diff options
author | haircommander <pehunt@redhat.com> | 2018-08-20 17:56:35 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-23 18:16:28 +0000 |
commit | 0e6266858a913ac36de0726ede10d5d03af533e3 (patch) | |
tree | 152c7b8b029d5eb80c6caf466c9d0ab1b0ef3913 /libpod | |
parent | 2a7449362f2884d9ae6a783c0ce38979d882e2cf (diff) | |
download | podman-0e6266858a913ac36de0726ede10d5d03af533e3.tar.gz podman-0e6266858a913ac36de0726ede10d5d03af533e3.tar.bz2 podman-0e6266858a913ac36de0726ede10d5d03af533e3.zip |
Fixing network ns segfault
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container.go | 13 | ||||
-rw-r--r-- | libpod/container_ffjson.go | 427 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 49 | ||||
-rw-r--r-- | libpod/options.go | 122 | ||||
-rw-r--r-- | libpod/pod.go | 21 | ||||
-rw-r--r-- | libpod/pod_api.go | 3 | ||||
-rw-r--r-- | libpod/pod_ffjson.go | 28 | ||||
-rw-r--r-- | libpod/runtime_ctr.go | 3 | ||||
-rw-r--r-- | libpod/runtime_pod.go | 8 | ||||
-rw-r--r-- | libpod/runtime_pod_infra_linux.go | 7 | ||||
-rw-r--r-- | libpod/runtime_pod_linux.go | 11 |
11 files changed, 147 insertions, 545 deletions
diff --git a/libpod/container.go b/libpod/container.go index 28e451225..ea6cd2ac4 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -252,19 +252,6 @@ type ContainerConfig struct { UTSNsCtr string `json:"utsNsCtr,omitempty"` CgroupNsCtr string `json:"cgroupNsCtr,omitempty"` - // Whether container shares an NS with the pod - // NetNsPod conflicts with the CreateNetNS bool - // {namespace}NsPod conflicts with {namespace}NsCtr - // The pause container will be considered dependencies of the given container - // It must be started before the given container is started - IPCNsPod bool `json:"ipcNsPod,omitempty"` - MountNsPod bool `json:"mountNsPod,omitempty"` - NetNsPod bool `json:"netNsPod,omitempty"` - PIDNsPod bool `json:"pidNsPod,omitempty"` - UserNsPod bool `json:"userNsPod,omitempty"` - UTSNsPod bool `json:"utsNsPod,omitempty"` - CgroupNsPod bool `json:"cgroupNsPod,omitempty"` - // IDs of dependency containers. // These containers must be started before this container is started. Dependencies []string diff --git a/libpod/container_ffjson.go b/libpod/container_ffjson.go index c35a72cb7..22d6ed2a9 100644 --- a/libpod/container_ffjson.go +++ b/libpod/container_ffjson.go @@ -194,62 +194,6 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error { fflib.WriteJsonString(buf, string(j.CgroupNsCtr)) buf.WriteByte(',') } - if j.IPCNsPod != false { - if j.IPCNsPod { - buf.WriteString(`"ipcNsPod":true`) - } else { - buf.WriteString(`"ipcNsPod":false`) - } - buf.WriteByte(',') - } - if j.MountNsPod != false { - if j.MountNsPod { - buf.WriteString(`"mountNsPod":true`) - } else { - buf.WriteString(`"mountNsPod":false`) - } - buf.WriteByte(',') - } - if j.NetNsPod != false { - if j.NetNsPod { - buf.WriteString(`"netNsPod":true`) - } else { - buf.WriteString(`"netNsPod":false`) - } - buf.WriteByte(',') - } - if j.PIDNsPod != false { - if j.PIDNsPod { - buf.WriteString(`"pidNsPod":true`) - } else { - buf.WriteString(`"pidNsPod":false`) - } - buf.WriteByte(',') - } - if j.UserNsPod != false { - if j.UserNsPod { - buf.WriteString(`"userNsPod":true`) - } else { - buf.WriteString(`"userNsPod":false`) - } - buf.WriteByte(',') - } - if j.UTSNsPod != false { - if j.UTSNsPod { - buf.WriteString(`"utsNsPod":true`) - } else { - buf.WriteString(`"utsNsPod":false`) - } - buf.WriteByte(',') - } - if j.CgroupNsPod != false { - if j.CgroupNsPod { - buf.WriteString(`"cgroupNsPod":true`) - } else { - buf.WriteString(`"cgroupNsPod":false`) - } - buf.WriteByte(',') - } buf.WriteString(`"Dependencies":`) if j.Dependencies != nil { buf.WriteString(`[`) @@ -582,20 +526,6 @@ const ( ffjtContainerConfigCgroupNsCtr - ffjtContainerConfigIPCNsPod - - ffjtContainerConfigMountNsPod - - ffjtContainerConfigNetNsPod - - ffjtContainerConfigPIDNsPod - - ffjtContainerConfigUserNsPod - - ffjtContainerConfigUTSNsPod - - ffjtContainerConfigCgroupNsPod - ffjtContainerConfigDependencies