diff options
author | haircommander <pehunt@redhat.com> | 2018-07-27 13:58:50 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-23 18:16:28 +0000 |
commit | d5e690914dc78eca8664442e7677eb5004522bfd (patch) | |
tree | 3f7ed30e4302c871c16126a0032b8a3d51c46f98 /libpod/container_internal_linux.go | |
parent | 63dd200e7e47261454c7e55fed2ad972144e147f (diff) | |
download | podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.gz podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.bz2 podman-d5e690914dc78eca8664442e7677eb5004522bfd.zip |
Added option to share kernel namespaces in libpod and podman
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r-- | libpod/container_internal_linux.go | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index ba02c9f5a..efd808b57 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -168,42 +168,91 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } } + var podInfraContainer string + if c.config.Pod != "" { + pod, err := c.runtime.state.LookupPod(c.config.Pod) + if err != nil { + return nil, err + } + if pod.SharesNamespaces() { + if err := pod.updatePod(); err != nil { + return nil, err + } + podInfraContainer = pod.state.PauseContainerID + } + } + // Add shared namespaces from other containers if c.config.IPCNsCtr != "" { if err := c.addNamespaceContainer(&g, IPCNS, c.config.IPCNsCtr, spec.IPCNamespace); err != nil { return nil, err } } + if c.config.IPCNsPod && podInfraContainer != "" { + if err := c.addNamespaceContainer(&g, IPCNS, podInfraContainer, spec.IPCNamespace); err != nil { + return nil, err + } + } if c.config.MountNsCtr != "" { if err := c.addNamespaceContainer(&g, MountNS, c.config.MountNsCtr, spec.MountNamespace); err != nil { return nil, err } } + if c.config.MountNsPod && podInfraContainer != "" { + if err := c.addNamespaceContainer(&g, MountNS, podInfraContainer, spec.MountNamespace); err != nil { + return nil, err + } + } if c.config.NetNsCtr != "" { if err := c.addNamespaceContainer(&g, NetNS, c.config.NetNsCtr, spec.NetworkNamespace); err != nil { return nil, err } } + if c.config.NetNsPod && podInfraContainer != "" { + if err := c.addNamespaceContainer(&g, NetNS, podInfraContainer, spec.NetworkNamespace); err != nil { + return nil, err + } + } if c.config.PIDNsCtr != "" { if err := c.addNamespaceContainer(&g, PIDNS, c.config.PIDNsCtr, string(spec.PIDNamespace)); err != nil { return nil, err } } + if c.config.PIDNsPod && podInfraContainer != "" { + if err := c.addNamespaceContainer(&g, PIDNS, podInfraContainer, string(spec.PIDNamespace)); err != nil { + return nil, err + } + } if c.config.UserNsCtr != "" { if err := c.addNamespaceContainer(&g, UserNS, c.config.UserNsCtr, spec.UserNamespace); err != nil { return nil, err } } + if c.config.UserNsPod && podInfraContainer != "" { + if err := c.addNamespaceContainer(&g, UserNS, podInfraContainer, spec.UserNamespace); err != nil { + return nil, err + } + } if c.config.UTSNsCtr != "" { if err := c.addNamespaceContainer(&g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil { return nil, err } } + if c.config.UTSNsPod && podInfraContainer != "" { + if err := c.addNamespaceContainer(&g, UTSNS, podInfraContainer, spec.UTSNamespace); err != nil { + return nil, err + } + } if c.config.CgroupNsCtr != "" { if err := c.addNamespaceContainer(&g, CgroupNS, c.config.CgroupNsCtr, spec.CgroupNamespace); err != nil { return nil, err } } + if c.config.CgroupNsPod && podInfraContainer != "" { + if err := c.addNamespaceContainer(&g, CgroupNS, podInfraContainer, spec.CgroupNamespace); err != nil { + return nil, err + } + } if c.config.Rootfs == "" { if err := idtools.MkdirAllAs(c.state.RealMountpoint, 0700, c.RootUID(), c.RootGID()); err != nil { |