diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2018-09-08 06:58:47 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-09-11 13:31:55 +0000 |
| commit | d9580ec62b716d7c8e861dd27c4b452f2419eb65 (patch) | |
| tree | a1c236f7c728122703757900cf1b78919ad32c84 /pkg | |
| parent | 123de3087e142f3a6c05ad35fc2095953065415b (diff) | |
| download | podman-d9580ec62b716d7c8e861dd27c4b452f2419eb65.tar.gz podman-d9580ec62b716d7c8e861dd27c4b452f2419eb65.tar.bz2 podman-d9580ec62b716d7c8e861dd27c4b452f2419eb65.zip | |
Pass on securityOpts from podInfraContainer to container added to pod.
This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way.
Signed-off-by: haircommander <pehunt@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1347
Approved by: mheon
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/spec/createconfig.go | 8 | ||||
| -rw-r--r-- | pkg/spec/parse.go | 6 |
2 files changed, 3 insertions, 11 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 0b7ee993d..3cca345b4 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -385,8 +385,6 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer()) } options = append(options, libpod.WithNetNSFrom(connectedCtr)) - } else if IsPod(string(c.NetMode)) { - options = append(options, libpod.WithNetNSFromPod(pod)) } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { isRootless := rootless.IsRootless() postConfigureNetNS := isRootless || (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost() @@ -404,9 +402,6 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib options = append(options, libpod.WithPIDNSFrom(connectedCtr)) } - if IsPod(string(c.PidMode)) { - options = append(options, libpod.WithPIDNSFromPod(pod)) - } if c.IpcMode.IsContainer() { connectedCtr, err := c.Runtime.LookupContainer(c.IpcMode.Container()) @@ -416,9 +411,6 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib options = append(options, libpod.WithIPCNSFrom(connectedCtr)) } - if IsPod(string(c.IpcMode)) { - options = append(options, libpod.WithIPCNSFromPod(pod)) - } if IsPod(string(c.UtsMode)) { options = append(options, libpod.WithUTSNSFromPod(pod)) diff --git a/pkg/spec/parse.go b/pkg/spec/parse.go index dc4f50a3e..9b2dd1347 100644 --- a/pkg/spec/parse.go +++ b/pkg/spec/parse.go @@ -8,9 +8,9 @@ import ( "github.com/docker/go-units" ) -// POD signifies a kernel namespace is being shared +// Pod signifies a kernel namespace is being shared // by a container with the pod it is associated with -const POD = "pod" +const Pod = "pod" // weightDevice is a structure that holds device:weight pair type weightDevice struct { @@ -36,7 +36,7 @@ func IsNS(s string) bool { // IsPod returns if the specified string is pod func IsPod(s string) bool { - return s == POD + return s == Pod } // Valid checks the validity of a linux namespace |