where pods would unintentionally share cgroupns
Diffstat (limited to 'libpod/container_inspect.go')
| -rw-r--r-- | libpod/container_inspect.go | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index ae28dde94..b26dcddf6 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -580,7 +580,10 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named networkMode := "" switch { case c.config.CreateNetNS: - networkMode = "default" + // We actually store the network + // mode for Slirp and Bridge, so + // we can just use that + networkMode = string(c.config.NetMode) case c.config.NetNsCtr != "": networkMode = fmt.Sprintf("container:%s", c.config.NetNsCtr) default: @@ -594,7 +597,10 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named if ns.Path != "" { networkMode = fmt.Sprintf("ns:%s", ns.Path) } else { - networkMode = "private" + // We're making a network ns, but not + // configuring with Slirp or CNI. That + // means it's --net=none + networkMode = "none" } break } @@ -698,6 +704,30 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named } hostConfig.IpcMode = ipcMode + // Cgroup namespace mode + cgroupMode := "" + if c.config.CgroupNsCtr != "" { + cgroupMode = fmt.Sprintf("container:%s", c.config.CgroupNsCtr) + } else if ctrSpec.Linux != nil { + // Locate the spec's cgroup namespace + // If there is none, it's cgroup=host. + // If there is one and it has a path, it's "ns:". + // If there is no path, it's private. + for _, ns := range ctrSpec.Linux.Namespaces { + if ns.Type == spec.CgroupNamespace { + if ns.Path != "" { + cgroupMode = fmt.Sprintf("ns:%s", ns.Path) + } else { + cgroupMode = "private" + } + } + } + if cgroupMode == "" { + cgroupMode = "host" + } + } + hostConfig.CgroupMode = cgroupMode + // CGroup parent // Need to check if it's the default, and not print if so. defaultCgroupParent := "" |