From d5e690914dc78eca8664442e7677eb5004522bfd Mon Sep 17 00:00:00 2001 From: haircommander Date: Fri, 27 Jul 2018 13:58:50 -0400 Subject: Added option to share kernel namespaces in libpod and podman A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander Closes: #1187 Approved by: mheon --- pkg/spec/createconfig.go | 17 +++++++++++++++++ pkg/spec/parse.go | 17 +++++++++++++++++ pkg/spec/spec.go | 6 ++++++ 3 files changed, 40 insertions(+) (limited to 'pkg/spec') diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 6df6fb480..dd1cd5833 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -364,6 +364,9 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib networks := make([]string, 0) userNetworks := c.NetMode.UserDefined() + if IsPod(userNetworks) { + userNetworks = "" + } if userNetworks != "" { for _, netName := range strings.Split(userNetworks, ",") { if netName == "" { @@ -381,6 +384,8 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer()) } options = append(options, libpod.WithNetNSFrom(connectedCtr)) + } else if IsPod(string(c.NetMode)) { + options = append(options, libpod.WithNetNSFromPod()) } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { isRootless := rootless.IsRootless() postConfigureNetNS := isRootless || (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost() @@ -398,6 +403,10 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib options = append(options, libpod.WithPIDNSFrom(connectedCtr)) } + if IsPod(string(c.PidMode)) { + options = append(options, libpod.WithPIDNSFromPod()) + } + if c.IpcMode.IsContainer() { connectedCtr, err := c.Runtime.LookupContainer(c.IpcMode.Container()) if err != nil { @@ -406,7 +415,15 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib options = append(options, libpod.WithIPCNSFrom(connectedCtr)) } + if IsPod(string(c.IpcMode)) { + options = append(options, libpod.WithIPCNSFromPod()) + } + + if IsPod(string(c.UtsMode)) { + options = append(options, libpod.WithUTSNSFromPod()) + } + // TODO: MNT, USER, CGROUP options = append(options, libpod.WithStopSignal(c.StopSignal)) options = append(options, libpod.WithStopTimeout(c.StopTimeout)) if len(c.DNSSearch) > 0 { diff --git a/pkg/spec/parse.go b/pkg/spec/parse.go index d34e10760..4cdc62de6 100644 --- a/pkg/spec/parse.go +++ b/pkg/spec/parse.go @@ -18,12 +18,29 @@ func (w *weightDevice) String() string { return fmt.Sprintf("%s:%d", w.path, w.weight) } +// LinuxNS is a struct that contains namespace information +// It implemented Valid to show it is a valid namespace +type LinuxNS interface { + Valid() bool +} + // IsNS returns if the specified string has a ns: prefix func IsNS(s string) bool { parts := strings.SplitN(s, ":", 2) return len(parts) > 1 && parts[0] == "ns" } +// IsPod returns if the specified string is pod +func IsPod(s string) bool { + return s == "pod" +} + +// Valid checks the validity of a linux namespace +// s should be the string representation of ns +func Valid(s string, ns LinuxNS) bool { + return IsPod(s) || IsNS(s) || ns.Valid() +} + // NS is the path to the namespace to join. func NS(s string) string { parts := strings.SplitN(s, ":", 2) diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 7323b2d2b..8d8a07a2e 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -349,6 +349,9 @@ func addPidNS(config *CreateConfig, g *generate.Generator) error { if pidMode.IsContainer() { logrus.Debug("using container pidmode") } + if IsPod(string(pidMode)) { + logrus.Debug("using pod pidmode") + } return nil } @@ -384,6 +387,9 @@ func addNetNS(config *CreateConfig, g *generate.Generator) error { } else if IsNS(string(netMode)) { logrus.Debug("Using ns netmode") return g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, NS(string(netMode))) + } else if IsPod(string(netMode)) { + logrus.Debug("Using pod netmode, unless pod is not sharing") + return nil } else if netMode.IsUserDefined() { logrus.Debug("Using user defined netmode") return nil -- cgit v1.2.3-54-g00ecf