diff options
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | libpod/container_internal.go | 4 | ||||
| -rw-r--r-- | pkg/selinux/selinux.go | 8 | ||||
| -rw-r--r-- | pkg/specgen/generate/namespaces.go | 2 | ||||
| -rw-r--r-- | test/e2e/run_cgroup_parent_test.go | 1 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/pkg/config/default.go | 7 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
8 files changed, 17 insertions, 13 deletions
@@ -10,7 +10,7 @@ require ( github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 github.com/containernetworking/plugins v0.8.5 github.com/containers/buildah v1.14.8 - github.com/containers/common v0.9.4 + github.com/containers/common v0.9.5 github.com/containers/conmon v2.0.14+incompatible github.com/containers/image/v5 v5.4.3 github.com/containers/psgo v1.4.0 @@ -66,8 +66,8 @@ github.com/containernetworking/plugins v0.8.5/go.mod h1:UZ2539umj8djuRQmBxuazHeJ github.com/containers/buildah v1.14.8 h1:JbMI0QSOmyZ30Mr2633uCXAj+Fajgh/EFS9xX/Y14oQ= github.com/containers/buildah v1.14.8/go.mod h1:ytEjHJQnRXC1ygXMyc0FqYkjcoCydqBQkOdxbH563QU= github.com/containers/common v0.8.1/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= -github.com/containers/common v0.9.4 h1:Rh4vZRT4XJ+lQouE2XpOXr/xV/+wxv4pE7ZmdxmjRt8= -github.com/containers/common v0.9.4/go.mod h1:9YGKPwu6NFYQG2NtSP9bRhNGA8mgd1mUCCkOU2tr+Pc= +github.com/containers/common v0.9.5 h1:rqGMfYuD1euB38kW2sbQQTRelnrXPQ1E2vkcOP9HNnA= +github.com/containers/common v0.9.5/go.mod h1:9YGKPwu6NFYQG2NtSP9bRhNGA8mgd1mUCCkOU2tr+Pc= github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROaehizK9FHaICl+P5Y= github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs= diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 4cb80a98b..3fcf687ec 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -435,12 +435,12 @@ func (c *Container) setupStorage(ctx context.Context) error { processLabel := containerInfo.ProcessLabel switch { case c.ociRuntime.SupportsKVM(): - processLabel, err = selinux.SELinuxKVMLabel(processLabel) + processLabel, err = selinux.KVMLabel(processLabel) if err != nil { return err } case c.config.Systemd: - processLabel, err = selinux.SELinuxInitLabel(processLabel) + processLabel, err = selinux.InitLabel(processLabel) if err != nil { return err } diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go index 975519cce..6b6d065f7 100644 --- a/pkg/selinux/selinux.go +++ b/pkg/selinux/selinux.go @@ -4,8 +4,8 @@ import ( "github.com/opencontainers/selinux/go-selinux" ) -// SELinuxKVMLabel returns labels for running kvm isolated containers -func SELinuxKVMLabel(cLabel string) (string, error) { +// KVMLabel returns labels for running kvm isolated containers +func KVMLabel(cLabel string) (string, error) { if cLabel == "" { // selinux is disabled return "", nil @@ -15,8 +15,8 @@ func SELinuxKVMLabel(cLabel string) (string, error) { return swapSELinuxLabel(cLabel, processLabel) } -// SELinuxInitLabel returns labels for running systemd based containers -func SELinuxInitLabel(cLabel string) (string, error) { +// InitLabel returns labels for running systemd based containers +func InitLabel(cLabel string) (string, error) { if cLabel == "" { // selinux is disabled return "", nil diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 2aaeb9513..2e0e088bf 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -26,7 +26,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) nsType = strings.ToLower(nsType) // If the pod is not nil - check shared namespaces - if pod != nil { + if pod != nil && pod.HasInfraContainer() { podMode := false switch { case nsType == "pid" && pod.SharesPID(): diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index 69b4f920c..14294eeac 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -18,7 +18,6 @@ var _ = Describe("Podman run with --cgroup-parent", func() { ) BeforeEach(func() { - Skip(v2fail) SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index d0f8649c5..446382ac7 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -141,13 +141,18 @@ func DefaultConfig() (*Config, error) { netns = "slirp4netns" } + cgroupNS := "host" + if cgroup2, _ := cgroupv2.Enabled(); cgroup2 { + cgroupNS = "private" + } + return &Config{ Containers: ContainersConfig{ Devices: []string{}, Volumes: []string{}, Annotations: []string{}, ApparmorProfile: DefaultApparmorProfile, - CgroupNS: "private", + CgroupNS: cgroupNS, Cgroups: "enabled", DefaultCapabilities: DefaultCapabilities, DefaultSysctls: []string{}, diff --git a/vendor/modules.txt b/vendor/modules.txt index ba7990fb7..782a905a1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.9.4 +# github.com/containers/common v0.9.5 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/auth github.com/containers/common/pkg/capabilities |