diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-06-09 15:49:21 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-09 15:49:21 -0400 |
commit | e7db6d4893fe4c583dc492f4870a16085f3c9f70 (patch) | |
tree | 615e9078760ce3b0b7a2ad382ca5e1b2c266a377 /pkg | |
parent | 0405e7c161dab4cfc9fdc846b83ca585156e25a1 (diff) | |
parent | b13fc1bf983860d0627155ddbbbf28bf09e29a9e (diff) | |
download | podman-e7db6d4893fe4c583dc492f4870a16085f3c9f70.tar.gz podman-e7db6d4893fe4c583dc492f4870a16085f3c9f70.tar.bz2 podman-e7db6d4893fe4c583dc492f4870a16085f3c9f70.zip |
Merge pull request #14480 from cdoern/infra
patch for pod host networking & other host namespace handling
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 4735111c8..4224d16ce 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -19,6 +19,8 @@ import ( "github.com/sirupsen/logrus" ) +const host = "host" + // Get the default namespace mode for any given namespace type. func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) (specgen.Namespace, error) { // The default for most is private @@ -33,19 +35,38 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) podMode := false switch { case nsType == "pid" && pod.SharesPID(): + if pod.NamespaceMode(spec.PIDNamespace) == host { + toReturn.NSMode = specgen.Host + return toReturn, nil + } podMode = true case nsType == "ipc" && pod.SharesIPC(): + if pod.NamespaceMode(spec.IPCNamespace) == host { + toReturn.NSMode = specgen.Host + return toReturn, nil + } podMode = true case nsType == "uts" && pod.SharesUTS(): + if pod.NamespaceMode(spec.UTSNamespace) == host { + toReturn.NSMode = specgen.Host + return toReturn, nil + } podMode = true case nsType == "user" && pod.SharesUser(): + // user does not need a special check for host, this is already validated on pod creation + // if --userns=host then pod.SharesUser == false podMode = true case nsType == "net" && pod.SharesNet(): + if pod.NetworkMode() == host { + toReturn.NSMode = specgen.Host + return toReturn, nil + } podMode = true - case nsType == "net" && pod.NetworkMode() == "host": - toReturn.NSMode = specgen.Host - return toReturn, nil case nsType == "cgroup" && pod.SharesCgroup(): + if pod.NamespaceMode(spec.CgroupNamespace) == host { + toReturn.NSMode = specgen.Host + return toReturn, nil + } podMode = true } if podMode { @@ -491,10 +512,7 @@ func GetNamespaceOptions(ns []string, netnsIsHost bool) ([]libpod.PodCreateOptio case "cgroup": options = append(options, libpod.WithPodCgroup()) case "net": - // share the netns setting with other containers in the pod only when it is not set to host - if !netnsIsHost { - options = append(options, libpod.WithPodNet()) - } + options = append(options, libpod.WithPodNet()) case "mnt": return erroredOptions, errors.Errorf("Mount sharing functionality not supported on pod level") case "pid": |