summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorhaircommander <pehunt@redhat.com>2018-07-27 13:58:50 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-23 18:16:28 +0000
commitd5e690914dc78eca8664442e7677eb5004522bfd (patch)
tree3f7ed30e4302c871c16126a0032b8a3d51c46f98 /pkg
parent63dd200e7e47261454c7e55fed2ad972144e147f (diff)
downloadpodman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.gz
podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.bz2
podman-d5e690914dc78eca8664442e7677eb5004522bfd.zip
Added option to share kernel namespaces in libpod and podman
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
Diffstat (limited to 'pkg')
-rw-r--r--pkg/inspect/inspect.go1
-rw-r--r--pkg/spec/createconfig.go17
-rw-r--r--pkg/spec/parse.go17
-rw-r--r--pkg/spec/spec.go6
-rw-r--r--pkg/varlinkapi/pods.go2
5 files changed, 42 insertions, 1 deletions
diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go
index d2c9e79a5..be3818db8 100644
--- a/pkg/inspect/inspect.go
+++ b/pkg/inspect/inspect.go
@@ -170,6 +170,7 @@ type ContainerInspectData struct {
NetworkSettings *NetworkSettings `json:"NetworkSettings"` //TODO
ExitCommand []string `json:"ExitCommand"`
Namespace string `json:"Namespace"`
+ IsPause bool `json:"IsPause"`
}
// ContainerInspectState represents the state of a container.
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index 6df6fb480..dd1cd5833 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -364,6 +364,9 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
networks := make([]string, 0)
userNetworks := c.NetMode.UserDefined()
+ if IsPod(userNetworks) {
+ userNetworks = ""
+ }
if userNetworks != "" {
for _, netName := range strings.Split(userNetworks, ",") {
if netName == "" {
@@ -381,6 +384,8 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer())
}
options = append(options, libpod.WithNetNSFrom(connectedCtr))
+ } else if IsPod(string(c.NetMode)) {
+ options = append(options, libpod.WithNetNSFromPod())
} else if !c.NetMode.IsHost() && !c.NetMode.IsNone() {
isRootless := rootless.IsRootless()
postConfigureNetNS := isRootless || (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost()
@@ -398,6 +403,10 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
options = append(options, libpod.WithPIDNSFrom(connectedCtr))
}
+ if IsPod(string(c.PidMode)) {
+ options = append(options, libpod.WithPIDNSFromPod())
+ }
+
if c.IpcMode.IsContainer() {
connectedCtr, err := c.Runtime.LookupContainer(c.IpcMode.Container())
if err != nil {
@@ -406,7 +415,15 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
options = append(options, libpod.WithIPCNSFrom(connectedCtr))
}
+ if IsPod(string(c.IpcMode)) {
+ options = append(options, libpod.WithIPCNSFromPod())
+ }
+
+ if IsPod(string(c.UtsMode)) {
+ options = append(options, libpod.WithUTSNSFromPod())
+ }
+ // TODO: MNT, USER, CGROUP
options = append(options, libpod.WithStopSignal(c.StopSignal))
options = append(options, libpod.WithStopTimeout(c.StopTimeout))
if len(c.DNSSearch) > 0 {
diff --git a/pkg/spec/parse.go b/pkg/spec/parse.go
index d34e10760..4cdc62de6 100644
--- a/pkg/spec/parse.go
+++ b/pkg/spec/parse.go
@@ -18,12 +18,29 @@ func (w *weightDevice) String() string {
return fmt.Sprintf("%s:%d", w.path, w.weight)
}
+// LinuxNS is a struct that contains namespace information
+// It implemented Valid to show it is a valid namespace
+type LinuxNS interface {
+ Valid() bool
+}
+
// IsNS returns if the specified string has a ns: prefix
func IsNS(s string) bool {
parts := strings.SplitN(s, ":", 2)
return len(parts) > 1 && parts[0] == "ns"
}
+// IsPod returns if the specified string is pod
+func IsPod(s string) bool {
+ return s == "pod"
+}
+
+// Valid checks the validity of a linux namespace
+// s should be the string representation of ns
+func Valid(s string, ns LinuxNS) bool {
+ return IsPod(s) || IsNS(s) || ns.Valid()
+}
+
// NS is the path to the namespace to join.
func NS(s string) string {
parts := strings.SplitN(s, ":", 2)
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 7323b2d2b..8d8a07a2e 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -349,6 +349,9 @@ func addPidNS(config *CreateConfig, g *generate.Generator) error {
if pidMode.IsContainer() {
logrus.Debug("using container pidmode")
}
+ if IsPod(string(pidMode)) {
+ logrus.Debug("using pod pidmode")
+ }
return nil
}
@@ -384,6 +387,9 @@ func addNetNS(config *CreateConfig, g *generate.Generator) error {
} else if IsNS(string(netMode)) {
logrus.Debug("Using ns netmode")
return g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, NS(string(netMode)))
+ } else if IsPod(string(netMode)) {
+ logrus.Debug("Using pod netmode, unless pod is not sharing")
+ return nil
} else if netMode.IsUserDefined() {
logrus.Debug("Using user defined netmode")
return nil
diff --git a/pkg/varlinkapi/pods.go b/pkg/varlinkapi/pods.go
index 9e49ab687..6252d815b 100644
--- a/pkg/varlinkapi/pods.go
+++ b/pkg/varlinkapi/pods.go
@@ -23,7 +23,7 @@ func (i *LibpodAPI) CreatePod(call iopodman.VarlinkCall, create iopodman.PodCrea
}
options = append(options, libpod.WithPodCgroups())
- pod, err := i.Runtime.NewPod(options...)
+ pod, err := i.Runtime.NewPod(getContext(), options...)
if err != nil {
return call.ReplyErrorOccurred(err.Error())
}