diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-07-15 17:30:16 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-15 17:30:16 -0400 |
commit | 12b67aaf62b6e99f94db7ea89dad87f16a9fbd86 (patch) | |
tree | ce0c74860f2ccaeb7e85dceb4bbd370d1b282b93 /libpod | |
parent | 9d87dc74084b9b1ae67106a23cf3ed5327ca0681 (diff) | |
parent | f7321681d04d65da3b307d1e5e4ba12c42b5c456 (diff) | |
download | podman-12b67aaf62b6e99f94db7ea89dad87f16a9fbd86.tar.gz podman-12b67aaf62b6e99f94db7ea89dad87f16a9fbd86.tar.bz2 podman-12b67aaf62b6e99f94db7ea89dad87f16a9fbd86.zip |
Merge pull request #10894 from cdoern/pidPod
podman pod create --pid flag
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/define/pod_inspect.go | 2 | ||||
-rw-r--r-- | libpod/options.go | 20 | ||||
-rw-r--r-- | libpod/pod.go | 7 | ||||
-rw-r--r-- | libpod/pod_api.go | 1 | ||||
-rw-r--r-- | libpod/runtime_pod_infra_linux.go | 12 | ||||
-rw-r--r-- | libpod/runtime_pod_linux.go | 1 |
6 files changed, 43 insertions, 0 deletions
diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go index 67f075b3c..a17304875 100644 --- a/libpod/define/pod_inspect.go +++ b/libpod/define/pod_inspect.go @@ -103,6 +103,8 @@ type InspectPodInfraConfig struct { CPUQuota int64 `json:"cpu_quota,omitempty"` // CPUSetCPUs contains linux specific CPU data for the container CPUSetCPUs string `json:"cpuset_cpus,omitempty"` + // Pid is the PID namespace mode of the pod's infra container + PidNS string `json:"pid_ns,omitempty"` } // InspectPodContainerInfo contains information on a container in a pod. diff --git a/libpod/options.go b/libpod/options.go index b12153512..bc563d60c 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -16,6 +16,7 @@ import ( "github.com/containers/podman/v3/libpod/events" "github.com/containers/podman/v3/pkg/namespaces" "github.com/containers/podman/v3/pkg/rootless" + "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" @@ -2397,3 +2398,22 @@ func WithPodCPUSetCPUs(inp string) PodCreateOption { return nil } } + +func WithPodPidNS(inp specgen.Namespace) PodCreateOption { + return func(p *Pod) error { + if p.valid { + return define.ErrPodFinalized + } + if p.config.UsePodPID { + switch inp.NSMode { + case "container": + return errors.Wrap(define.ErrInvalidArg, "Cannot take container in a different NS as an argument") + case "host": + p.config.UsePodPID = false + } + p.config.InfraContainer.PidNS = inp + } + + return nil + } +} diff --git a/libpod/pod.go b/libpod/pod.go index d7a9b15d9..c03059c82 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -7,6 +7,7 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/lock" + "github.com/containers/podman/v3/pkg/specgen" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" @@ -97,6 +98,7 @@ type InfraContainerConfig struct { HasInfraContainer bool `json:"makeInfraContainer"` NoNetwork bool `json:"noNetwork,omitempty"` HostNetwork bool `json:"infraHostNetwork,omitempty"` + PidNS specgen.Namespace `json:"infraPid,omitempty"` PortBindings []ocicni.PortMapping `json:"infraPortBindings"` StaticIP net.IP `json:"staticIP,omitempty"` StaticMAC net.HardwareAddr `json:"staticMAC,omitempty"` @@ -170,6 +172,11 @@ func (p *Pod) CPUQuota() int64 { return 0 } +// PidMode returns the PID mode given by the user ex: pod, private... +func (p *Pod) PidMode() string { + return string(p.config.InfraContainer.PidNS.NSMode) +} + // Labels returns the pod's labels func (p *Pod) Labels() map[string]string { labels := make(map[string]string) diff --git a/libpod/pod_api.go b/libpod/pod_api.go index d8f5d15f8..1ab012a8b 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -541,6 +541,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { infraConfig.CPUPeriod = p.CPUPeriod() infraConfig.CPUQuota = p.CPUQuota() infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus + infraConfig.PidNS = p.PidMode() if len(p.config.InfraContainer.DNSServer) > 0 { infraConfig.DNSServer = make([]string, 0, len(p.config.InfraContainer.DNSServer)) diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index 6b002f65a..8342352ec 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -145,6 +145,18 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm if len(p.config.InfraContainer.ExitCommand) > 0 { options = append(options, WithExitCommand(p.config.InfraContainer.ExitCommand)) } + + if p.config.UsePodPID && p.config.InfraContainer.PidNS.NSMode != "host" { + g.AddOrReplaceLinuxNamespace(string(spec.LinuxNamespaceType("pid")), p.config.InfraContainer.PidNS.Value) + } else if p.config.InfraContainer.PidNS.NSMode == "host" { + newNS := []spec.LinuxNamespace{} + for _, entry := range g.Config.Linux.Namespaces { + if entry.Type != spec.LinuxNamespaceType("pid") { + newNS = append(newNS, entry) + } + } + g.Config.Linux.Namespaces = newNS + } } g.SetRootReadonly(true) g.SetProcessArgs(infraCtrCommand) diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 4ede23cac..fce3f38a7 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -116,6 +116,7 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (_ *Po if pod.config.UsePodCgroup { logrus.Debugf("Got pod cgroup as %s", pod.state.CgroupPath) } + if !pod.HasInfraContainer() && pod.SharesNamespaces() { return nil, errors.Errorf("Pods must have an infra container to share namespaces") } |