containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixing network ns segfault 

As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.

Signed-off-by: haircommander <pehunt@redhat.com>

Closes: #1187
Approved by: mheon
This commit is contained in:
haircommander 2018-08-20 17:56:35 -04:00 committed by Atomic Bot
parent 2a7449362f
commit 0e6266858a
19 changed files with 193 additions and 602 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/podman/create.go
View File

@ -389,7 +389,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
pidModeStr := c.String("pid")
if !c.IsSet("pid") && pod != nil && pod.SharesPID() {
pidModeStr = "pod"
pidModeStr = cc.POD
}
pidMode := container.PidMode(pidModeStr)
if !cc.Valid(string(pidMode), pidMode) {
@ -398,7 +398,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
usernsModeStr := c.String("userns")
if !c.IsSet("userns") && pod != nil && pod.SharesUser() {
usernsModeStr = "pod"
usernsModeStr = cc.POD
}
usernsMode := container.UsernsMode(usernsModeStr)
if !cc.Valid(string(usernsMode), usernsMode) {
@ -407,7 +407,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
utsModeStr := c.String("uts")
if !c.IsSet("uts") && pod != nil && pod.SharesUTS() {
utsModeStr = "pod"
utsModeStr = cc.POD
}
utsMode := container.UTSMode(utsModeStr)
if !cc.Valid(string(utsMode), utsMode) {
@ -416,15 +416,15 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
ipcModeStr := c.String("ipc")
if !c.IsSet("ipc") && pod != nil && pod.SharesIPC() {
ipcModeStr = "pod"
ipcModeStr = cc.POD
}
ipcMode := container.IpcMode(ipcModeStr)
if !cc.Valid(string(ipcMode), ipcMode) {
return nil, errors.Errorf("--ipc %q is not valid", ipcMode)
}
netModeStr := c.String("net")
if !c.IsSet("net") && pod != nil && pod.SharesNet() {
netModeStr = "pod"
netModeStr := c.String("network")
if !c.IsSet("network") && pod != nil && pod.SharesNet() {
netModeStr = cc.POD
}
// Make sure if network is set to container namespace, port binding is not also being asked for
netMode := container.NetworkMode(netModeStr)

6
cmd/podman/pod_create.go
View File

@ -14,7 +14,7 @@ import (
)
var (
// CRI-O default kernel namespaces
// Kernel namespaces shared by default within a pod
DefaultKernelNamespaces = "ipc,net,uts"
)
@ -35,10 +35,12 @@ var podCreateFlags = []cli.Flag{
cli.StringFlag{
Name: "infra-image",
Usage: "The image of the infra container to associate with the pod",
Value: libpod.DefaultInfraImage,
},
cli.StringFlag{
Name: "infra-command",
Usage: "The command to run on the infra container when the pod is started",
Value: libpod.DefaultInfraCommand,
},
cli.StringSliceFlag{
Name: "label-file",
@ -58,7 +60,7 @@ var podCreateFlags = []cli.Flag{
},
cli.StringFlag{
Name: "share",
Usage: "A comma deliminated list of kernel namespaces the pod will share",
Usage: "A comma delimited list of kernel namespaces the pod will share",
Value: DefaultKernelNamespaces,
},
}

2
cmd/podman/pod_ps.go
View File

@ -474,7 +474,7 @@ func getSharedNamespaces(pod *libpod.Pod) []string {
if pod.SharesNet() {
shared = append(shared, "net")
}
if pod.SharesMNT() {
if pod.SharesMount() {
shared = append(shared, "mnt")
}
if pod.SharesIPC() {

2
cmd/podman/shared/pod.go
View File

@ -73,12 +73,10 @@ func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) {
case "net":
options = append(options, libpod.WithPodNet())
case "mnt":
//options = append(options, libpod.WithPodMNT())
return erroredOptions, errors.Errorf("Mount sharing functionality not supported on pod level")
case "pid":
options = append(options, libpod.WithPodPID())
case "user":
// Note: more set up needs to be done before this doesn't error out a create.
return erroredOptions, errors.Errorf("User sharing functionality not supported on pod level")
case "ipc":
options = append(options, libpod.WithPodIPC())

