diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2018-09-08 06:58:47 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-09-11 13:31:55 +0000 |
commit | d9580ec62b716d7c8e861dd27c4b452f2419eb65 (patch) | |
tree | a1c236f7c728122703757900cf1b78919ad32c84 /libpod | |
parent | 123de3087e142f3a6c05ad35fc2095953065415b (diff) | |
download | podman-d9580ec62b716d7c8e861dd27c4b452f2419eb65.tar.gz podman-d9580ec62b716d7c8e861dd27c4b452f2419eb65.tar.bz2 podman-d9580ec62b716d7c8e861dd27c4b452f2419eb65.zip |
Pass on securityOpts from podInfraContainer to container added to pod.
This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way.
Signed-off-by: haircommander <pehunt@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1347
Approved by: mheon
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/options.go | 132 |
1 files changed, 0 insertions, 132 deletions
diff --git a/libpod/options.go b/libpod/options.go index ae6b19055..e6751d68d 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -549,94 +549,6 @@ func WithExitCommand(exitCommand []string) CtrCreateOption { } } -// WithIPCNSFromPod indicates the the container should join the IPC namespace of -// its pod -func WithIPCNSFromPod(p *Pod) CtrCreateOption { - return func(ctr *Container) error { - if ctr.valid { - return ErrCtrFinalized - } - - if err := validPodNSOption(p, ctr.config.Pod); err != nil { - return err - } - - infraContainer, err := p.InfraContainerID() - if err != nil { - return err - } - ctr.config.IPCNsCtr = infraContainer - - return nil - } -} - -// WithMountNSFromPod indicates the the container should join the Mount namespace of -// its pod -func WithMountNSFromPod(p *Pod) CtrCreateOption { - return func(ctr *Container) error { - if ctr.valid { - return ErrCtrFinalized - } - - if err := validPodNSOption(p, ctr.config.Pod); err != nil { - return err - } - - infraContainer, err := p.InfraContainerID() - if err != nil { - return err - } - ctr.config.MountNsCtr = infraContainer - - return nil - } -} - -// WithNetNSFromPod indicates the the container should join the network namespace of -// its pod -func WithNetNSFromPod(p *Pod) CtrCreateOption { - return func(ctr *Container) error { - if ctr.valid { - return ErrCtrFinalized - } - - if err := validPodNSOption(p, ctr.config.Pod); err != nil { - return err - } - - infraContainer, err := p.InfraContainerID() - if err != nil { - return err - } - ctr.config.NetNsCtr = infraContainer - - return nil - } -} - -// WithPIDNSFromPod indicates the the container should join the PID namespace of -// its pod -func WithPIDNSFromPod(p *Pod) CtrCreateOption { - return func(ctr *Container) error { - if ctr.valid { - return ErrCtrFinalized - } - - if err := validPodNSOption(p, ctr.config.Pod); err != nil { - return err - } - - infraContainer, err := p.InfraContainerID() - if err != nil { - return err - } - ctr.config.PIDNsCtr = infraContainer - - return nil - } -} - // WithUTSNSFromPod indicates the the container should join the UTS namespace of // its pod func WithUTSNSFromPod(p *Pod) CtrCreateOption { @@ -659,50 +571,6 @@ func WithUTSNSFromPod(p *Pod) CtrCreateOption { } } -// WithUserNSFromPod indicates the the container should join the User namespace of -// its pod -func WithUserNSFromPod(p *Pod) CtrCreateOption { - return func(ctr *Container) error { - if ctr.valid { - return ErrCtrFinalized - } - - if err := validPodNSOption(p, ctr.config.Pod); err != nil { - return err - } - - infraContainer, err := p.InfraContainerID() - if err != nil { - return err - } - ctr.config.UserNsCtr = infraContainer - - return nil - } -} - -// WithCgroupNSFromPod indicates the the container should join the Cgroup namespace of -// its pod -func WithCgroupNSFromPod(p *Pod) CtrCreateOption { - return func(ctr *Container) error { - if ctr.valid { - return ErrCtrFinalized - } - - if err := validPodNSOption(p, ctr.config.Pod); err != nil { - return err - } - - infraContainer, err := p.InfraContainerID() - if err != nil { - return err - } - ctr.config.CgroupNsCtr = infraContainer - - return nil - } -} - // WithIPCNSFrom indicates the the container should join the IPC namespace of // the given container. // If the container has joined a pod, it can only join the namespaces of |