summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/namespaces.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen/generate/namespaces.go')
-rw-r--r--pkg/specgen/generate/namespaces.go73
1 files changed, 28 insertions, 45 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index a8b74b504..96c65b551 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -1,13 +1,14 @@
package generate
import (
+ "context"
"os"
"strings"
"github.com/containers/common/pkg/config"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/define"
- "github.com/containers/libpod/pkg/cgroups"
+ "github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/specgen"
"github.com/containers/libpod/pkg/util"
@@ -49,51 +50,26 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
}
}
- // If we have containers.conf and are not using cgroupns, use that.
- if cfg != nil && nsType != "cgroup" {
- switch nsType {
- case "pid":
- return specgen.ParseNamespace(cfg.Containers.PidNS)
- case "ipc":
- return specgen.ParseNamespace(cfg.Containers.IPCNS)
- case "uts":
- return specgen.ParseNamespace(cfg.Containers.UTSNS)
- case "user":
- return specgen.ParseUserNamespace(cfg.Containers.UserNS)
- case "net":
- ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS)
- return ns, err
- }
+ if cfg == nil {
+ cfg = &config.Config{}
}
-
switch nsType {
- case "pid", "ipc", "uts":
- // PID, IPC, UTS both default to private, do nothing
+ case "pid":
+ return specgen.ParseNamespace(cfg.Containers.PidNS)
+ case "ipc":
+ return specgen.ParseNamespace(cfg.Containers.IPCNS)
+ case "uts":
+ return specgen.ParseNamespace(cfg.Containers.UTSNS)
case "user":
- // User namespace always defaults to host
- toReturn.NSMode = specgen.Host
- case "net":
- // Net defaults to Slirp on rootless, Bridge otherwise.
- if rootless.IsRootless() {
- toReturn.NSMode = specgen.Slirp
- } else {
- toReturn.NSMode = specgen.Bridge
- }
+ return specgen.ParseUserNamespace(cfg.Containers.UserNS)
case "cgroup":
- // Cgroup is host for v1, private for v2.
- // We can't trust c/common for this, as it only assumes private.
- cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
- if err != nil {
- return toReturn, err
- }
- if !cgroupsv2 {
- toReturn.NSMode = specgen.Host
- }
- default:
- return toReturn, errors.Wrapf(define.ErrInvalidArg, "invalid namespace type %s passed", nsType)
+ return specgen.ParseCgroupNamespace(cfg.Containers.CgroupNS)
+ case "net":
+ ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS)
+ return ns, err
}
- return toReturn, nil
+ return toReturn, errors.Wrapf(define.ErrInvalidArg, "invalid namespace type %q passed", nsType)
}
// GenerateNamespaceOptions generates container creation options for all
@@ -102,7 +78,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
// joining a pod.
// TODO: Consider grouping options that are not directly attached to a namespace
// elsewhere.
-func GenerateNamespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error) {
+func GenerateNamespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod, img *image.Image) ([]libpod.CtrCreateOption, error) {
toReturn := []libpod.CtrCreateOption{}
// If pod is not nil, get infra container.
@@ -230,7 +206,6 @@ func GenerateNamespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod
}
// Net
- // TODO image ports
// TODO validate CNINetworks, StaticIP, StaticIPv6 are only set if we
// are in bridge mode.
postConfigureNetNS := !s.UserNS.IsHost()
@@ -247,9 +222,17 @@ func GenerateNamespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod
}
toReturn = append(toReturn, libpod.WithNetNSFrom(netCtr))
case specgen.Slirp:
- toReturn = append(toReturn, libpod.WithNetNS(s.PortMappings, postConfigureNetNS, "slirp4netns", nil))
+ portMappings, err := createPortMappings(ctx, s, img)
+ if err != nil {
+ return nil, err
+ }
+ toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, "slirp4netns", nil))
case specgen.Bridge:
- toReturn = append(toReturn, libpod.WithNetNS(s.PortMappings, postConfigureNetNS, "bridge", s.CNINetworks))
+ portMappings, err := createPortMappings(ctx, s, img)
+ if err != nil {
+ return nil, err
+ }
+ toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, "bridge", s.CNINetworks))
}
if s.UseImageHosts {
@@ -454,7 +437,7 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
if g.Config.Annotations == nil {
g.Config.Annotations = make(map[string]string)
}
- if s.PublishImagePorts {
+ if s.PublishExposedPorts {
g.Config.Annotations[libpod.InspectAnnotationPublishAll] = libpod.InspectResponseTrue
} else {
g.Config.Annotations[libpod.InspectAnnotationPublishAll] = libpod.InspectResponseFalse
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-30 20:24:19 +0000