aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorhaircommander <pehunt@redhat.com>2018-08-20 17:56:35 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-23 18:16:28 +0000
commit0e6266858a913ac36de0726ede10d5d03af533e3 (patch)
tree152c7b8b029d5eb80c6caf466c9d0ab1b0ef3913 /libpod
parent2a7449362f2884d9ae6a783c0ce38979d882e2cf (diff)
downloadpodman-0e6266858a913ac36de0726ede10d5d03af533e3.tar.gz
podman-0e6266858a913ac36de0726ede10d5d03af533e3.tar.bz2
podman-0e6266858a913ac36de0726ede10d5d03af533e3.zip
Fixing network ns segfault
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container.go13
-rw-r--r--libpod/container_ffjson.go427
-rw-r--r--libpod/container_internal_linux.go49
-rw-r--r--libpod/options.go122
-rw-r--r--libpod/pod.go21
-rw-r--r--libpod/pod_api.go3
-rw-r--r--libpod/pod_ffjson.go28
-rw-r--r--libpod/runtime_ctr.go3
-rw-r--r--libpod/runtime_pod.go8
-rw-r--r--libpod/runtime_pod_infra_linux.go7
-rw-r--r--libpod/runtime_pod_linux.go11
11 files changed, 147 insertions, 545 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 28e451225..ea6cd2ac4 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -252,19 +252,6 @@ type ContainerConfig struct {
UTSNsCtr string `json:"utsNsCtr,omitempty"`
CgroupNsCtr string `json:"cgroupNsCtr,omitempty"`
- // Whether container shares an NS with the pod
- // NetNsPod conflicts with the CreateNetNS bool
- // {namespace}NsPod conflicts with {namespace}NsCtr
- // The pause container will be considered dependencies of the given container
- // It must be started before the given container is started
- IPCNsPod bool `json:"ipcNsPod,omitempty"`
- MountNsPod bool `json:"mountNsPod,omitempty"`
- NetNsPod bool `json:"netNsPod,omitempty"`
- PIDNsPod bool `json:"pidNsPod,omitempty"`
- UserNsPod bool `json:"userNsPod,omitempty"`
- UTSNsPod bool `json:"utsNsPod,omitempty"`
- CgroupNsPod bool `json:"cgroupNsPod,omitempty"`
-
// IDs of dependency containers.
// These containers must be started before this container is started.
Dependencies []string
diff --git a/libpod/container_ffjson.go b/libpod/container_ffjson.go
index c35a72cb7..22d6ed2a9 100644
--- a/libpod/container_ffjson.go
+++ b/libpod/container_ffjson.go
@@ -194,62 +194,6 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
fflib.WriteJsonString(buf, string(j.CgroupNsCtr))
buf.WriteByte(',')
}
- if j.IPCNsPod != false {
- if j.IPCNsPod {
- buf.WriteString(`"ipcNsPod":true`)
- } else {
- buf.WriteString(`"ipcNsPod":false`)
- }
- buf.WriteByte(',')
- }
- if j.MountNsPod != false {
- if j.MountNsPod {
- buf.WriteString(`"mountNsPod":true`)
- } else {
- buf.WriteString(`"mountNsPod":false`)
- }
- buf.WriteByte(',')
- }
- if j.NetNsPod != false {
- if j.NetNsPod {
- buf.WriteString(`"netNsPod":true`)
- } else {
- buf.WriteString(`"netNsPod":false`)
- }
- buf.WriteByte(',')
- }
- if j.PIDNsPod != false {
- if j.PIDNsPod {
- buf.WriteString(`"pidNsPod":true`)
- } else {
- buf.WriteString(`"pidNsPod":false`)
- }
- buf.WriteByte(',')
- }
- if j.UserNsPod != false {
- if j.UserNsPod {
- buf.WriteString(`"userNsPod":true`)
- } else {
- buf.WriteString(`"userNsPod":false`)
- }
- buf.WriteByte(',')
- }
- if j.UTSNsPod != false {
- if j.UTSNsPod {
- buf.WriteString(`"utsNsPod":true`)
- } else {
- buf.WriteString(`"utsNsPod":false`)
- }
- buf.WriteByte(',')
- }
- if j.CgroupNsPod != false {
- if j.CgroupNsPod {
- buf.WriteString(`"cgroupNsPod":true`)
- } else {
- buf.WriteString(`"cgroupNsPod":false`)
- }
- buf.WriteByte(',')
- }
buf.WriteString(`"Dependencies":`)
if j.Dependencies != nil {
buf.WriteString(`[`)
@@ -582,20 +526,6 @@ const (
ffjtContainerConfigCgroupNsCtr
- ffjtContainerConfigIPCNsPod
-
- ffjtContainerConfigMountNsPod
-
- ffjtContainerConfigNetNsPod
-
- ffjtContainerConfigPIDNsPod
-
- ffjtContainerConfigUserNsPod
-
- ffjtContainerConfigUTSNsPod
-
- ffjtContainerConfigCgroupNsPod
-
ffjtContainerConfigDependencies
ffjtContainerConfigCreateNetNS
