aboutsummaryrefslogtreecommitdiff
path: root/libpod/runtime_pod_linux.go
diff options
context:
space:
mode:
authorhaircommander <pehunt@redhat.com>2018-07-27 13:58:50 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-23 18:16:28 +0000
commitd5e690914dc78eca8664442e7677eb5004522bfd (patch)
tree3f7ed30e4302c871c16126a0032b8a3d51c46f98 /libpod/runtime_pod_linux.go
parent63dd200e7e47261454c7e55fed2ad972144e147f (diff)
downloadpodman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.gz
podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.bz2
podman-d5e690914dc78eca8664442e7677eb5004522bfd.zip
Added option to share kernel namespaces in libpod and podman
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
Diffstat (limited to 'libpod/runtime_pod_linux.go')
-rw-r--r--libpod/runtime_pod_linux.go49
1 files changed, 31 insertions, 18 deletions
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 3592c2fee..eff15be76 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -15,7 +15,7 @@ import (
)
// NewPod makes a new, empty pod
-func (r *Runtime) NewPod(options ...PodCreateOption) (*Pod, error) {
+func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod, error) {
r.lock.Lock()
defer r.lock.Unlock()
@@ -87,38 +87,42 @@ func (r *Runtime) NewPod(options ...PodCreateOption) (*Pod, error) {
if pod.config.UsePodCgroup {
logrus.Debugf("Got pod cgroup as %s", pod.state.CgroupPath)
}
+ if pod.HasPauseContainer() != pod.SharesNamespaces() {
+ return nil, errors.Errorf("Pods must have a pause container to share namespaces")
+ }
if err := r.state.AddPod(pod); err != nil {
return nil, errors.Wrapf(err, "error adding pod to state")
}
+ if pod.HasPauseContainer() {
+ ctr, err := r.createPauseContainer(ctx, pod)
+ if err != nil {
+ // Tear down pod, as it is assumed a the pod will contain
+ // a pause container, and it does not.
+ if err2 := r.removePod(ctx, pod, true, true); err2 != nil {
+ logrus.Errorf("Error removing pod after pause container creation failure: %v", err2)
+ }
+ return nil, errors.Wrapf(err, "error adding Pause Container")
+ }
+ pod.state.PauseContainerID = ctr.ID()
+ if err := pod.save(); err != nil {
+ return nil, err
+ }
+ }
+
return pod, nil
}
func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) error {
- r.lock.Lock()
- defer r.lock.Unlock()
-
- if !r.valid {
- return ErrRuntimeStopped
- }
-
if !p.valid {
if ok, _ := r.state.HasPod(p.ID()); !ok {
- // Pod was either already removed, or never existed to
- // begin with
+ // Pod probably already removed
+ // Or was never in the runtime to begin with
return nil
}
}
- p.lock.Lock()
- defer p.lock.Unlock()
-
- // Force a pod update
- if err := p.updatePod(); err != nil {
- return err
- }
-
ctrs, err := r.state.PodContainers(p)
if err != nil {
return err
@@ -126,6 +130,15 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
numCtrs := len(ctrs)
+ // If the only container in the pod is the pause container, remove the pod and container unconditionally.
+ if err := p.updatePod(); err != nil {
+ return err
+ }
+ pauseCtrID := p.state.PauseContainerID
+ if numCtrs == 1 && ctrs[0].ID() == pauseCtrID {
+ removeCtrs = true
+ force = true
+ }
if !removeCtrs && numCtrs > 0 {
return errors.Wrapf(ErrCtrExists, "pod %s contains containers and cannot be removed", p.ID())
}