aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorcdoern <cdoern@redhat.com>2022-06-06 13:03:37 -0400
committerCharlie Doern <cdoern@redhat.com>2022-07-05 09:28:07 -0400
commit8f2d9e7a7c30f5e74f6aa0375b21a4522ec81756 (patch)
tree03526a91d8d8c428547b63b22f145e59a373bd63 /libpod
parent13479d457d34496b43027bc1d71cdb0891a8b738 (diff)
downloadpodman-8f2d9e7a7c30f5e74f6aa0375b21a4522ec81756.tar.gz
podman-8f2d9e7a7c30f5e74f6aa0375b21a4522ec81756.tar.bz2
podman-8f2d9e7a7c30f5e74f6aa0375b21a4522ec81756.zip
podman pod create --uts support
add support for the --uts flag in pod create, allowing users to avoid issues with default values in containers.conf. uts follows the same format as other namespace flags: --uts=private (default), --uts=host, --uts=ns:PATH resolves #13714 Signed-off-by: Charlie Doern <cdoern@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container.go49
-rw-r--r--libpod/container_inspect.go24
-rw-r--r--libpod/define/pod_inspect.go2
-rw-r--r--libpod/pod_api.go1
4 files changed, 54 insertions, 22 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 0619471b4..1e2dad3f3 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -1336,3 +1336,52 @@ func (c *Container) getNetworkStatus() map[string]types.StatusBlock {
}
return nil
}
+
+func (c *Container) NamespaceMode(ns spec.LinuxNamespaceType, ctrSpec *spec.Spec) string {
+ switch ns {
+ case spec.UTSNamespace:
+ if c.config.UTSNsCtr != "" {
+ return fmt.Sprintf("container:%s", c.config.UTSNsCtr)
+ }
+ case spec.CgroupNamespace:
+ if c.config.CgroupNsCtr != "" {
+ return fmt.Sprintf("container:%s", c.config.CgroupNsCtr)
+ }
+ case spec.IPCNamespace:
+ if c.config.IPCNsCtr != "" {
+ return fmt.Sprintf("container:%s", c.config.IPCNsCtr)
+ }
+ case spec.PIDNamespace:
+ if c.config.PIDNsCtr != "" {
+ return fmt.Sprintf("container:%s", c.config.PIDNsCtr)
+ }
+ case spec.UserNamespace:
+ if c.config.UserNsCtr != "" {
+ return fmt.Sprintf("container:%s", c.config.UserNsCtr)
+ }
+ case spec.NetworkNamespace:
+ if c.config.NetNsCtr != "" {
+ return fmt.Sprintf("container:%s", c.config.NetNsCtr)
+ }
+ case spec.MountNamespace:
+ if c.config.MountNsCtr != "" {
+ return fmt.Sprintf("container:%s", c.config.MountNsCtr)
+ }
+ }
+
+ if ctrSpec.Linux != nil {
+ // Locate the spec's given namespace.
+ // If there is none, it's namespace=host.
+ // If there is one and it has a path, it's "ns:".
+ // If there is no path, it's default - the empty string.
+ for _, availableNS := range ctrSpec.Linux.Namespaces {
+ if availableNS.Type == ns {
+ if availableNS.Path != "" {
+ return fmt.Sprintf("ns:%s", availableNS.Path)
+ }
+ return "private"
+ }
+ }
+ }
+ return "host"
+}
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 93240812d..7ccd9fdbf 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -794,28 +794,8 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
hostConfig.PidMode = pidMode
// UTS namespace mode
- utsMode := ""
- if c.config.UTSNsCtr != "" {
- utsMode = fmt.Sprintf("container:%s", c.config.UTSNsCtr)
- } else if ctrSpec.Linux != nil {
- // Locate the spec's UTS namespace.
- // If there is none, it's uts=host.
- // If there is one and it has a path, it's "ns:".
- // If there is no path, it's default - the empty string.
- for _, ns := range ctrSpec.Linux.Namespaces {
- if ns.Type == spec.UTSNamespace {
- if ns.Path != "" {
- utsMode = fmt.Sprintf("ns:%s", ns.Path)
- } else {
- utsMode = "private"
- }
- break
- }
- }
- if utsMode == "" {
- utsMode = "host"
- }
- }
+ utsMode := c.NamespaceMode(spec.UTSNamespace, ctrSpec)
+
hostConfig.UTSMode = utsMode
// User namespace mode
diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go
index 935e0f5f9..2afef48c4 100644
--- a/libpod/define/pod_inspect.go
+++ b/libpod/define/pod_inspect.go
@@ -122,6 +122,8 @@ type InspectPodInfraConfig struct {
PidNS string `json:"pid_ns,omitempty"`
// UserNS is the usernamespace that all the containers in the pod will join.
UserNS string `json:"userns,omitempty"`
+ // UtsNS is the uts namespace that all containers in the pod will join
+ UtsNS string `json:"uts_ns,omitempty"`
}
// InspectPodContainerInfo contains information on a container in a pod.
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index f06e62007..29dc22890 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -676,6 +676,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus
infraConfig.PidNS = p.NamespaceMode(specs.PIDNamespace)
infraConfig.UserNS = p.NamespaceMode(specs.UserNamespace)
+ infraConfig.UtsNS = p.NamespaceMode(specs.UTSNamespace)
namedVolumes, mounts := infra.SortUserVolumes(infra.config.Spec)
inspectMounts, err = infra.GetMounts(namedVolumes, infra.config.ImageVolumes, mounts)
infraSecurity = infra.GetSecurityOptions()