diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2020-04-30 08:40:16 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-05-01 15:00:33 -0400 |
| commit | 97fcbfcbec4c754f2c5a71daadbf933a6ebb0634 (patch) | |
| tree | 7a1011275dea1080277c0fc4f9761757a56aaf76 /pkg | |
| parent | 4a2765c4989df88681c18333c1ae45017e09613a (diff) | |
| download | podman-97fcbfcbec4c754f2c5a71daadbf933a6ebb0634.tar.gz podman-97fcbfcbec4c754f2c5a71daadbf933a6ebb0634.tar.bz2 podman-97fcbfcbec4c754f2c5a71daadbf933a6ebb0634.zip | |
cgroupsns was not following containers.conf
Implement ParseCgroupsNamespace to handle defaults.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/specgen/generate/namespaces.go | 54 | ||||
| -rw-r--r-- | pkg/specgen/namespaces.go | 39 |
2 files changed, 52 insertions, 41 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index a8b74b504..5c065cdda 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -7,7 +7,6 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/define" - "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/specgen" "github.com/containers/libpod/pkg/util" @@ -49,51 +48,26 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) } } - // If we have containers.conf and are not using cgroupns, use that. - if cfg != nil && nsType != "cgroup" { - switch nsType { - case "pid": - return specgen.ParseNamespace(cfg.Containers.PidNS) - case "ipc": - return specgen.ParseNamespace(cfg.Containers.IPCNS) - case "uts": - return specgen.ParseNamespace(cfg.Containers.UTSNS) - case "user": - return specgen.ParseUserNamespace(cfg.Containers.UserNS) - case "net": - ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS) - return ns, err - } + if cfg == nil { + cfg = &config.Config{} } - switch nsType { - case "pid", "ipc", "uts": - // PID, IPC, UTS both default to private, do nothing + case "pid": + return specgen.ParseNamespace(cfg.Containers.PidNS) + case "ipc": + return specgen.ParseNamespace(cfg.Containers.IPCNS) + case "uts": + return specgen.ParseNamespace(cfg.Containers.UTSNS) case "user": - // User namespace always defaults to host - toReturn.NSMode = specgen.Host - case "net": - // Net defaults to Slirp on rootless, Bridge otherwise. - if rootless.IsRootless() { - toReturn.NSMode = specgen.Slirp - } else { - toReturn.NSMode = specgen.Bridge - } + return specgen.ParseUserNamespace(cfg.Containers.UserNS) case "cgroup": - // Cgroup is host for v1, private for v2. - // We can't trust c/common for this, as it only assumes private. - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return toReturn, err - } - if !cgroupsv2 { - toReturn.NSMode = specgen.Host - } - default: - return toReturn, errors.Wrapf(define.ErrInvalidArg, "invalid namespace type %s passed", nsType) + return specgen.ParseCgroupNamespace(cfg.Containers.CgroupNS) + case "net": + ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS) + return ns, err } - return toReturn, nil + return toReturn, errors.Wrapf(define.ErrInvalidArg, "invalid namespace type %q passed", nsType) } // GenerateNamespaceOptions generates container creation options for all diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 396563267..11dee1986 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -3,6 +3,8 @@ package specgen import ( "strings" + "github.com/containers/libpod/pkg/cgroups" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" ) @@ -163,7 +165,7 @@ func ParseNamespace(ns string) (Namespace, error) { toReturn.NSMode = FromPod case ns == "host": toReturn.NSMode = Host - case ns == "private": + case ns == "private", ns == "": toReturn.NSMode = Private case strings.HasPrefix(ns, "ns:"): split := strings.SplitN(ns, ":", 2) @@ -186,6 +188,31 @@ func ParseNamespace(ns string) (Namespace, error) { return toReturn, nil } +// ParseCgroupNamespace parses a cgroup namespace specification in string +// form. +func ParseCgroupNamespace(ns string) (Namespace, error) { + toReturn := Namespace{} + // Cgroup is host for v1, private for v2. + // We can't trust c/common for this, as it only assumes private. + cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return toReturn, err + } + if cgroupsv2 { + switch ns { + case "host": + toReturn.NSMode = Host + case "private", "": + toReturn.NSMode = Private + default: + return toReturn, errors.Errorf("unrecognized namespace mode %s passed", ns) + } + } else { + toReturn.NSMode = Host + } + return toReturn, nil +} + // ParseUserNamespace parses a user namespace specification in string // form. func ParseUserNamespace(ns string) (Namespace, error) { @@ -205,6 +232,9 @@ func ParseUserNamespace(ns string) (Namespace, error) { case ns == "keep-id": toReturn.NSMode = KeepID return toReturn, nil + case ns == "": + toReturn.NSMode = Host + return toReturn, nil } return ParseNamespace(ns) } @@ -215,11 +245,18 @@ func ParseUserNamespace(ns string) (Namespace, error) { func ParseNetworkNamespace(ns string) (Namespace, []string, error) { toReturn := Namespace{} var cniNetworks []string + // Net defaults to Slirp on rootless switch { case ns == "slirp4netns": toReturn.NSMode = Slirp case ns == "pod": toReturn.NSMode = FromPod + case ns == "": + if rootless.IsRootless() { + toReturn.NSMode = Slirp + } else { + toReturn.NSMode = Bridge + } case ns == "bridge": toReturn.NSMode = Bridge case ns == "none": |