diff options
-rw-r--r-- | cmd/podman/pod_create.go | 27 | ||||
-rw-r--r-- | cmd/podman/shared/pod.go | 33 | ||||
-rw-r--r-- | cmd/podman/varlink/io.podman.varlink | 11 | ||||
-rw-r--r-- | libpod/pod.go | 5 | ||||
-rw-r--r-- | pkg/varlinkapi/pods.go | 14 |
5 files changed, 62 insertions, 28 deletions
diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go index 6975c9386..f5bb29c35 100644 --- a/cmd/podman/pod_create.go +++ b/cmd/podman/pod_create.go @@ -6,6 +6,7 @@ import ( "strings" "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -116,29 +117,11 @@ func podCreateCmd(c *cli.Context) error { if c.BoolT("pause") { options = append(options, libpod.WithPauseContainer()) - for _, toShare := range strings.Split(c.String("share"), ",") { - switch toShare { - case "net": - options = append(options, libpod.WithPodNet()) - case "mnt": - //options = append(options, libpod.WithPodMNT()) - logrus.Debug("Mount Namespace sharing functionality not supported") - case "pid": - options = append(options, libpod.WithPodPID()) - case "user": - // Note: more set up needs to be done before this doesn't error out a create. - logrus.Debug("User Namespace sharing functionality not supported") - case "ipc": - options = append(options, libpod.WithPodIPC()) - case "uts": - options = append(options, libpod.WithPodUTS()) - case "": - case "none": - continue - default: - return errors.Errorf("Invalid kernel namespace to share: %s. Options are: %s, or none", toShare, strings.Join(libpod.KernelNamespaces, ",")) - } + nsOptions, err := shared.GetNamespaceOptions(strings.Split(c.String("share"), ",")) + if err != nil { + return err } + options = append(options, nsOptions...) } // always have containers use pod cgroups diff --git a/cmd/podman/shared/pod.go b/cmd/podman/shared/pod.go index c660bcf9e..99f9f6031 100644 --- a/cmd/podman/shared/pod.go +++ b/cmd/podman/shared/pod.go @@ -2,6 +2,7 @@ package shared import ( "github.com/containers/libpod/libpod" + "github.com/pkg/errors" ) const ( @@ -60,3 +61,35 @@ func GetPodStatus(pod *libpod.Pod) (string, error) { } return created, nil } + +// GetNamespaceOptions transforms a slice of kernel namespaces +// into a slice of pod create options. Currently, not all +// kernel namespaces are supported, and they will be returned in an error +func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) { + var options []libpod.PodCreateOption + var erroredOptions []libpod.PodCreateOption + for _, toShare := range ns { + switch toShare { + case "net": + options = append(options, libpod.WithPodNet()) + case "mnt": + //options = append(options, libpod.WithPodMNT()) + return erroredOptions, errors.Errorf("Mount sharing functionality not supported on pod level") + case "pid": + options = append(options, libpod.WithPodPID()) + case "user": + // Note: more set up needs to be done before this doesn't error out a create. + return erroredOptions, errors.Errorf("User sharing functionality not supported on pod level") + case "ipc": + options = append(options, libpod.WithPodIPC()) + case "uts": + options = append(options, libpod.WithPodUTS()) + case "": + case "none": + return erroredOptions, nil + default: + return erroredOptions, errors.Errorf("Invalid kernel namespace to share: %s. Options are: net, pid, ipc, uts or none", toShare) + } + } + return options, nil +} diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index cd75b3b5f..5c122d86f 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -335,10 +335,15 @@ type ListPodContainerInfo ( ) # PodCreate is an input structure for creating pods. +# It emulates options to podman pod create, however +# changing pause image name and pause container +# is not currently supported type PodCreate ( name: string, cgroupParent: string, - labels: [string]string + labels: [string]string, + share: []string, + pause: bool ) # ListPodData is the returned struct for an individual pod @@ -651,6 +656,10 @@ method PullImage(name: string) -> (id: string) # "pod": "b05dee7bd4ccfee688099fe1588a7a898d6ddd6897de9251d4671c9b0feacb2a" # } # +# $ varlink call unix:/run/podman/io.podman/io.podman.CreatePod '{"create": {"pause": true, "share": ["ipc", "net", "uts"]}}' +# { +# "pod": "d7697449a8035f613c1a8891286502aca68fff7d5d49a85279b3bda229af3b28" +# } # ~~~ method CreatePod(create: PodCreate) -> (pod: string) diff --git a/libpod/pod.go b/libpod/pod.go index e70cd9138..627711cdb 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -7,11 +7,6 @@ import ( "github.com/pkg/errors" ) -var ( - // KernelNamespaces is a list of the kernel namespaces a pod can share - KernelNamespaces = []string{"ipc", "net", "pid", "user", "mnt", "uts", "cgroup"} -) - // Pod represents a group of containers that are managed together. // Any operations on a Pod that access state must begin with a call to // updatePod(). diff --git a/pkg/varlinkapi/pods.go b/pkg/varlinkapi/pods.go index 6252d815b..657aa0baf 100644 --- a/pkg/varlinkapi/pods.go +++ b/pkg/varlinkapi/pods.go @@ -21,6 +21,20 @@ func (i *LibpodAPI) CreatePod(call iopodman.VarlinkCall, create iopodman.PodCrea if create.Name != "" { options = append(options, libpod.WithPodName(create.Name)) } + if len(create.Share) > 0 && !create.Pause { + return call.ReplyErrorOccurred("You cannot share kernel namespaces on the pod level without a pause container") + } + if len(create.Share) == 0 && create.Pause { + return call.ReplyErrorOccurred("You must share kernel namespaces to run a pause container") + } + if create.Pause { + options = append(options, libpod.WithPauseContainer()) + nsOptions, err := shared.GetNamespaceOptions(create.Share) + if err != nil { + return err + } + options = append(options, nsOptions...) + } options = append(options, libpod.WithPodCgroups()) pod, err := i.Runtime.NewPod(getContext(), options...) |