13
libpod/container.go
View File

@ -252,19 +252,6 @@ type ContainerConfig struct {
UTSNsCtr string `json:"utsNsCtr,omitempty"`
CgroupNsCtr string `json:"cgroupNsCtr,omitempty"`
// Whether container shares an NS with the pod
// NetNsPod conflicts with the CreateNetNS bool
// {namespace}NsPod conflicts with {namespace}NsCtr
// The pause container will be considered dependencies of the given container
// It must be started before the given container is started
IPCNsPod bool `json:"ipcNsPod,omitempty"`
MountNsPod bool `json:"mountNsPod,omitempty"`
NetNsPod bool `json:"netNsPod,omitempty"`
PIDNsPod bool `json:"pidNsPod,omitempty"`
UserNsPod bool `json:"userNsPod,omitempty"`
UTSNsPod bool `json:"utsNsPod,omitempty"`
CgroupNsPod bool `json:"cgroupNsPod,omitempty"`
// IDs of dependency containers.
// These containers must be started before this container is started.
Dependencies []string

427
libpod/container_ffjson.go
View File

@ -194,62 +194,6 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
fflib.WriteJsonString(buf, string(j.CgroupNsCtr))
buf.WriteByte(',')
}
if j.IPCNsPod != false {
if j.IPCNsPod {
buf.WriteString(`"ipcNsPod":true`)
} else {
buf.WriteString(`"ipcNsPod":false`)
}
buf.WriteByte(',')
}
if j.MountNsPod != false {
if j.MountNsPod {
buf.WriteString(`"mountNsPod":true`)
} else {
buf.WriteString(`"mountNsPod":false`)
}
buf.WriteByte(',')
}
if j.NetNsPod != false {
if j.NetNsPod {
buf.WriteString(`"netNsPod":true`)
} else {
buf.WriteString(`"netNsPod":false`)
}
buf.WriteByte(',')
}
if j.PIDNsPod != false {
if j.PIDNsPod {
buf.WriteString(`"pidNsPod":true`)
} else {
buf.WriteString(`"pidNsPod":false`)
}
buf.WriteByte(',')
}
if j.UserNsPod != false {
if j.UserNsPod {
buf.WriteString(`"userNsPod":true`)
} else {
buf.WriteString(`"userNsPod":false`)
}
buf.WriteByte(',')
}
if j.UTSNsPod != false {
if j.UTSNsPod {
buf.WriteString(`"utsNsPod":true`)
} else {
buf.WriteString(`"utsNsPod":false`)
}
buf.WriteByte(',')
}
if j.CgroupNsPod != false {
if j.CgroupNsPod {
buf.WriteString(`"cgroupNsPod":true`)
} else {
buf.WriteString(`"cgroupNsPod":false`)
}
buf.WriteByte(',')
}
buf.WriteString(`"Dependencies":`)
if j.Dependencies != nil {
buf.WriteString(`[`)
@ -582,20 +526,6 @@ const (
ffjtContainerConfigCgroupNsCtr
ffjtContainerConfigIPCNsPod
ffjtContainerConfigMountNsPod
ffjtContainerConfigNetNsPod
ffjtContainerConfigPIDNsPod
ffjtContainerConfigUserNsPod
ffjtContainerConfigUTSNsPod
ffjtContainerConfigCgroupNsPod
ffjtContainerConfigDependencies
ffjtContainerConfigCreateNetNS
@ -695,20 +625,6 @@ var ffjKeyContainerConfigUTSNsCtr = []byte("utsNsCtr")
var ffjKeyContainerConfigCgroupNsCtr = []byte("cgroupNsCtr")
var ffjKeyContainerConfigIPCNsPod = []byte("ipcNsPod")
var ffjKeyContainerConfigMountNsPod = []byte("mountNsPod")
var ffjKeyContainerConfigNetNsPod = []byte("netNsPod")
var ffjKeyContainerConfigPIDNsPod = []byte("pidNsPod")
var ffjKeyContainerConfigUserNsPod = []byte("userNsPod")
var ffjKeyContainerConfigUTSNsPod = []byte("utsNsPod")
var ffjKeyContainerConfigCgroupNsPod = []byte("cgroupNsPod")
var ffjKeyContainerConfigDependencies = []byte("Dependencies")
var ffjKeyContainerConfigCreateNetNS = []byte("createNetNS")
@ -863,11 +779,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigCgroupNsPod, kn) {
currentKey = ffjtContainerConfigCgroupNsPod
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigCreateNetNS, kn) {
currentKey = ffjtContainerConfigCreateNetNS
state = fflib.FFParse_want_colon
@ -962,11 +873,6 @@ mainparse:
currentKey = ffjtContainerConfigIPCNsCtr
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigIPCNsPod, kn) {
currentKey = ffjtContainerConfigIPCNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
case 'l':
@ -993,11 +899,6 @@ mainparse:
currentKey = ffjtContainerConfigMountNsCtr
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigMountNsPod, kn) {
currentKey = ffjtContainerConfigMountNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
case 'n':
@ -1017,11 +918,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigNetNsPod, kn) {
currentKey = ffjtContainerConfigNetNsPod
