From 828b5474914c4036d3a6135c63604d223ced3610 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 28 Jul 2020 09:18:21 -0400
Subject: Specifying --ipc=host --pid=host is broken

For some reason we were overwriting memory when handling both
--pid=host and --ipc=host.  Simplified the code to handle this
correctly, and add test to make sure it does not happen again.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/podman/common/specgen.go | 64 +++++++++++++++++++++++++++++---------------
 1 file changed, 42 insertions(+), 22 deletions(-)

(limited to 'cmd/podman/common/specgen.go')

diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index aa8669e7a..7716fc150 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -186,6 +186,46 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.Linu
 	return memory, nil
 }
 
+func setNamespaces(s *specgen.SpecGenerator, c *ContainerCLIOpts) error {
+	var err error
+
+	if c.PID != "" {
+		s.PidNS, err = specgen.ParseNamespace(c.PID)
+		if err != nil {
+			return err
+		}
+	}
+	if c.IPC != "" {
+		s.IpcNS, err = specgen.ParseNamespace(c.IPC)
+		if err != nil {
+			return err
+		}
+	}
+	if c.UTS != "" {
+		s.UtsNS, err = specgen.ParseNamespace(c.UTS)
+		if err != nil {
+			return err
+		}
+	}
+	if c.CgroupNS != "" {
+		s.CgroupNS, err = specgen.ParseNamespace(c.CgroupNS)
+		if err != nil {
+			return err
+		}
+	}
+	// userns must be treated differently
+	if c.UserNS != "" {
+		s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
+		if err != nil {
+			return err
+		}
+	}
+	if c.Net != nil {
+		s.NetNS = c.Net.Network
+	}
+	return nil
+}
+
 func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) error {
 	var (
 		err error
@@ -250,28 +290,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	}
 	s.Expose = expose
 
-	for k, v := range map[string]*specgen.Namespace{
-		c.IPC:       &s.IpcNS,
-		c.PID:       &s.PidNS,
-		c.UTS:       &s.UtsNS,
-		c.CGroupsNS: &s.CgroupNS,
-	} {
-		if k != "" {
-			*v, err = specgen.ParseNamespace(k)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	// userns must be treated differently
-	if c.UserNS != "" {
-		s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
-		if err != nil {
-			return err
-		}
-	}
-	if c.Net != nil {
-		s.NetNS = c.Net.Network
+	if err := setNamespaces(s, c); err != nil {
+		return err
 	}
 
 	if sig := c.StopSignal; len(sig) > 0 {
-- 
cgit v1.2.3-54-g00ecf