ffjtContainerConfigCreateNetNS @@ -695,20 +625,6 @@ var ffjKeyContainerConfigUTSNsCtr = []byte("utsNsCtr") var ffjKeyContainerConfigCgroupNsCtr = []byte("cgroupNsCtr") -var ffjKeyContainerConfigIPCNsPod = []byte("ipcNsPod") - -var ffjKeyContainerConfigMountNsPod = []byte("mountNsPod") - -var ffjKeyContainerConfigNetNsPod = []byte("netNsPod") - -var ffjKeyContainerConfigPIDNsPod = []byte("pidNsPod") - -var ffjKeyContainerConfigUserNsPod = []byte("userNsPod") - -var ffjKeyContainerConfigUTSNsPod = []byte("utsNsPod") - -var ffjKeyContainerConfigCgroupNsPod = []byte("cgroupNsPod") - var ffjKeyContainerConfigDependencies = []byte("Dependencies") var ffjKeyContainerConfigCreateNetNS = []byte("createNetNS") @@ -863,11 +779,6 @@ mainparse: state = fflib.FFParse_want_colon goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigCgroupNsPod, kn) { - currentKey = ffjtContainerConfigCgroupNsPod - state = fflib.FFParse_want_colon - goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigCreateNetNS, kn) { currentKey = ffjtContainerConfigCreateNetNS state = fflib.FFParse_want_colon @@ -962,11 +873,6 @@ mainparse: currentKey = ffjtContainerConfigIPCNsCtr state = fflib.FFParse_want_colon goto mainparse - - } else if bytes.Equal(ffjKeyContainerConfigIPCNsPod, kn) { - currentKey = ffjtContainerConfigIPCNsPod - state = fflib.FFParse_want_colon - goto mainparse } case 'l': @@ -993,11 +899,6 @@ mainparse: currentKey = ffjtContainerConfigMountNsCtr state = fflib.FFParse_want_colon goto mainparse - - } else if bytes.Equal(ffjKeyContainerConfigMountNsPod, kn) { - currentKey = ffjtContainerConfigMountNsPod - state = fflib.FFParse_want_colon - goto mainparse } case 'n': @@ -1017,11 +918,6 @@ mainparse: state = fflib.FFParse_want_colon goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigNetNsPod, kn) { - currentKey = ffjtContainerConfigNetNsPod - state = fflib.FFParse_want_colon - goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigNetworks, kn) { currentKey = ffjtContainerConfigNetworks state = fflib.FFParse_want_colon @@ -1045,11 +941,6 @@ mainparse: state = fflib.FFParse_want_colon goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigPIDNsPod, kn) { - currentKey = ffjtContainerConfigPIDNsPod - state = fflib.FFParse_want_colon - goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigPortMappings, kn) { currentKey = ffjtContainerConfigPortMappings state = fflib.FFParse_want_colon @@ -1134,16 +1025,6 @@ mainparse: state = fflib.FFParse_want_colon goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigUserNsPod, kn) { - currentKey = ffjtContainerConfigUserNsPod - state = fflib.FFParse_want_colon - goto mainparse - - } else if bytes.Equal(ffjKeyContainerConfigUTSNsPod, kn) { - currentKey = ffjtContainerConfigUTSNsPod - state = fflib.FFParse_want_colon - goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigUserVolumes, kn) { currentKey = ffjtContainerConfigUserVolumes state = fflib.FFParse_want_colon @@ -1290,48 +1171,6 @@ mainparse: goto mainparse } - if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsPod, kn) { - currentKey = ffjtContainerConfigCgroupNsPod - state = fflib.FFParse_want_colon - goto mainparse - } - - if fflib.EqualFoldRight(ffjKeyContainerConfigUTSNsPod, kn) { - currentKey = ffjtContainerConfigUTSNsPod - state = fflib.FFParse_want_colon - goto mainparse - } - - if fflib.EqualFoldRight(ffjKeyContainerConfigUserNsPod, kn) { - currentKey = ffjtContainerConfigUserNsPod - state = fflib.FFParse_want_colon - goto mainparse - } - - if fflib.EqualFoldRight(ffjKeyContainerConfigPIDNsPod, kn) { - currentKey = ffjtContainerConfigPIDNsPod - state = fflib.FFParse_want_colon - goto mainparse - } - - if fflib.EqualFoldRight(ffjKeyContainerConfigNetNsPod, kn) { - currentKey = ffjtContainerConfigNetNsPod - state = fflib.FFParse_want_colon - goto mainparse - } - - if fflib.EqualFoldRight(ffjKeyContainerConfigMountNsPod, kn) { - currentKey = ffjtContainerConfigMountNsPod - state = fflib.FFParse_want_colon - goto mainparse - } - - if