@@ -695,20 +625,6 @@ var ffjKeyContainerConfigUTSNsCtr = []byte("utsNsCtr")
var ffjKeyContainerConfigCgroupNsCtr = []byte("cgroupNsCtr")
-var ffjKeyContainerConfigIPCNsPod = []byte("ipcNsPod")
-
-var ffjKeyContainerConfigMountNsPod = []byte("mountNsPod")
-
-var ffjKeyContainerConfigNetNsPod = []byte("netNsPod")
-
-var ffjKeyContainerConfigPIDNsPod = []byte("pidNsPod")
-
-var ffjKeyContainerConfigUserNsPod = []byte("userNsPod")
-
-var ffjKeyContainerConfigUTSNsPod = []byte("utsNsPod")
-
-var ffjKeyContainerConfigCgroupNsPod = []byte("cgroupNsPod")
-
var ffjKeyContainerConfigDependencies = []byte("Dependencies")
var ffjKeyContainerConfigCreateNetNS = []byte("createNetNS")
@@ -863,11 +779,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
- } else if bytes.Equal(ffjKeyContainerConfigCgroupNsPod, kn) {
- currentKey = ffjtContainerConfigCgroupNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
-
} else if bytes.Equal(ffjKeyContainerConfigCreateNetNS, kn) {
currentKey = ffjtContainerConfigCreateNetNS
state = fflib.FFParse_want_colon
@@ -962,11 +873,6 @@ mainparse:
currentKey = ffjtContainerConfigIPCNsCtr
state = fflib.FFParse_want_colon
goto mainparse
-
- } else if bytes.Equal(ffjKeyContainerConfigIPCNsPod, kn) {
- currentKey = ffjtContainerConfigIPCNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
}
case 'l':
@@ -993,11 +899,6 @@ mainparse:
currentKey = ffjtContainerConfigMountNsCtr
state = fflib.FFParse_want_colon
goto mainparse
-
- } else if bytes.Equal(ffjKeyContainerConfigMountNsPod, kn) {
- currentKey = ffjtContainerConfigMountNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
}
case 'n':
@@ -1017,11 +918,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
- } else if bytes.Equal(ffjKeyContainerConfigNetNsPod, kn) {
- currentKey = ffjtContainerConfigNetNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
-
} else if bytes.Equal(ffjKeyContainerConfigNetworks, kn) {
currentKey = ffjtContainerConfigNetworks
state = fflib.FFParse_want_colon
@@ -1045,11 +941,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
- } else if bytes.Equal(ffjKeyContainerConfigPIDNsPod, kn) {
- currentKey = ffjtContainerConfigPIDNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
-
} else if bytes.Equal(ffjKeyContainerConfigPortMappings, kn) {
currentKey = ffjtContainerConfigPortMappings
state = fflib.FFParse_want_colon
@@ -1134,16 +1025,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
- } else if bytes.Equal(ffjKeyContainerConfigUserNsPod, kn) {
- currentKey = ffjtContainerConfigUserNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
-
- } else if bytes.Equal(ffjKeyContainerConfigUTSNsPod, kn) {
- currentKey = ffjtContainerConfigUTSNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
-
} else if bytes.Equal(ffjKeyContainerConfigUserVolumes, kn) {
currentKey = ffjtContainerConfigUserVolumes
state = fflib.FFParse_want_colon
@@ -1290,48 +1171,6 @@ mainparse:
goto mainparse
}
- if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsPod, kn) {
- currentKey = ffjtContainerConfigCgroupNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
- if fflib.EqualFoldRight(ffjKeyContainerConfigUTSNsPod, kn) {
- currentKey = ffjtContainerConfigUTSNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
- if fflib.EqualFoldRight(ffjKeyContainerConfigUserNsPod, kn) {
- currentKey = ffjtContainerConfigUserNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
- if fflib.EqualFoldRight(ffjKeyContainerConfigPIDNsPod, kn) {
- currentKey = ffjtContainerConfigPIDNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
- if fflib.EqualFoldRight(ffjKeyContainerConfigNetNsPod, kn) {
- currentKey = ffjtContainerConfigNetNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
- if fflib.EqualFoldRight(ffjKeyContainerConfigMountNsPod, kn) {
- currentKey = ffjtContainerConfigMountNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
- if fflib.EqualFoldRight(ffjKeyContainerConfigIPCNsPod, kn) {
