summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/pod_create.go27
-rw-r--r--cmd/podman/shared/pod.go33
-rw-r--r--cmd/podman/varlink/io.podman.varlink11
-rw-r--r--libpod/pod.go5
-rw-r--r--pkg/varlinkapi/pods.go14
5 files changed, 62 insertions, 28 deletions
diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go
index 6975c9386..f5bb29c35 100644
--- a/cmd/podman/pod_create.go
+++ b/cmd/podman/pod_create.go
@@ -6,6 +6,7 @@ import (
"strings"
"github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -116,29 +117,11 @@ func podCreateCmd(c *cli.Context) error {
if c.BoolT("pause") {
options = append(options, libpod.WithPauseContainer())
- for _, toShare := range strings.Split(c.String("share"), ",") {
- switch toShare {
- case "net":
- options = append(options, libpod.WithPodNet())
- case "mnt":
- //options = append(options, libpod.WithPodMNT())
- logrus.Debug("Mount Namespace sharing functionality not supported")
- case "pid":
- options = append(options, libpod.WithPodPID())
- case "user":
- // Note: more set up needs to be done before this doesn't error out a create.
- logrus.Debug("User Namespace sharing functionality not supported")
- case "ipc":
- options = append(options, libpod.WithPodIPC())
- case "uts":
- options = append(options, libpod.WithPodUTS())
- case "":
- case "none":
- continue
- default:
- return errors.Errorf("Invalid kernel namespace to share: %s. Options are: %s, or none", toShare, strings.Join(libpod.KernelNamespaces, ","))
- }
+ nsOptions, err := shared.GetNamespaceOptions(strings.Split(c.String("share"), ","))
+ if err != nil {
+ return err
}
+ options = append(options, nsOptions...)
}
// always have containers use pod cgroups
diff --git a/cmd/podman/shared/pod.go b/cmd/podman/shared/pod.go
index c660bcf9e..99f9f6031 100644
--- a/cmd/podman/shared/pod.go
+++ b/cmd/podman/shared/pod.go
@@ -2,6 +2,7 @@ package shared
import (
"github.com/containers/libpod/libpod"
+ "github.com/pkg/errors"
)
const (
@@ -60,3 +61,35 @@ func GetPodStatus(pod *libpod.Pod) (string, error) {
}
return created, nil
}
+
+// GetNamespaceOptions transforms a slice of kernel namespaces
+// into a slice of pod create options. Currently, not all
+// kernel namespaces are supported, and they will be returned in an error
+func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) {
+ var options []libpod.PodCreateOption
+ var erroredOptions []libpod.PodCreateOption
+ for _, toShare := range ns {
+ switch toShare {
+ case "net":
+ options = append(options, libpod.WithPodNet())
+ case "mnt":
+ //options = append(options, libpod.WithPodMNT())
+ return erroredOptions, errors.Errorf("Mount sharing functionality not supported on pod level")
+ case "pid":
+ options = append(options, libpod.WithPodPID())
+ case "user":
+ // Note: more set up needs to be done before this doesn't error out a create.
+ return erroredOptions, errors.Errorf("User sharing functionality not supported on pod level")
+ case "ipc":
+ options = append(options, libpod.WithPodIPC())
+ case "uts":
+ options = append(options, libpod.WithPodUTS())
+ case "":
+ case "none":
+ return erroredOptions, nil
+ default:
+ return erroredOptions, errors.Errorf("Invalid kernel namespace to share: %s. Options are: net, pid, ipc, uts or none", toShare)
+ }
+ }
+ return options, nil
+}
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index cd75b3b5f..5c122d86f 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -335,10 +335,15 @@ type ListPodContainerInfo (
)
# PodCreate is an input structure for creating pods.
+# It emulates options to podman pod create, however
+# changing pause image name and pause container
+# is not currently supported
type PodCreate (
name: string,
cgroupParent: string,
- labels: [string]string
+ labels: [string]string,
+ share: []string,
+ pause: bool
)
# ListPodData is the returned struct for an individual pod
@@ -651,6 +656,10 @@ method PullImage(name: string) -> (id: string)
# "pod": "b05dee7bd4ccfee688099fe1588a7a898d6ddd6897de9251d4671c9b0feacb2a"
# }
#
+# $ varlink call unix:/run/podman/io.podman/io.podman.CreatePod '{"create": {"pause": true, "share": ["ipc", "net", "uts"]}}'
+# {
+# "pod": "d7697449a8035f613c1a8891286502aca68fff7d5d49a85279b3bda229af3b28"
+# }
# ~~~
method CreatePod(create: PodCreate) -> (pod: string)
diff --git a/libpod/pod.go b/libpod/pod.go
index e70cd9138..627711cdb 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -7,11 +7,6 @@ import (
"github.com/pkg/errors"
)
-var (
- // KernelNamespaces is a list of the kernel namespaces a pod can share
- KernelNamespaces = []string{"ipc", "net", "pid", "user", "mnt", "uts", "cgroup"}
-)
-
// Pod represents a group of containers that are managed together.
// Any operations on a Pod that access state must begin with a call to
// updatePod().
diff --git a/pkg/varlinkapi/pods.go b/pkg/varlinkapi/pods.go
index 6252d815b..657aa0baf 100644
--- a/pkg/varlinkapi/pods.go
+++ b/pkg/varlinkapi/pods.go
@@ -21,6 +21,20 @@ func (i *LibpodAPI) CreatePod(call iopodman.VarlinkCall, create iopodman.PodCrea
if create.Name != "" {
options = append(options, libpod.WithPodName(create.Name))
}
+ if len(create.Share) > 0 && !create.Pause {
+ return call.ReplyErrorOccurred("You cannot share kernel namespaces on the pod level without a pause container")
+ }
+ if len(create.Share) == 0 && create.Pause {
+ return call.ReplyErrorOccurred("You must share kernel namespaces to run a pause container")
+ }
+ if create.Pause {
+ options = append(options, libpod.WithPauseContainer())
+ nsOptions, err := shared.GetNamespaceOptions(create.Share)
+ if err != nil {
+ return err
+ }
+ options = append(options, nsOptions...)
+ }
options = append(options, libpod.WithPodCgroups())
pod, err := i.Runtime.NewPod(getContext(), options...)