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigNetworks, kn) {
currentKey = ffjtContainerConfigNetworks
state = fflib.FFParse_want_colon
@ -1045,11 +941,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigPIDNsPod, kn) {
currentKey = ffjtContainerConfigPIDNsPod
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigPortMappings, kn) {
currentKey = ffjtContainerConfigPortMappings
state = fflib.FFParse_want_colon
@ -1134,16 +1025,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigUserNsPod, kn) {
currentKey = ffjtContainerConfigUserNsPod
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigUTSNsPod, kn) {
currentKey = ffjtContainerConfigUTSNsPod
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigUserVolumes, kn) {
currentKey = ffjtContainerConfigUserVolumes
state = fflib.FFParse_want_colon
@ -1290,48 +1171,6 @@ mainparse:
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsPod, kn) {
currentKey = ffjtContainerConfigCgroupNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigUTSNsPod, kn) {
currentKey = ffjtContainerConfigUTSNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigUserNsPod, kn) {
currentKey = ffjtContainerConfigUserNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigPIDNsPod, kn) {
currentKey = ffjtContainerConfigPIDNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigNetNsPod, kn) {
currentKey = ffjtContainerConfigNetNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigMountNsPod, kn) {
currentKey = ffjtContainerConfigMountNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigIPCNsPod, kn) {
currentKey = ffjtContainerConfigIPCNsPod
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsCtr, kn) {
currentKey = ffjtContainerConfigCgroupNsCtr
state = fflib.FFParse_want_colon
@ -1583,27 +1422,6 @@ mainparse:
case ffjtContainerConfigCgroupNsCtr:
goto handle_CgroupNsCtr
case ffjtContainerConfigIPCNsPod:
goto handle_IPCNsPod
case ffjtContainerConfigMountNsPod:
goto handle_MountNsPod
case ffjtContainerConfigNetNsPod:
goto handle_NetNsPod
case ffjtContainerConfigPIDNsPod:
goto handle_PIDNsPod
case ffjtContainerConfigUserNsPod:
goto handle_UserNsPod
case ffjtContainerConfigUTSNsPod:
goto handle_UTSNsPod
case ffjtContainerConfigCgroupNsPod:
goto handle_CgroupNsPod
case ffjtContainerConfigDependencies:
goto handle_Dependencies
@ -2469,251 +2287,6 @@ handle_CgroupNsCtr:
state = fflib.FFParse_after_value
goto mainparse
handle_IPCNsPod:
/* handler: j.IPCNsPod type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.IPCNsPod = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.IPCNsPod = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_MountNsPod:
/* handler: j.MountNsPod type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.MountNsPod = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.MountNsPod = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_NetNsPod:
/* handler: j.NetNsPod type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.NetNsPod = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.NetNsPod = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_PIDNsPod:
/* handler: j.PIDNsPod type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.PIDNsPod = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.PIDNsPod = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_UserNsPod:
/* handler: j.UserNsPod type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.UserNsPod = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.UserNsPod = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_UTSNsPod:
/* handler: j.UTSNsPod type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.UTSNsPod = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.UTSNsPod = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_CgroupNsPod:
/* handler: j.CgroupNsPod type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.CgroupNsPod = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.CgroupNsPod = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_Dependencies:
/* handler: j.Dependencies type=[]string kind=slice quoted=false*/