- currentKey = ffjtContainerConfigIPCNsPod
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsCtr, kn) {
currentKey = ffjtContainerConfigCgroupNsCtr
state = fflib.FFParse_want_colon
@@ -1583,27 +1422,6 @@ mainparse:
case ffjtContainerConfigCgroupNsCtr:
goto handle_CgroupNsCtr
- case ffjtContainerConfigIPCNsPod:
- goto handle_IPCNsPod
-
- case ffjtContainerConfigMountNsPod:
- goto handle_MountNsPod
-
- case ffjtContainerConfigNetNsPod:
- goto handle_NetNsPod
-
- case ffjtContainerConfigPIDNsPod:
- goto handle_PIDNsPod
-
- case ffjtContainerConfigUserNsPod:
- goto handle_UserNsPod
-
- case ffjtContainerConfigUTSNsPod:
- goto handle_UTSNsPod
-
- case ffjtContainerConfigCgroupNsPod:
- goto handle_CgroupNsPod
-
case ffjtContainerConfigDependencies:
goto handle_Dependencies
@@ -2469,251 +2287,6 @@ handle_CgroupNsCtr:
state = fflib.FFParse_after_value
goto mainparse
-handle_IPCNsPod:
-
- /* handler: j.IPCNsPod type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.IPCNsPod = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.IPCNsPod = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
-handle_MountNsPod:
-
- /* handler: j.MountNsPod type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.MountNsPod = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.MountNsPod = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
-handle_NetNsPod:
-
- /* handler: j.NetNsPod type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.NetNsPod = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.NetNsPod = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
-handle_PIDNsPod:
-
- /* handler: j.PIDNsPod type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.PIDNsPod = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.PIDNsPod = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
-handle_UserNsPod:
-
- /* handler: j.UserNsPod type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.UserNsPod = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.UserNsPod = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
-handle_UTSNsPod:
-
- /* handler: j.UTSNsPod type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.UTSNsPod = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.UTSNsPod = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
-handle_CgroupNsPod:
-
- /* handler: j.CgroupNsPod type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.CgroupNsPod = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.CgroupNsPod = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
handle_Dependencies:
/* handler: j.Dependencies type=[]string kind=slice quoted=false*/
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 2267f69a1..ba02c9f5a 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -168,91 +168,42 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
}
- var podInfraContainer string
- if c.config.Pod != "" {
- pod, err := c.runtime.state.LookupPod(c.config.Pod)
- if err != nil {
- return nil, err
- }
- if pod.SharesNamespaces() {
- if err := pod.updatePod(); err != nil {
- return nil, err
- }
- podInfraContainer = pod.state.InfraContainerID
- }
- }
-
// Add shared namespaces from other containers
if c.config.IPCNsCtr != "" {
if err := c.addNamespaceContainer(&g, IPCNS, c.config.IPCNsCtr, spec.IPCNamespace); err != nil {
return nil, err
}
}
- if c.config.IPCNsPod && podInfraContainer != "" {
- if err := c.addNamespaceContainer(&g, IPCNS, podInfraContainer, spec.IPCNamespace); err != nil {
- return nil, err
- }
- }
if c.config.MountNsCtr != "" {
if err := c.addNamespaceContainer(&g, MountNS, c.config.MountNsCtr, spec.MountNamespace); err != nil {
return nil, err
}
}
- if c.config.MountNsPod && podInfraContainer != "" {
- if err := c.addNamespaceContainer(&g, MountNS, podInfraContainer, spec.MountNamespace); err != nil {
- return nil, err
- }
- }
if c.config.NetNsCtr != "" {
if err := c.addNamespaceContainer(&g, NetNS, c.config.NetNsCtr, spec.NetworkNamespace); err != nil {
