From e43270fc5e594fdb77f9a22f0042105824485e62 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 24 Jul 2018 18:23:10 +0200 Subject: podman: allow to specify the IPC namespace to join Signed-off-by: Giuseppe Scrivano Closes: #1145 Approved by: rhatdan --- cmd/podman/create.go | 2 +- docs/podman-create.1.md | 1 + docs/podman-run.1.md | 1 + pkg/spec/spec.go | 3 +++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cmd/podman/create.go b/cmd/podman/create.go index cf0020ffb..c7982d551 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -393,7 +393,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim return nil, errors.Errorf("--uts %q is not valid", c.String("uts")) } ipcMode := container.IpcMode(c.String("ipc")) - if !ipcMode.Valid() { + if !cc.IsNS(string(ipcMode)) && !ipcMode.Valid() { return nil, errors.Errorf("--ipc %q is not valid", ipcMode) } shmDir := "" diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 293cabf68..36a7fda11 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -291,6 +291,7 @@ Not implemented Default is to create a private IPC namespace (POSIX SysV IPC) for the container 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. + 'ns:' path to an IPC namespace to join. **--kernel-memory**="" diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index bd1a5d56f..3a3115964 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -302,6 +302,7 @@ Default is to create a private IPC namespace (POSIX SysV IPC) for the container - `container:`: reuses another container shared memory, semaphores and message queues - `host`: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +- `ns:` path to an IPC namespace to join. **--kernel-memory**="" diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 4b6b947d7..d9888e999 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -380,6 +380,9 @@ func addUTSNS(config *CreateConfig, g *generate.Generator) error { func addIpcNS(config *CreateConfig, g *generate.Generator) error { ipcMode := config.IpcMode + if IsNS(string(ipcMode)) { + return g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), NS(string(ipcMode))) + } if ipcMode.IsHost() { return g.RemoveLinuxNamespace(spec.IPCNamespace) } -- cgit v1.2.3-54-g00ecf