fflib.EqualFoldRight(ffjKeyContainerConfigIPCNsPod, kn) { - currentKey = ffjtContainerConfigIPCNsPod - state = fflib.FFParse_want_colon - goto mainparse - } - if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsCtr, kn) { currentKey = ffjtContainerConfigCgroupNsCtr state = fflib.FFParse_want_colon @@ -1583,27 +1422,6 @@ mainparse: case ffjtContainerConfigCgroupNsCtr: goto handle_CgroupNsCtr - case ffjtContainerConfigIPCNsPod: - goto handle_IPCNsPod - - case ffjtContainerConfigMountNsPod: - goto handle_MountNsPod - - case ffjtContainerConfigNetNsPod: - goto handle_NetNsPod - - case ffjtContainerConfigPIDNsPod: - goto handle_PIDNsPod - - case ffjtContainerConfigUserNsPod: - goto handle_UserNsPod - - case ffjtContainerConfigUTSNsPod: - goto handle_UTSNsPod - - case ffjtContainerConfigCgroupNsPod: - goto handle_CgroupNsPod - case ffjtContainerConfigDependencies: goto handle_Dependencies @@ -2469,251 +2287,6 @@ handle_CgroupNsCtr: state = fflib.FFParse_after_value goto mainparse -handle_IPCNsPod: - - /* handler: j.IPCNsPod type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.IPCNsPod = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.IPCNsPod = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - -handle_MountNsPod: - - /* handler: j.MountNsPod type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.MountNsPod = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.MountNsPod = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - -handle_NetNsPod: - - /* handler: j.NetNsPod type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.NetNsPod = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.NetNsPod = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - -handle_PIDNsPod: - - /* handler: j.PIDNsPod type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.PIDNsPod = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.PIDNsPod = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - -handle_UserNsPod: - - /* handler: j.UserNsPod type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.UserNsPod = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.UserNsPod = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - -handle_UTSNsPod: - - /* handler: j.UTSNsPod type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.UTSNsPod = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.UTSNsPod = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - -handle_CgroupNsPod: - - /* handler: j.CgroupNsPod type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.CgroupNsPod = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.CgroupNsPod = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - handle_Dependencies: /* handler: j.Dependencies type=[]string kind=slice quoted=false*/ diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 2267f69a1..ba02c9f5a 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -168,91 +168,42 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } } - var podInfraContainer string - if c.config.Pod != "" { - pod, err := c.runtime.state.LookupPod(c.config.Pod) - if err != nil { - return nil, err - } - if pod.SharesNamespaces() { - if err := pod.updatePod(); err != nil { - return nil, err - } - podInfraContainer = pod.state.InfraContainerID - } - } - // Add shared namespaces from other containers if c.config.IPCNsCtr != "" { if err := c.addNamespaceContainer(&g, IPCNS, c.config.IPCNsCtr, spec.IPCNamespace); err != nil { return nil, err } } - if c.config.IPCNsPod && podInfraContainer != "" { - if err := c.addNamespaceContainer(&g, IPCNS, podInfraContainer, spec.IPCNamespace); err != nil { - return nil, err - } - } if c.config.MountNsCtr != "" { if err := c.addNamespaceContainer(&g, MountNS, c.config.MountNsCtr, spec.MountNamespace); err != nil { return nil, err } } - if c.config.MountNsPod && podInfraContainer != "" { - if err := c.addNamespaceContainer(&g, MountNS, podInfraContainer, spec.MountNamespace); err != nil { - return nil, err - } - } if c.config.NetNsCtr != "" { if err := c.addNamespaceContainer(&g, NetNS, c.config.NetNsCtr, spec.NetworkNamespace); err != nil { return nil, err } } - if c.config.NetNsPod && podInfraContainer != "" { - if err := c.addNamespaceContainer(&g, NetNS, podInfraContainer, spec.NetworkNamespace); err != nil { - return nil, err - } - } if c.config.PIDNsCtr != "" { if err := c.addNamespaceContainer(&g, PIDNS, c.config.PIDNsCtr, string(spec.PIDNamespace)); err != nil { return nil, err } } - if c.config.PIDNsPod && podInfraContainer != "" { - if err := c.addNamespaceContainer(&g, PIDNS, podInfraContainer, string(spec.PIDNamespace)); err != nil { - return nil, err - } - } if c.config.UserNsCtr != "" { if err := c.addNamespaceContainer(&g, UserNS, c.config.UserNsCtr, spec.UserNamespace); err != nil { return nil, err } } - if c.config.UserNsPod && podInfraContainer != "" { - if err := c.addNamespaceContainer(&g, UserNS, podInfraContainer, spec.UserNamespace); err != nil { - return nil, err - } - } if c.config.UTSNsCtr != "" { if err := c.addNamespaceContainer(&g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil { return nil, err } } - if c.config.UTSNsPod && podInfraContainer != "" { - if err := c.addNamespaceContainer(&g, UTSNS, podInfraContainer, spec.UTSNamespace); err != nil { - return nil, err - } - } if c.config.CgroupNsCtr != "" { if err := c.addNamespaceContainer(&g, CgroupNS, c.config.CgroupNsCtr, spec.CgroupNamespace); err != nil { return nil, err } } - if c.config.CgroupNsPod && podInfraContainer != "" { - if err := c.addNamespaceContainer(&g, CgroupNS, podInfraContainer, spec.CgroupNamespace); err != nil { - return nil, err - } - } if c.config.Rootfs == "" { if err := idtools.MkdirAllAs(c.state.RealMountpoint, 0700, c.RootUID(), c.RootGID()); err != nil { diff --git a/libpod/options.go b/libpod/options.go index b8f66db5c..f9ef2468e 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -551,17 +551,29 @@ func WithExitCommand(exitCommand []string) CtrCreateOption { // WithIPCNSFromPod indicates the the container should join the IPC namespace of // its pod -func WithIPCNSFromPod() CtrCreateOption { +func WithIPCNSFromPod(p *Pod) CtrCreateOption { return func(ctr *Container) error { if ctr.valid { return ErrCtrFinalized } + if p == nil { + return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod") + } + if ctr.config.Pod == "" { return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod") } - ctr.config.IPCNsPod = true + if ctr.config.Pod != p.ID() { + return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with") + } + + infraContainer, err := p.InfraContainerID() + if err != nil { + return err + } + ctr.config.IPCNsCtr = infraContainer return nil } @@ -569,17 +581,29 @@ func WithIPCNSFromPod() CtrCreateOption { // WithMountNSFromPod indicates the the container should join the Mount namespace of // its pod -func WithMountNSFromPod() CtrCreateOption { +func WithMountNSFromPod(p *Pod) CtrCreateOption { return func(ctr *Container) error { if ctr.valid { return ErrCtrFinalized } + if p == nil { + return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod") + } + if ctr.config.Pod == "" { return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod") } - ctr.config.MountNsPod = true + if ctr.config.Pod != p.ID() { + return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with") + } + + infraContainer, err := p.InfraContainerID() + if err != nil { + return err + } + ctr.config.MountNsCtr = infraContainer return nil } @@ -587,17 +611,29 @@ func WithMountNSFromPod() CtrCreateOption { // WithNetNSFromPod indicates the the container should join the network namespace of // its pod -func WithNetNSFromPod() CtrCreateOption { +func WithNetNSFromPod(p *Pod) CtrCreateOption { return func(ctr *Container) error { if ctr.valid { return ErrCtrFinalized } + if p == nil { + return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod") + } + if ctr.config.Pod == "" { return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod") } - ctr.config.NetNsPod = true + if ctr.config.Pod != p.ID() { + return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with") + } + + infraContainer, err := p.InfraContainerID() + if err != nil { + return err + } + ctr.config.NetNsCtr = infraContainer return nil } @@ -605,17 +641,29 @@ func WithNetNSFromPod() CtrCreateOption { // WithPIDNSFromPod indicates the the container should join the PID namespace of // its pod -func WithPIDNSFromPod() CtrCreateOption { +func WithPIDNSFromPod(p *Pod) CtrCreateOption { return func(ctr *Container) error { if ctr.valid { return ErrCtrFinalized } + if p == nil { + return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod") + } + if ctr.config.Pod == "" { return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod") } - ctr.config.PIDNsPod = true + if ctr.config.Pod != p.ID() { + return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with") + } + + infraContainer, err := p.InfraContainerID() + if err != nil { + return err + } + ctr.config.PIDNsCtr = infraContainer return nil } @@ -623,17 +671,29 @@ func WithPIDNSFromPod() CtrCreateOption { // WithUTSNSFromPod indicates the the container should join the UTS namespace of // its pod -func WithUTSNSFromPod() CtrCreateOption { +func WithUTSNSFromPod(p *Pod) CtrCreateOption { return func(ctr *Container) error { if ctr.valid { return ErrCtrFinalized } + if p == nil { + return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod") + } + if ctr.config.Pod == "" { return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod") } - ctr.config.UTSNsPod = true + if ctr.config.Pod != p.ID() { + return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with") + } + + infraContainer, err := p.InfraContainerID() + if err != nil { + return err + } + ctr.config.UTSNsCtr = infraContainer return nil } @@ -641,17 +701,29 @@ func WithUTSNSFromPod() CtrCreateOption { // WithUserNSFromPod indicates the the container should join the User namespace of // its pod -func WithUserNSFromPod() CtrCreateOption { +func WithUserNSFromPod(p *Pod) CtrCreateOption { return func(ctr *Container) error { if ctr.valid { return ErrCtrFinalized } + if p == nil { + return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod") + } + if ctr.config.Pod == "" { return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod") } - ctr.config.UserNsPod = true + if ctr.config.Pod != p.ID() { + return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with") + } + + infraContainer, err := p.InfraContainerID() + if err != nil { + return err + } + ctr.config.UserNsCtr = infraContainer return nil } @@ -659,17 +731,29 @@ func WithUserNSFromPod() CtrCreateOption { // WithCgroupNSFromPod indicates the the container should join the Cgroup namespace of // its pod -func WithCgroupNSFromPod() CtrCreateOption { +func WithCgroupNSFromPod(p *Pod) CtrCreateOption { return func(ctr *Container) error { if ctr.valid { return ErrCtrFinalized } + if p == nil { + return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod") + } + if ctr.config.Pod == "" { return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod") } - ctr.config.CgroupNsPod = true + if ctr.config.Pod != p.ID() { + return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with") + } + + infraContainer, err := p.InfraContainerID() + if err != nil { + return err + } + ctr.config.CgroupNsCtr = infraContainer return nil } @@ -1284,17 +1368,19 @@ func WithPodNet() PodCreateOption { } } -// WithPodMNT tells containers in this pod to use the mount namespace +// WithPodMount tells containers in this pod to use the mount namespace // created for this pod. // Containers in a pod will inherit the kernel namespaces from the // first container added. -func WithPodMNT() PodCreateOption { +// TODO implement WithMountNSFrom, so WithMountNsFromPod functions properly +// Then this option can be added on the pod level +func WithPodMount() PodCreateOption { return func(pod *Pod) error { if pod.valid { return ErrPodFinalized } - pod.config.UsePodMNT = true + pod.config.UsePodMount = true return nil } @@ -1304,6 +1390,8 @@ func WithPodMNT() PodCreateOption { // created for this pod. // Containers