return nil, err
}
}
- if c.config.NetNsPod && podInfraContainer != "" {
- if err := c.addNamespaceContainer(&g, NetNS, podInfraContainer, spec.NetworkNamespace); err != nil {
- return nil, err
- }
- }
if c.config.PIDNsCtr != "" {
if err := c.addNamespaceContainer(&g, PIDNS, c.config.PIDNsCtr, string(spec.PIDNamespace)); err != nil {
return nil, err
}
}
- if c.config.PIDNsPod && podInfraContainer != "" {
- if err := c.addNamespaceContainer(&g, PIDNS, podInfraContainer, string(spec.PIDNamespace)); err != nil {
- return nil, err
- }
- }
if c.config.UserNsCtr != "" {
if err := c.addNamespaceContainer(&g, UserNS, c.config.UserNsCtr, spec.UserNamespace); err != nil {
return nil, err
}
}
- if c.config.UserNsPod && podInfraContainer != "" {
- if err := c.addNamespaceContainer(&g, UserNS, podInfraContainer, spec.UserNamespace); err != nil {
- return nil, err
- }
- }
if c.config.UTSNsCtr != "" {
if err := c.addNamespaceContainer(&g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil {
return nil, err
}
}
- if c.config.UTSNsPod && podInfraContainer != "" {
- if err := c.addNamespaceContainer(&g, UTSNS, podInfraContainer, spec.UTSNamespace); err != nil {
- return nil, err
- }
- }
if c.config.CgroupNsCtr != "" {
if err := c.addNamespaceContainer(&g, CgroupNS, c.config.CgroupNsCtr, spec.CgroupNamespace); err != nil {
return nil, err
}
}
- if c.config.CgroupNsPod && podInfraContainer != "" {
- if err := c.addNamespaceContainer(&g, CgroupNS, podInfraContainer, spec.CgroupNamespace); err != nil {
- return nil, err
- }
- }
if c.config.Rootfs == "" {
if err := idtools.MkdirAllAs(c.state.RealMountpoint, 0700, c.RootUID(), c.RootGID()); err != nil {
diff --git a/libpod/options.go b/libpod/options.go
index b8f66db5c..f9ef2468e 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -551,17 +551,29 @@ func WithExitCommand(exitCommand []string) CtrCreateOption {
// WithIPCNSFromPod indicates the the container should join the IPC namespace of
// its pod
-func WithIPCNSFromPod() CtrCreateOption {
+func WithIPCNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
+ if p == nil {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
+ }
+
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
- ctr.config.IPCNsPod = true
+ if ctr.config.Pod != p.ID() {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
+ }
+
+ infraContainer, err := p.InfraContainerID()
+ if err != nil {
+ return err
+ }
+ ctr.config.IPCNsCtr = infraContainer
return nil
}
@@ -569,17 +581,29 @@ func WithIPCNSFromPod() CtrCreateOption {
// WithMountNSFromPod indicates the the container should join the Mount namespace of
// its pod
-func WithMountNSFromPod() CtrCreateOption {
+func WithMountNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
+ if p == nil {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
+ }
+
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
- ctr.config.MountNsPod = true
+ if ctr.config.Pod != p.ID() {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
+ }
+
+ infraContainer, err := p.InfraContainerID()
+ if err != nil {
+ return err
+ }
+ ctr.config.MountNsCtr = infraContainer
return nil
}
@@ -587,17 +611,29 @@ func WithMountNSFromPod() CtrCreateOption {
// WithNetNSFromPod indicates the the container should join the network namespace of
// its pod
-func WithNetNSFromPod() CtrCreateOption {
+func WithNetNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
+ if p == nil {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
+ }
+
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
- ctr.config.NetNsPod = true
+ if ctr.config.Pod != p.ID() {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
+ }
+
+ infraContainer, err := p.InfraContainerID()
+ if err != nil {
+ return err
+ }
+ ctr.config.NetNsCtr = infraContainer
return nil
}
@@ -605,17 +641,29 @@ func WithNetNSFromPod() CtrCreateOption {
// WithPIDNSFromPod indicates the the container should join the PID namespace of
// its pod
