From e838dcb4bf7dc35b1bcf21edad6a1f6c59d969ab Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 25 Jun 2018 23:39:11 -0400 Subject: Add constraint that dependencies must be in the same ns Dependency containers must be in the same namespace, to ensure there are never problems resolving a dependency. Signed-off-by: Matthew Heon --- libpod/runtime.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'libpod/runtime.go') diff --git a/libpod/runtime.go b/libpod/runtime.go index a551c9134..a0b673d81 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -136,10 +136,22 @@ type RuntimeConfig struct { // CNIDefaultNetwork is the network name of the default CNI network // to attach pods to CNIDefaultNetwork string `toml:"cni_default_network,omitempty"` - // HooksDirNotExistFatal switches between fatal errors and non-fatal warnings if the configured HooksDir does not exist. + // HooksDirNotExistFatal switches between fatal errors and non-fatal + // warnings if the configured HooksDir does not exist. HooksDirNotExistFatal bool `toml:"hooks_dir_not_exist_fatal"` - // DefaultMountsFile is the path to the default mounts file for testing purposes only + // DefaultMountsFile is the path to the default mounts file for testing + // purposes only DefaultMountsFile string `toml:"-"` + // Namespace is the libpod namespace to use. + // Namespaces are used to create scopes to separate containers and pods + // in the state. + // When namespace is set, libpod will only view containers and pods in + // the same namespace. All containers and pods created will default to + // the namespace set here. + // A namespace of "", the empty string, is equivalent to no namespace, + // and all containers and pods will be visible. + // The default namespace is "". + Namespace string `toml:"namespace,omitempty"` } var ( -- cgit v1.2.3-54-g00ecf From 486c5c87bca028ba41dfb9f516ae37b9d6a984cb Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Fri, 20 Jul 2018 08:49:30 -0400 Subject: Add missing runtime.go lines to set namespace Also add namespace to inspect output to verify its presence Signed-off-by: Matthew Heon --- libpod/container_inspect.go | 1 + libpod/runtime.go | 5 +++++ pkg/inspect/inspect.go | 1 + 3 files changed, 7 insertions(+) (limited to 'libpod/runtime.go') diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index a1070cf99..dec0b47b4 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -69,6 +69,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data) ImageID: config.RootfsImageID, ImageName: config.RootfsImageName, ExitCommand: config.ExitCommand, + Namespace: config.Namespace, Rootfs: config.Rootfs, ResolvConfPath: resolvPath, HostnamePath: hostnamePath, diff --git a/libpod/runtime.go b/libpod/runtime.go index a0b673d81..1a384fde2 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -505,6 +505,11 @@ func makeRuntime(runtime *Runtime) (err error) { return errors.Wrapf(ErrInvalidArg, "unrecognized state type passed") } + if err := runtime.state.SetNamespace(runtime.config.Namespace); err != nil { + return errors.Wrapf(err, "error setting libpod namespace in state") + } + logrus.Debugf("Set libpod namespace to %q", runtime.config.Namespace) + // We now need to see if the system has restarted // We check for the presence of a file in our tmp directory to verify this // This check must be locked to prevent races diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go index 5b5a27c3d..d2c9e79a5 100644 --- a/pkg/inspect/inspect.go +++ b/pkg/inspect/inspect.go @@ -169,6 +169,7 @@ type ContainerInspectData struct { Dependencies []string `json:"Dependencies"` NetworkSettings *NetworkSettings `json:"NetworkSettings"` //TODO ExitCommand []string `json:"ExitCommand"` + Namespace string `json:"Namespace"` } // ContainerInspectState represents the state of a container. -- cgit v1.2.3-54-g00ecf