From 41c7e43b4dbba117d41d82cd8d5c0f004daba21e Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 23 Jul 2018 12:37:29 +0200 Subject: network: support ns: prefix to join existing namespace Signed-off-by: Giuseppe Scrivano Closes: #1145 Approved by: rhatdan --- docs/podman-create.1.md | 1 + docs/podman-run.1.md | 1 + pkg/spec/createconfig.go | 8 +++----- pkg/spec/parse.go | 15 +++++++++++++++ pkg/spec/spec.go | 3 +++ 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index dc0b0375d..68b711001 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -391,6 +391,7 @@ Set the Network mode for the container 'container:': reuse another container's network stack 'host': use the podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network + 'ns:' path to a network namespace to join **--network-alias**=[] diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 00c78f321..c03fd7c46 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -405,6 +405,7 @@ Set the Network mode for the container: - `container:`: reuse another container's network stack - `host`: use the podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - `|`: connect to a user-defined network +- `ns:` path to a network namespace to join **--network-alias**=[] diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 57416732d..1dba8cdb4 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -370,17 +370,15 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib } } - if rootless.IsRootless() { - if !c.NetMode.IsHost() && !c.NetMode.IsNone() { - options = append(options, libpod.WithNetNS(portBindings, true, networks)) - } + if IsNS(string(c.NetMode)) { + // pass } else if c.NetMode.IsContainer() { connectedCtr, err := c.Runtime.LookupContainer(c.NetMode.ConnectedContainer()) if err != nil { return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer()) } options = append(options, libpod.WithNetNSFrom(connectedCtr)) - } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { + } else if !rootless.IsRootless() && !c.NetMode.IsHost() && !c.NetMode.IsNone() { postConfigureNetNS := (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost() options = append(options, libpod.WithNetNS(portBindings, postConfigureNetNS, networks)) } diff --git a/pkg/spec/parse.go b/pkg/spec/parse.go index 82ca92dff..d4a655e4f 100644 --- a/pkg/spec/parse.go +++ b/pkg/spec/parse.go @@ -18,6 +18,21 @@ func (w *weightDevice) String() string { return fmt.Sprintf("%s:%d", w.path, w.weight) } +// IsNS returns if the specified string has a ns: prefix +func IsNS(s string) bool { + parts := strings.SplitN(s, ":", 2) + return len(parts) > 1 && parts[0] == "ns" +} + +// NS is the path to the namespace to join. +func NS(s string) string { + parts := strings.SplitN(s, ":", 2) + if len(parts) > 1 { + return parts[1] + } + return "" +} + // validateweightDevice validates that the specified string has a valid device-weight format // for blkio-weight-device flag func validateweightDevice(val string) (*weightDevice, error) { diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index ada84a87c..acc41f7c5 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -346,6 +346,9 @@ func addNetNS(config *CreateConfig, g *generate.Generator) error { } else if netMode.IsContainer() { logrus.Debug("Using container netmode") return nil + } else if IsNS(string(netMode)) { + logrus.Debug("Using ns netmode") + return g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, NS(string(netMode))) } else if netMode.IsUserDefined() { logrus.Debug("Using user defined netmode") return nil -- cgit v1.2.3-54-g00ecf