-func WithPIDNSFromPod() CtrCreateOption {
+func WithPIDNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
+ if p == nil {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
+ }
+
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
- ctr.config.PIDNsPod = true
+ if ctr.config.Pod != p.ID() {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
+ }
+
+ infraContainer, err := p.InfraContainerID()
+ if err != nil {
+ return err
+ }
+ ctr.config.PIDNsCtr = infraContainer
return nil
}
@@ -623,17 +671,29 @@ func WithPIDNSFromPod() CtrCreateOption {
// WithUTSNSFromPod indicates the the container should join the UTS namespace of
// its pod
-func WithUTSNSFromPod() CtrCreateOption {
+func WithUTSNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
+ if p == nil {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
+ }
+
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
- ctr.config.UTSNsPod = true
+ if ctr.config.Pod != p.ID() {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
+ }
+
+ infraContainer, err := p.InfraContainerID()
+ if err != nil {
+ return err
+ }
+ ctr.config.UTSNsCtr = infraContainer
return nil
}
@@ -641,17 +701,29 @@ func WithUTSNSFromPod() CtrCreateOption {
// WithUserNSFromPod indicates the the container should join the User namespace of
// its pod
-func WithUserNSFromPod() CtrCreateOption {
+func WithUserNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
+ if p == nil {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
+ }
+
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
- ctr.config.UserNsPod = true
+ if ctr.config.Pod != p.ID() {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
+ }
+
+ infraContainer, err := p.InfraContainerID()
+ if err != nil {
+ return err
+ }
+ ctr.config.UserNsCtr = infraContainer
return nil
}
@@ -659,17 +731,29 @@ func WithUserNSFromPod() CtrCreateOption {
// WithCgroupNSFromPod indicates the the container should join the Cgroup namespace of
// its pod
-func WithCgroupNSFromPod() CtrCreateOption {
+func WithCgroupNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
+ if p == nil {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
+ }
+
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
- ctr.config.CgroupNsPod = true
+ if ctr.config.Pod != p.ID() {
+ return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
+ }
+
+ infraContainer, err := p.InfraContainerID()
+ if err != nil {
+ return err
+ }
+ ctr.config.CgroupNsCtr = infraContainer
return nil
}
@@ -1284,17 +1368,19 @@ func WithPodNet() PodCreateOption {
}
}
-// WithPodMNT tells containers in this pod to use the mount namespace
+// WithPodMount tells containers in this pod to use the mount namespace
// created for this pod.
// Containers in a pod will inherit the kernel namespaces from the
// first container added.
-func WithPodMNT() PodCreateOption {
+// TODO implement WithMountNSFrom, so WithMountNsFromPod functions properly
+// Then this option can be added on the pod level
+func WithPodMount() PodCreateOption {
return func(pod *Pod) error {
if pod.valid {
return ErrPodFinalized
}
- pod.config.UsePodMNT = true
+ pod.config.UsePodMount = true
return nil
}
@@ -1304,6 +1390,8 @@ func WithPodMNT() PodCreateOption {
// created for this pod.
// Containers in a pod will inherit the kernel namespaces from the
// first container added.
+// TODO implement WithUserNSFrom, so WithUserNsFromPod functions properly
+// Then this option can be added on the pod level
func WithPodUser() PodCreateOption {
return func(pod *Pod) error {
if pod.valid {
diff --git a/libpod/pod.go b/libpod/pod.go
index f8c656920..9c7a3e3a3 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -39,7 +39,6 @@ type PodConfig struct {
Labels map[string]string `json:"labels"`
// CgroupParent contains the pod's CGroup parent
CgroupParent string `json:"cgroupParent"`
-
// UsePodCgroup indicates whether the pod will create its own CGroup and
// join containers to it.
