summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r--pkg/specgen/generate/config_linux.go2
-rw-r--r--pkg/specgen/generate/container.go16
-rw-r--r--pkg/specgen/generate/namespaces.go32
-rw-r--r--pkg/specgen/generate/oci.go2
4 files changed, 35 insertions, 17 deletions
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go
index 4c3748e67..60d87a8fd 100644
--- a/pkg/specgen/generate/config_linux.go
+++ b/pkg/specgen/generate/config_linux.go
@@ -164,7 +164,7 @@ func addDevice(g *generate.Generator, device string) error {
}
// ParseDevice parses device mapping string to a src, dest & permissions string
-func ParseDevice(device string) (string, string, string, error) { //nolint
+func ParseDevice(device string) (string, string, string, error) {
var src string
var dst string
permissions := "rwm"
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index cc376125f..e68abf3d1 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -303,8 +303,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error {
if err := unix.Stat(k, &statT); err != nil {
return err
}
- v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
- v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
if s.ResourceLimits.BlockIO == nil {
s.ResourceLimits.BlockIO = new(spec.LinuxBlockIO)
}
@@ -317,8 +317,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error {
if err := unix.Stat(k, &statT); err != nil {
return err
}
- v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
- v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice, v)
}
}
@@ -328,8 +328,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error {
if err := unix.Stat(k, &statT); err != nil {
return err
}
- v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
- v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice, v)
}
}
@@ -339,8 +339,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error {
if err := unix.Stat(k, &statT); err != nil {
return err
}
- v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert
- v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert
+ v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert
+ v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert
s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice, v)
}
}
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 4735111c8..4224d16ce 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -19,6 +19,8 @@ import (
"github.com/sirupsen/logrus"
)
+const host = "host"
+
// Get the default namespace mode for any given namespace type.
func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) (specgen.Namespace, error) {
// The default for most is private
@@ -33,19 +35,38 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
podMode := false
switch {
case nsType == "pid" && pod.SharesPID():
+ if pod.NamespaceMode(spec.PIDNamespace) == host {
+ toReturn.NSMode = specgen.Host
+ return toReturn, nil
+ }
podMode = true
case nsType == "ipc" && pod.SharesIPC():
+ if pod.NamespaceMode(spec.IPCNamespace) == host {
+ toReturn.NSMode = specgen.Host
+ return toReturn, nil
+ }
podMode = true
case nsType == "uts" && pod.SharesUTS():
+ if pod.NamespaceMode(spec.UTSNamespace) == host {
+ toReturn.NSMode = specgen.Host
+ return toReturn, nil
+ }
podMode = true
case nsType == "user" && pod.SharesUser():
+ // user does not need a special check for host, this is already validated on pod creation
+ // if --userns=host then pod.SharesUser == false
podMode = true
case nsType == "net" && pod.SharesNet():
+ if pod.NetworkMode() == host {
+ toReturn.NSMode = specgen.Host
+ return toReturn, nil
+ }
podMode = true
- case nsType == "net" && pod.NetworkMode() == "host":
- toReturn.NSMode = specgen.Host
- return toReturn, nil
case nsType == "cgroup" && pod.SharesCgroup():
+ if pod.NamespaceMode(spec.CgroupNamespace) == host {
+ toReturn.NSMode = specgen.Host
+ return toReturn, nil
+ }
podMode = true
}
if podMode {
@@ -491,10 +512,7 @@ func GetNamespaceOptions(ns []string, netnsIsHost bool) ([]libpod.PodCreateOptio
case "cgroup":
options = append(options, libpod.WithPodCgroup())
case "net":
- // share the netns setting with other containers in the pod only when it is not set to host
- if !netnsIsHost {
- options = append(options, libpod.WithPodNet())
- }
+ options = append(options, libpod.WithPodNet())
case "mnt":
return erroredOptions, errors.Errorf("Mount sharing functionality not supported on pod level")
case "pid":
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 716960024..19f55c9d8 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -371,7 +371,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
if err := unix.Stat(k, &statT); err != nil {
return nil, errors.Wrapf(err, "failed to inspect '%s' in --blkio-weight-device", k)
}
- g.AddLinuxResourcesBlockIOWeightDevice((int64(unix.Major(uint64(statT.Rdev)))), (int64(unix.Minor(uint64(statT.Rdev)))), *v.Weight) // nolint: unconvert
+ g.AddLinuxResourcesBlockIOWeightDevice((int64(unix.Major(uint64(statT.Rdev)))), (int64(unix.Minor(uint64(statT.Rdev)))), *v.Weight) //nolint: unconvert
}
BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), s.Mask, s.Unmask, &g)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-23 08:26:54 +0000