in a pod will inherit the kernel namespaces from the // first container added. +// TODO implement WithUserNSFrom, so WithUserNsFromPod functions properly +// Then this option can be added on the pod level func WithPodUser() PodCreateOption { return func(pod *Pod) error { if pod.valid { diff --git a/libpod/pod.go b/libpod/pod.go index f8c656920..9c7a3e3a3 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -39,7 +39,6 @@ type PodConfig struct { Labels map[string]string `json:"labels"` // CgroupParent contains the pod's CGroup parent CgroupParent string `json:"cgroupParent"` - // UsePodCgroup indicates whether the pod will create its own CGroup and // join containers to it. // If true, all containers joined to the pod will use the pod cgroup as @@ -48,12 +47,12 @@ type PodConfig struct { // The following UsePod{kernelNamespace} indicate whether the containers // in the pod will inherit the namespace from the first container in the pod. - UsePodPID bool `json:"sharesPid,omitempty"` - UsePodIPC bool `json:"sharesIpc,omitempty"` - UsePodNet bool `json:"sharesNet,omitempty"` - UsePodMNT bool `json:"sharesMnt,omitempty"` - UsePodUser bool `json:"sharesUser,omitempty"` - UsePodUTS bool `json:"sharesUts,omitempty"` + UsePodPID bool `json:"sharesPid,omitempty"` + UsePodIPC bool `json:"sharesIpc,omitempty"` + UsePodNet bool `json:"sharesNet,omitempty"` + UsePodMount bool `json:"sharesMnt,omitempty"` + UsePodUser bool `json:"sharesUser,omitempty"` + UsePodUTS bool `json:"sharesUts,omitempty"` InfraContainer *InfraContainerConfig `json:"infraConfig"` @@ -149,10 +148,10 @@ func (p *Pod) SharesNet() bool { return p.config.UsePodNet } -// SharesMNT returns whether containers in pod +// SharesMount returns whether containers in pod // default to use PID namespace of first container in pod -func (p *Pod) SharesMNT() bool { - return p.config.UsePodMNT +func (p *Pod) SharesMount() bool { + return p.config.UsePodMount } // SharesUser returns whether containers in pod @@ -227,7 +226,7 @@ func (p *Pod) HasInfraContainer() bool { // SharesNamespaces checks if the pod has any kernel namespaces set as shared. An infra container will not be // created if no kernel namespaces are shared. func (p *Pod) SharesNamespaces() bool { - return p.SharesPID() || p.SharesIPC() || p.SharesNet() || p.SharesMNT() || p.SharesUser() || p.SharesUTS() + return p.SharesPID() || p.SharesIPC() || p.SharesNet() || p.SharesMount() || p.SharesUser() || p.SharesUTS() } // InfraContainerID returns the infra container ID for a pod. diff --git a/libpod/pod_api.go b/libpod/pod_api.go index ebb8753b8..0c518da0d 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -427,9 +427,6 @@ func (p *Pod) Inspect() (*PodInspect, error) { podContainers = append(podContainers, pc) } infraContainerID := p.state.InfraContainerID - if err != nil { - return &PodInspect{}, err - } config := new(PodConfig) deepcopier.Copy(p.config).To(config) diff --git a/libpod/pod_ffjson.go b/libpod/pod_ffjson.go index 65354f62a..76781dbbd 100644 --- a/libpod/pod_ffjson.go +++ b/libpod/pod_ffjson.go @@ -299,8 +299,8 @@ func (j *PodConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error { } buf.WriteByte(',') } - if j.UsePodMNT != false { - if j.UsePodMNT { + if j.UsePodMount != false { + if j.UsePodMount { buf.WriteString(`"sharesMnt":true`) } else { buf.WriteString(`"sharesMnt":false`) @@ -374,7 +374,7 @@ const ( ffjtPodConfigUsePodNet - ffjtPodConfigUsePodMNT + ffjtPodConfigUsePodMount ffjtPodConfigUsePodUser @@ -403,7 +403,7 @@ var ffjKeyPodConfigUsePodIPC = []byte("sharesIpc") var ffjKeyPodConfigUsePodNet = []byte("sharesNet") -var ffjKeyPodConfigUsePodMNT = []byte("sharesMnt") +var ffjKeyPodConfigUsePodMount = []byte("sharesMnt") var ffjKeyPodConfigUsePodUser = []byte("sharesUser") @@ -543,8 +543,8 @@ mainparse: state = fflib.FFParse_want_colon goto mainparse - } else if bytes.Equal(ffjKeyPodConfigUsePodMNT, kn) { - currentKey = ffjtPodConfigUsePodMNT + } else if bytes.Equal(ffjKeyPodConfigUsePodMount, kn) { + currentKey = ffjtPodConfigUsePodMount state = fflib.FFParse_want_colon goto mainparse @@ -585,8 +585,8 @@ mainparse: goto mainparse } - if fflib.EqualFoldRight(ffjKeyPodConfigUsePodMNT, kn) { - currentKey = ffjtPodConfigUsePodMNT + if fflib.EqualFoldRight(ffjKeyPodConfigUsePodMount, kn) { + currentKey = ffjtPodConfigUsePodMount state = fflib.FFParse_want_colon goto mainparse } @@ -689,8 +689,8 @@ mainparse: case ffjtPodConfigUsePodNet: goto handle_UsePodNet - case ffjtPodConfigUsePodMNT: - goto handle_UsePodMNT + case ffjtPodConfigUsePodMount: + goto handle_UsePodMount case ffjtPodConfigUsePodUser: goto handle_UsePodUser @@ -1067,9 +1067,9 @@ handle_UsePodNet: state = fflib.FFParse_after_value goto mainparse -handle_UsePodMNT: +handle_UsePodMount: - /* handler: j.UsePodMNT type=bool kind=bool quoted=false*/ + /* handler: j.UsePodMount type=bool kind=bool quoted=false*/ { if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { @@ -1085,11 +1085,11 @@ handle_UsePodMNT: if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - j.UsePodMNT = true + j.UsePodMount = true } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - j.UsePodMNT = false + j.UsePodMount = false } else { err = errors.New("unexpected bytes for true/false value") diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 762044dbd..a0b576bcd 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -88,7 +88,6 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. ctr.runtime = r var pod *Pod - if ctr.config.Pod != "" { // Get the pod from state pod, err = r.state.Pod(ctr.config.Pod) @@ -230,7 +229,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool) infraID := pod.state.InfraContainerID if c.ID() == infraID { - return errors.Errorf("an infra container cannot be removed without removing pod %s", pod.ID()) + return errors.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID()) } } diff --git a/libpod/runtime_pod.go b/libpod/runtime_pod.go index 19e32d1b0..b3dd7dabd 100644 --- a/libpod/runtime_pod.go +++ b/libpod/runtime_pod.go @@ -33,6 +33,14 @@ func (r *Runtime) RemovePod(ctx context.Context, p *Pod, removeCtrs, force bool) return ErrRuntimeStopped } + if !p.valid { + if ok, _ := r.state.HasPod(p.ID()); !ok { + // Pod probably already removed + // Or was never in the runtime to begin with + return nil + } + } + p.lock.Lock() defer p.lock.Unlock() diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index 9649a3138..39bd8d07a 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -6,6 +6,8 @@ import ( "context" "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/rootless" + "github.com/cri-o/ocicni/pkg/ocicni" "github.com/opencontainers/runtime-tools/generate" ) @@ -33,6 +35,11 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID options = append(options, WithName(containerName)) options = append(options, withIsInfra()) + // Since user namespace sharing is not implemented, we only need to check if it's rootless + portMappings := make([]ocicni.PortMapping, 0) + networks := make([]string, 0) + options = append(options, WithNetNS(portMappings, rootless.IsRootless(), networks)) + return r.newContainer(ctx, g.Config, options...) } diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index b4530081c..17629defe 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -115,12 +115,8 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod, } func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) error { - if !p.valid { - if ok, _ := r.state.HasPod(p.ID()); !ok { - // Pod probably already removed - // Or was never in the runtime to begin with - return nil - } + if err := p.updatePod(); err != nil { + return err } ctrs, err := r.state.PodContainers(p) @@ -131,9 +127,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) numCtrs := len(ctrs) // If the only container in the pod is the pause container, remove the pod and container unconditionally. - if err := p.updatePod(); err != nil { - return err - } pauseCtrID := p.state.InfraContainerID if numCtrs == 1 && ctrs[0].ID() == pauseCtrID { removeCtrs = true |