summaryrefslogtreecommitdiff
path: root/pkg/spec
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-08-21 07:31:00 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2018-08-31 14:42:32 -0400
commit27ca091c08674b1a34058c9639d60455023ffa30 (patch)
tree04bc6d9e5ab9b19e7728a90ff4d48b0e4efe515f /pkg/spec
parenta917f8fa2a0d9130d84bfda0c40bfe1af68d505c (diff)
downloadpodman-27ca091c08674b1a34058c9639d60455023ffa30.tar.gz
podman-27ca091c08674b1a34058c9639d60455023ffa30.tar.bz2
podman-27ca091c08674b1a34058c9639d60455023ffa30.zip
Add proper support for systemd inside of podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/spec')
-rw-r--r--pkg/spec/createconfig.go7
-rw-r--r--pkg/spec/spec.go43
2 files changed, 47 insertions, 3 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index c7eaeb9f7..486281200 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -115,9 +115,10 @@ type CreateConfig struct {
Resources CreateResourceConfig
Rm bool //rm
ShmDir string
- StopSignal syscall.Signal // stop-signal
- StopTimeout uint // stop-timeout
- Sysctl map[string]string //sysctl
+ StopSignal syscall.Signal // stop-signal
+ StopTimeout uint // stop-timeout
+ Sysctl map[string]string //sysctl
+ Systemd bool
Tmpfs []string // tmpfs
Tty bool //tty
UsernsMode container.UsernsMode //userns
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 26b93f5fe..11bc880cb 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -4,6 +4,7 @@ import (
"os"
"strings"
+ "github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/rootless"
"github.com/docker/docker/daemon/caps"
"github.com/docker/docker/pkg/mount"
@@ -221,6 +222,12 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
}
}
+ if config.Systemd && (strings.HasSuffix(config.Command[0], "init") ||
+ strings.HasSuffix(config.Command[0], "systemd")) {
+ if err := setupSystemd(config, &g); err != nil {
+ return nil, errors.Wrap(err, "failed to setup systemd")
+ }
+ }
for _, i := range config.Tmpfs {
// Default options if nothing passed
options := []string{"rw", "private", "noexec", "nosuid", "nodev", "size=65536k"}
@@ -353,6 +360,42 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
}
}
+// systemd expects to have /run, /run/lock and /tmp on tmpfs
+// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
+
+func setupSystemd(config *CreateConfig, g *generate.Generator) error {
+ mounts, err := config.GetVolumeMounts([]spec.Mount{})
+ if err != nil {
+ return err
+ }
+ options := []string{"rw", "private", "noexec", "nosuid", "nodev"}
+ for _, dest := range []string{"/run", "/run/lock", "/sys/fs/cgroup/systemd"} {
+ if libpod.MountExists(mounts, dest) {
+ continue
+ }
+ tmpfsMnt := spec.Mount{
+ Destination: dest,
+ Type: "tmpfs",
+ Source: "tmpfs",
+ Options: append(options, "tmpcopyup", "size=65536k"),
+ }
+ g.AddMount(tmpfsMnt)
+ }
+ for _, dest := range []string{"/tmp", "/var/log/journal"} {
+ if libpod.MountExists(mounts, dest) {
+ continue
+ }
+ tmpfsMnt := spec.Mount{
+ Destination: dest,
+ Type: "tmpfs",
+ Source: "tmpfs",
+ Options: append(options, "tmpcopyup"),
+ }
+ g.AddMount(tmpfsMnt)
+ }
+ return nil
+}
+
func addPidNS(config *CreateConfig, g *generate.Generator) error {
pidMode := config.PidMode
if IsNS(string(pidMode)) {