summaryrefslogtreecommitdiff
path: root/cmd/podman/common/specgen.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/common/specgen.go')
-rw-r--r--cmd/podman/common/specgen.go91
1 files changed, 56 insertions, 35 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 8a265cedf..0b6897d3a 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -8,14 +8,14 @@ import (
"time"
"github.com/containers/image/v5/manifest"
- "github.com/containers/libpod/v2/cmd/podman/parse"
- "github.com/containers/libpod/v2/libpod/define"
- ann "github.com/containers/libpod/v2/pkg/annotations"
- envLib "github.com/containers/libpod/v2/pkg/env"
- ns "github.com/containers/libpod/v2/pkg/namespaces"
- "github.com/containers/libpod/v2/pkg/specgen"
- systemdGen "github.com/containers/libpod/v2/pkg/systemd/generate"
- "github.com/containers/libpod/v2/pkg/util"
+ "github.com/containers/podman/v2/cmd/podman/parse"
+ "github.com/containers/podman/v2/libpod/define"
+ ann "github.com/containers/podman/v2/pkg/annotations"
+ envLib "github.com/containers/podman/v2/pkg/env"
+ ns "github.com/containers/podman/v2/pkg/namespaces"
+ "github.com/containers/podman/v2/pkg/specgen"
+ systemdGen "github.com/containers/podman/v2/pkg/systemd/generate"
+ "github.com/containers/podman/v2/pkg/util"
"github.com/docker/go-units"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
@@ -186,6 +186,46 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.Linu
return memory, nil
}
+func setNamespaces(s *specgen.SpecGenerator, c *ContainerCLIOpts) error {
+ var err error
+
+ if c.PID != "" {
+ s.PidNS, err = specgen.ParseNamespace(c.PID)
+ if err != nil {
+ return err
+ }
+ }
+ if c.IPC != "" {
+ s.IpcNS, err = specgen.ParseNamespace(c.IPC)
+ if err != nil {
+ return err
+ }
+ }
+ if c.UTS != "" {
+ s.UtsNS, err = specgen.ParseNamespace(c.UTS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.CgroupNS != "" {
+ s.CgroupNS, err = specgen.ParseNamespace(c.CgroupNS)
+ if err != nil {
+ return err
+ }
+ }
+ // userns must be treated differently
+ if c.UserNS != "" {
+ s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.Net != nil {
+ s.NetNS = c.Net.Network
+ }
+ return nil
+}
+
func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) error {
var (
err error
@@ -252,28 +292,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
s.Expose = expose
- for k, v := range map[string]*specgen.Namespace{
- c.IPC: &s.IpcNS,
- c.PID: &s.PidNS,
- c.UTS: &s.UtsNS,
- c.CGroupsNS: &s.CgroupNS,
- } {
- if k != "" {
- *v, err = specgen.ParseNamespace(k)
- if err != nil {
- return err
- }
- }
- }
- // userns must be treated differently
- if c.UserNS != "" {
- s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
- if err != nil {
- return err
- }
- }
- if c.Net != nil {
- s.NetNS = c.Net.Network
+ if err := setNamespaces(s, c); err != nil {
+ return err
}
if sig := c.StopSignal; len(sig) > 0 {
@@ -417,6 +437,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.DNSOptions = c.Net.DNSOptions
s.StaticIP = c.Net.StaticIP
s.StaticMAC = c.Net.StaticMAC
+ s.NetworkOptions = c.Net.NetworkOptions
s.UseImageHosts = c.Net.NoHosts
s.ImageVolumeMode = c.ImageVolume
@@ -511,10 +532,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1])
s.Annotations[define.InspectAnnotationLabel] = strings.Join(s.ContainerSecurityConfig.SelinuxOpts, ",label=")
case "apparmor":
- if !c.Privileged {
- s.ContainerSecurityConfig.ApparmorProfile = con[1]
- s.Annotations[define.InspectAnnotationApparmor] = con[1]
- }
+ s.ContainerSecurityConfig.ApparmorProfile = con[1]
+ s.Annotations[define.InspectAnnotationApparmor] = con[1]
case "seccomp":
s.SeccompProfilePath = con[1]
s.Annotations[define.InspectAnnotationSeccomp] = con[1]
@@ -530,12 +549,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
// Only add read-only tmpfs mounts in case that we are read-only and the
// read-only tmpfs flag has been set.
- mounts, volumes, err := parseVolumes(c.Volume, c.Mount, c.TmpFS, c.ReadOnlyTmpFS && c.ReadOnly)
+ mounts, volumes, overlayVolumes, err := parseVolumes(c.Volume, c.Mount, c.TmpFS, c.ReadOnlyTmpFS && c.ReadOnly)
if err != nil {
return err
}
s.Mounts = mounts
s.Volumes = volumes
+ s.OverlayVolumes = overlayVolumes
for _, dev := range c.Devices {
s.Devices = append(s.Devices, specs.LinuxDevice{Path: dev})
@@ -611,6 +631,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.Remove = c.Rm
s.StopTimeout = &c.StopTimeout
s.Timezone = c.Timezone
+ s.Umask = c.Umask
return nil
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-09 19:46:00 +0000