aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorcdoern <cdoern@redhat.com>2021-07-07 17:00:30 -0400
committercdoern <cdoern@redhat.com>2021-07-15 10:34:09 -0400
commitf7321681d04d65da3b307d1e5e4ba12c42b5c456 (patch)
tree8479b72f55d61a400a1eef4c3540fdb32d4e64d5 /pkg
parent1a9cb93f16cf19e14581319e2fd1b60e791f74dd (diff)
downloadpodman-f7321681d04d65da3b307d1e5e4ba12c42b5c456.tar.gz
podman-f7321681d04d65da3b307d1e5e4ba12c42b5c456.tar.bz2
podman-f7321681d04d65da3b307d1e5e4ba12c42b5c456.zip
podman pod create --pid flag
added support for --pid flag. User can specify ns:file, pod, private, or host. container returns an error since you cannot point the ns of the pods infra container to a container outside of the pod. Signed-off-by: cdoern <cdoern@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/domain/entities/pods.go21
-rw-r--r--pkg/specgen/generate/pod_create.go4
-rw-r--r--pkg/specgen/podspecgen.go4
3 files changed, 29 insertions, 0 deletions
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 35f940bca..a0a2a1790 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -118,6 +118,7 @@ type PodCreateOptions struct {
Name string
Net *NetOptions
Share []string
+ Pid string
Cpus float64
CpusetCpus string
}
@@ -146,6 +147,18 @@ func (p *PodCreateOptions) CPULimits() *specs.LinuxCPU {
return cpu
}
+func setNamespaces(p *PodCreateOptions) ([4]specgen.Namespace, error) {
+ allNS := [4]specgen.Namespace{}
+ if p.Pid != "" {
+ pid, err := specgen.ParseNamespace(p.Pid)
+ if err != nil {
+ return [4]specgen.Namespace{}, err
+ }
+ allNS[0] = pid
+ }
+ return allNS, nil
+}
+
func (p *PodCreateOptions) ToPodSpecGen(s *specgen.PodSpecGenerator) error {
// Basic Config
s.Name = p.Name
@@ -178,6 +191,14 @@ func (p *PodCreateOptions) ToPodSpecGen(s *specgen.PodSpecGenerator) error {
s.NoManageHosts = p.Net.NoHosts
s.HostAdd = p.Net.AddHosts
+ namespaces, err := setNamespaces(p)
+ if err != nil {
+ return err
+ }
+ if !namespaces[0].IsDefault() {
+ s.Pid = namespaces[0]
+ }
+
// Cgroup
s.CgroupParent = p.CGroupParent
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 023ebb41e..4ffd8a37f 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -102,6 +102,10 @@ func createPodOptions(p *specgen.PodSpecGenerator, rt *libpod.Runtime) ([]libpod
options = append(options, libpod.WithInfraCommand(p.InfraCommand))
}
+ if !p.Pid.IsDefault() {
+ options = append(options, libpod.WithPodPidNS(p.Pid))
+ }
+
switch p.NetNS.NSMode {
case specgen.Default, "":
if p.NoInfra {
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index 000a787ea..319345c71 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -57,6 +57,10 @@ type PodBasicConfig struct {
// (e.g. `podman generate systemd --new`).
// Optional.
PodCreateCommand []string `json:"pod_create_command,omitempty"`
+ // Pid sets the process id namespace of the pod
+ // Optional (defaults to private if unset). This sets the PID namespace of the infra container
+ // This configuration will then be shared with the entire pod if PID namespace sharing is enabled via --share
+ Pid Namespace `json:"pid,omitempty:"`
}
// PodNetworkConfig contains networking configuration for a pod.