summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/api/handlers/libpod/containers_create.go17
-rw-r--r--pkg/specgen/generate/container.go7
-rw-r--r--pkg/specgen/generate/namespaces.go11
-rw-r--r--pkg/specgen/generate/security.go2
-rw-r--r--pkg/specgenutil/specgen.go22
5 files changed, 46 insertions, 13 deletions
diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go
index 4f9dc008d..1043dec4d 100644
--- a/pkg/api/handlers/libpod/containers_create.go
+++ b/pkg/api/handlers/libpod/containers_create.go
@@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"net/http"
+ "strconv"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/api/handlers/utils"
@@ -11,6 +12,7 @@ import (
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/specgen"
"github.com/containers/podman/v4/pkg/specgen/generate"
+ "github.com/containers/podman/v4/pkg/specgenutil"
"github.com/pkg/errors"
)
@@ -39,6 +41,20 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
t := true
sg.Passwd = &t
}
+
+ // need to check for memory limit to adjust swap
+ if sg.ResourceLimits != nil && sg.ResourceLimits.Memory != nil {
+ s := ""
+ var l int64 = 0
+ if sg.ResourceLimits.Memory.Swap != nil {
+ s = strconv.Itoa(int(*sg.ResourceLimits.Memory.Swap))
+ }
+ if sg.ResourceLimits.Memory.Limit != nil {
+ l = *sg.ResourceLimits.Memory.Limit
+ }
+ specgenutil.LimitToSwap(sg.ResourceLimits.Memory, s, l)
+ }
+
warn, err := generate.CompleteSpec(r.Context(), runtime, &sg)
if err != nil {
utils.InternalServerError(w, err)
@@ -54,6 +70,7 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
utils.InternalServerError(w, err)
return
}
+
response := entities.ContainerCreateResponse{ID: ctr.ID(), Warnings: warn}
utils.WriteJSON(w, http.StatusCreated, response)
}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index b38b0e695..f7ea2edfa 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -428,9 +428,12 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s
case "cgroup":
specg.CgroupNS = specgen.Namespace{NSMode: specgen.Default} //default
case "ipc":
- if conf.ShmDir == "/dev/shm" {
+ switch conf.ShmDir {
+ case "/dev/shm":
specg.IpcNS = specgen.Namespace{NSMode: specgen.Host}
- } else {
+ case "":
+ specg.IpcNS = specgen.Namespace{NSMode: specgen.None}
+ default:
specg.IpcNS = specgen.Namespace{NSMode: specgen.Default} //default
}
case "uts":
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 9ce45aaf0..05c2d1741 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -134,8 +134,17 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
if err != nil {
return nil, errors.Wrapf(err, "error looking up container to share ipc namespace with")
}
+ if ipcCtr.ConfigNoCopy().NoShmShare {
+ return nil, errors.Errorf("joining IPC of container %s is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)", ipcCtr.ID())
+ }
toReturn = append(toReturn, libpod.WithIPCNSFrom(ipcCtr))
- toReturn = append(toReturn, libpod.WithShmDir(ipcCtr.ShmDir()))
+ if !ipcCtr.ConfigNoCopy().NoShm {
+ toReturn = append(toReturn, libpod.WithShmDir(ipcCtr.ShmDir()))
+ }
+ case specgen.None:
+ toReturn = append(toReturn, libpod.WithNoShm(true))
+ case specgen.Private:
+ toReturn = append(toReturn, libpod.WithNoShmShare(true))
}
// UTS
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index 988c29832..ec52164ab 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -222,7 +222,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
for sysctlKey, sysctlVal := range defaultSysctls {
// Ignore mqueue sysctls if --ipc=host
if noUseIPC && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
- logrus.Infof("Sysctl %s=%s ignored in containers.conf, since IPC Namespace set to host", sysctlKey, sysctlVal)
+ logrus.Infof("Sysctl %s=%s ignored in containers.conf, since IPC Namespace set to %q", sysctlKey, sysctlVal, s.IpcNS.NSMode)
continue
}
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 42b66d909..00de99817 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -126,6 +126,16 @@ func getIOLimits(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions) (
return io, nil
}
+func LimitToSwap(memory *specs.LinuxMemory, swap string, ml int64) {
+ if ml > 0 {
+ memory.Limit = &ml
+ if swap == "" {
+ limit := 2 * ml
+ memory.Swap = &(limit)
+ }
+ }
+}
+
func getMemoryLimits(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions) (*specs.LinuxMemory, error) {
var err error
memory := &specs.LinuxMemory{}
@@ -135,14 +145,8 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *entities.ContainerCreateOption
if err != nil {
return nil, errors.Wrapf(err, "invalid value for memory")
}
- if ml > 0 {
- memory.Limit = &ml
- if c.MemorySwap == "" {
- limit := 2 * ml
- memory.Swap = &(limit)
- }
- hasLimits = true
- }
+ LimitToSwap(memory, c.MemorySwap, ml)
+ hasLimits = true
}
if m := c.MemoryReservation; len(m) > 0 {
mr, err := units.RAMInBytes(m)
@@ -190,7 +194,7 @@ func setNamespaces(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions)
}
}
if c.IPC != "" {
- s.IpcNS, err = specgen.ParseNamespace(c.IPC)
+ s.IpcNS, err = specgen.ParseIPCNamespace(c.IPC)
if err != nil {
return err
}