containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #972 from rhatdan/ipc 

IPCMode default mode should be sharable not private
This commit is contained in:
OpenShift Merge Robot 2022-03-22 14:32:25 +01:00 committed by GitHub
parent ef489d60fa 54be5eba7e
commit e60802395f
4 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/docs/containers.conf.5.md
View File

@ -162,12 +162,14 @@ Path to the container-init binary, which forwards signals and reaps processes
within containers. Note that the container-init binary will only be used when
the `--init` for podman-create and podman-run is set.
**ipcns**="private"
**ipcns**="shareable"
Default way to to create a IPC namespace for the container.
Options are:
`private` Create private IPC Namespace for the container.
`host` Share host IPC Namespace with the container.
`host` Share host IPC Namespace with the container.
`none` Create shareable IPC Namespace for the container without a private /dev/shm.
`private` Create private IPC Namespace for the container, other containers are not allowed to share it.
`shareable` Create shareable IPC Namespace for the container.
**keyring**=true

1
common/pkg/config/config_test.go
View File

@ -30,6 +30,7 @@ var _ = Describe("Config", func() {
gomega.Expect(defaultConfig.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048))
gomega.Expect(defaultConfig.Engine.ServiceTimeout).To(gomega.BeEquivalentTo(5))
gomega.Expect(defaultConfig.NetNS()).To(gomega.BeEquivalentTo("private"))
gomega.Expect(defaultConfig.IPCNS()).To(gomega.BeEquivalentTo("shareable"))
gomega.Expect(defaultConfig.Engine.InfraImage).To(gomega.BeEquivalentTo(""))
path, err := defaultConfig.ImageCopyTmpDir()
gomega.Expect(err).To(gomega.BeNil())

8
common/pkg/config/containers.conf
View File

@ -133,10 +133,12 @@ default_sysctls = [
# Default way to to create an IPC namespace (POSIX SysV IPC) for the container
# Options are:
# `private` Create private IPC Namespace for the container.
# `host` Share host IPC Namespace with the container.
# "host" Share host IPC Namespace with the container.
# "none" Create shareable IPC Namespace for the container without a private /dev/shm.
# "private" Create private IPC Namespace for the container, other containers are not allowed to share it.
# "shareable" Create shareable IPC Namespace for the container.
#
#ipcns = "private"
#ipcns = "shareable"
# keyring tells the container engine whether to create
# a kernel keyring for use within the container.

2
common/pkg/config/default.go
View File

@ -205,7 +205,7 @@ func DefaultConfig() (*Config, error) {
HTTPProxy: true,
Init: false,
InitPath: "",
IPCNS: "private",
IPCNS: "shareable",
LogDriver: defaultLogDriver(),
LogSizeMax: DefaultLogSizeMax,
NetNS: "private",