// If true, all containers joined to the pod will use the pod cgroup as
@@ -48,12 +47,12 @@ type PodConfig struct {
// The following UsePod{kernelNamespace} indicate whether the containers
// in the pod will inherit the namespace from the first container in the pod.
- UsePodPID bool `json:"sharesPid,omitempty"`
- UsePodIPC bool `json:"sharesIpc,omitempty"`
- UsePodNet bool `json:"sharesNet,omitempty"`
- UsePodMNT bool `json:"sharesMnt,omitempty"`
- UsePodUser bool `json:"sharesUser,omitempty"`
- UsePodUTS bool `json:"sharesUts,omitempty"`
+ UsePodPID bool `json:"sharesPid,omitempty"`
+ UsePodIPC bool `json:"sharesIpc,omitempty"`
+ UsePodNet bool `json:"sharesNet,omitempty"`
+ UsePodMount bool `json:"sharesMnt,omitempty"`
+ UsePodUser bool `json:"sharesUser,omitempty"`
+ UsePodUTS bool `json:"sharesUts,omitempty"`
InfraContainer *InfraContainerConfig `json:"infraConfig"`
@@ -149,10 +148,10 @@ func (p *Pod) SharesNet() bool {
return p.config.UsePodNet
}
-// SharesMNT returns whether containers in pod
+// SharesMount returns whether containers in pod
// default to use PID namespace of first container in pod
-func (p *Pod) SharesMNT() bool {
- return p.config.UsePodMNT
+func (p *Pod) SharesMount() bool {
+ return p.config.UsePodMount
}
// SharesUser returns whether containers in pod
@@ -227,7 +226,7 @@ func (p *Pod) HasInfraContainer() bool {
// SharesNamespaces checks if the pod has any kernel namespaces set as shared. An infra container will not be
// created if no kernel namespaces are shared.
func (p *Pod) SharesNamespaces() bool {
- return p.SharesPID() || p.SharesIPC() || p.SharesNet() || p.SharesMNT() || p.SharesUser() || p.SharesUTS()
+ return p.SharesPID() || p.SharesIPC() || p.SharesNet() || p.SharesMount() || p.SharesUser() || p.SharesUTS()
}
// InfraContainerID returns the infra container ID for a pod.
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index ebb8753b8..0c518da0d 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -427,9 +427,6 @@ func (p *Pod) Inspect() (*PodInspect, error) {
podContainers = append(podContainers, pc)
}
infraContainerID := p.state.InfraContainerID
- if err != nil {
- return &PodInspect{}, err
- }
config := new(PodConfig)
deepcopier.Copy(p.config).To(config)
diff --git a/libpod/pod_ffjson.go b/libpod/pod_ffjson.go
index 65354f62a..76781dbbd 100644
--- a/libpod/pod_ffjson.go
+++ b/libpod/pod_ffjson.go
@@ -299,8 +299,8 @@ func (j *PodConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
}
buf.WriteByte(',')
}
- if j.UsePodMNT != false {
- if j.UsePodMNT {
+ if j.UsePodMount != false {
+ if j.UsePodMount {
buf.WriteString(`"sharesMnt":true`)
} else {
buf.WriteString(`"sharesMnt":false`)
@@ -374,7 +374,7 @@ const (
ffjtPodConfigUsePodNet
- ffjtPodConfigUsePodMNT
+ ffjtPodConfigUsePodMount
ffjtPodConfigUsePodUser
@@ -403,7 +403,7 @@ var ffjKeyPodConfigUsePodIPC = []byte("sharesIpc")
var ffjKeyPodConfigUsePodNet = []byte("sharesNet")
-var ffjKeyPodConfigUsePodMNT = []byte("sharesMnt")
+var ffjKeyPodConfigUsePodMount = []byte("sharesMnt")
var ffjKeyPodConfigUsePodUser = []byte("sharesUser")
@@ -543,8 +543,8 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
- } else if bytes.Equal(ffjKeyPodConfigUsePodMNT, kn) {
- currentKey = ffjtPodConfigUsePodMNT
+ } else if bytes.Equal(ffjKeyPodConfigUsePodMount, kn) {
+ currentKey = ffjtPodConfigUsePodMount
state = fflib.FFParse_want_colon
goto mainparse
@@ -585,8 +585,8 @@ mainparse:
goto mainparse
}
- if fflib.EqualFoldRight(ffjKeyPodConfigUsePodMNT, kn) {
- currentKey = ffjtPodConfigUsePodMNT
+ if fflib.EqualFoldRight(ffjKeyPodConfigUsePodMount, kn) {
+ currentKey = ffjtPodConfigUsePodMount
state = fflib.FFParse_want_colon
goto mainparse
}
@@ -689,8 +689,8 @@ mainparse:
case ffjtPodConfigUsePodNet:
goto handle_UsePodNet
- case ffjtPodConfigUsePodMNT:
- goto handle_UsePodMNT
+ case ffjtPodConfigUsePodMount:
+ goto handle_UsePodMount
case ffjtPodConfigUsePodUser:
goto handle_UsePodUser
@@ -1067,9 +1067,9 @@ handle_UsePodNet:
state = fflib.FFParse_after_value
goto mainparse
-handle_UsePodMNT:
+handle_UsePodMount:
- /* handler: j.UsePodMNT type=bool kind=bool quoted=false*/
+ /* handler: j.UsePodMount type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
@@ -1085,11 +1085,11 @@ handle_UsePodMNT:
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
- j.UsePodMNT = true
+ j.UsePodMount = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
- j.UsePodMNT = false
+ j.UsePodMount = false
} else {
err = errors.New("unexpected bytes for true/false value")
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 762044dbd..a0b576bcd 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -88,7 +88,6 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
ctr.runtime = r
var pod *Pod
-
if ctr.config.Pod != "" {
// Get the pod from state
pod, err = r.state.Pod(ctr.config.Pod)
@@ -230,7 +229,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool)
infraID := pod.state.InfraContainerID
if c.ID() == infraID {
- return errors.Errorf("an infra container cannot be removed without removing pod %s", pod.ID())
+ return errors.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID())
}
}
diff --git a/libpod/runtime_pod.go b/libpod/runtime_pod.go
index 19e32d1b0..b3dd7dabd 100644
--- a/libpod/runtime_pod.go
+++ b/libpod/runtime_pod.go
@@ -33,6 +33,14 @@ func (r *Runtime) RemovePod(ctx context.Context, p *Pod, removeCtrs, force bool)
return ErrRuntimeStopped
}
+ if !p.valid {
+ if ok, _ := r.state.HasPod(p.ID()); !ok {
+ // Pod probably already removed
+ // Or was never in the runtime to begin with
+ return nil
+ }
+ }
+
p.lock.Lock()
defer p.lock.Unlock()
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index 9649a3138..39bd8d07a 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -6,6 +6,8 @@ import (
"context"
"github.com/containers/libpod/libpod/image"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/cri-o/ocicni/pkg/ocicni"
"github.com/opencontainers/runtime-tools/generate"
)
@@ -33,6 +35,11 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
options = append(options, WithName(containerName))
options = append(options, withIsInfra())
+ // Since user namespace sharing is not implemented, we only need to check if it's rootless
+ portMappings := make([]ocicni.PortMapping, 0)
+ networks := make([]string, 0)
+ options = append(options, WithNetNS(portMappings, rootless.IsRootless(), networks))
+
return r.newContainer(ctx, g.Config, options...)
}
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index b4530081c..17629defe 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -115,12 +115,8 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod,
}
func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) error {
- if !p.valid {
- if ok, _ := r.state.HasPod(p.ID()); !ok {
- // Pod probably already removed
- // Or was never in the runtime to begin with
- return nil
- }
+ if err := p.updatePod(); err != nil {
+ return err
}
ctrs, err := r.state.PodContainers(p)
@@ -131,9 +127,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
numCtrs := len(ctrs)
// If the only container in the pod is the pause container, remove the pod and container unconditionally.
- if err := p.updatePod(); err != nil {
- return err
- }
pauseCtrID := p.state.InfraContainerID
if numCtrs == 1 && ctrs[0].ID() == pauseCtrID {
removeCtrs = true