49
libpod/container_internal_linux.go
View File

@ -168,91 +168,42 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
}
var podInfraContainer string
if c.config.Pod != "" {
pod, err := c.runtime.state.LookupPod(c.config.Pod)
if err != nil {
return nil, err
}
if pod.SharesNamespaces() {
if err := pod.updatePod(); err != nil {
return nil, err
}
podInfraContainer = pod.state.InfraContainerID
}
}
// Add shared namespaces from other containers
if c.config.IPCNsCtr != "" {
if err := c.addNamespaceContainer(&g, IPCNS, c.config.IPCNsCtr, spec.IPCNamespace); err != nil {
return nil, err
}
}
if c.config.IPCNsPod && podInfraContainer != "" {
if err := c.addNamespaceContainer(&g, IPCNS, podInfraContainer, spec.IPCNamespace); err != nil {
return nil, err
}
}
if c.config.MountNsCtr != "" {
if err := c.addNamespaceContainer(&g, MountNS, c.config.MountNsCtr, spec.MountNamespace); err != nil {
return nil, err
}
}
if c.config.MountNsPod && podInfraContainer != "" {
if err := c.addNamespaceContainer(&g, MountNS, podInfraContainer, spec.MountNamespace); err != nil {
return nil, err
}
}
if c.config.NetNsCtr != "" {
if err := c.addNamespaceContainer(&g, NetNS, c.config.NetNsCtr, spec.NetworkNamespace); err != nil {
return nil, err
}
}
if c.config.NetNsPod && podInfraContainer != "" {
if err := c.addNamespaceContainer(&g, NetNS, podInfraContainer, spec.NetworkNamespace); err != nil {
return nil, err
}
}
if c.config.PIDNsCtr != "" {
if err := c.addNamespaceContainer(&g, PIDNS, c.config.PIDNsCtr, string(spec.PIDNamespace)); err != nil {
return nil, err
}
}
if c.config.PIDNsPod && podInfraContainer != "" {
if err := c.addNamespaceContainer(&g, PIDNS, podInfraContainer, string(spec.PIDNamespace)); err != nil {
return nil, err
}
}
if c.config.UserNsCtr != "" {
if err := c.addNamespaceContainer(&g, UserNS, c.config.UserNsCtr, spec.UserNamespace); err != nil {
return nil, err
}
}
if c.config.UserNsPod && podInfraContainer != "" {
if err := c.addNamespaceContainer(&g, UserNS, podInfraContainer, spec.UserNamespace); err != nil {
return nil, err
}
}
if c.config.UTSNsCtr != "" {
if err := c.addNamespaceContainer(&g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil {
return nil, err
}
}
if c.config.UTSNsPod && podInfraContainer != "" {
if err := c.addNamespaceContainer(&g, UTSNS, podInfraContainer, spec.UTSNamespace); err != nil {
return nil, err
}
}
if c.config.CgroupNsCtr != "" {
if err := c.addNamespaceContainer(&g, CgroupNS, c.config.CgroupNsCtr, spec.CgroupNamespace); err != nil {
return nil, err
}
}
if c.config.CgroupNsPod && podInfraContainer != "" {
if err := c.addNamespaceContainer(&g, CgroupNS, podInfraContainer, spec.CgroupNamespace); err != nil {
return nil, err
}
}
if c.config.Rootfs == "" {
if err := idtools.MkdirAllAs(c.state.RealMountpoint, 0700, c.RootUID(), c.RootGID()); err != nil {

122
libpod/options.go
View File

@ -551,17 +551,29 @@ func WithExitCommand(exitCommand []string) CtrCreateOption {
// WithIPCNSFromPod indicates the the container should join the IPC namespace of
// its pod
func WithIPCNSFromPod() CtrCreateOption {
func WithIPCNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
if p == nil {
return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
}
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
ctr.config.IPCNsPod = true
if ctr.config.Pod != p.ID() {
return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
}
infraContainer, err := p.InfraContainerID()
if err != nil {
return err
}
ctr.config.IPCNsCtr = infraContainer
return nil
}
@ -569,17 +581,29 @@ func WithIPCNSFromPod() CtrCreateOption {
// WithMountNSFromPod indicates the the container should join the Mount namespace of
// its pod
func WithMountNSFromPod() CtrCreateOption {
func WithMountNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
if p == nil {
return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
}
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
ctr.config.MountNsPod = true
if ctr.config.Pod != p.ID() {
return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
}
infraContainer, err := p.InfraContainerID()
if err != nil {
return err
}
ctr.config.MountNsCtr = infraContainer
return nil
}
@ -587,17 +611,29 @@ func WithMountNSFromPod() CtrCreateOption {
// WithNetNSFromPod indicates the the container should join the network namespace of
// its pod
func WithNetNSFromPod() CtrCreateOption {
func WithNetNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
if p == nil {
return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
}
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
ctr.config.NetNsPod = true
if ctr.config.Pod != p.ID() {
return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
}
infraContainer, err := p.InfraContainerID()
if err != nil {
return err
}
ctr.config.NetNsCtr = infraContainer
return nil
}
@ -605,17 +641,29 @@ func WithNetNSFromPod() CtrCreateOption {
// WithPIDNSFromPod indicates the the container should join the PID namespace of
// its pod
func WithPIDNSFromPod() CtrCreateOption {
func WithPIDNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
if p == nil {
return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
}
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
ctr.config.PIDNsPod = true
if ctr.config.Pod != p.ID() {
return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
}
infraContainer, err := p.InfraContainerID()
if err != nil {
return err
}
ctr.config.PIDNsCtr = infraContainer
return nil
}
@ -623,17 +671,29 @@ func WithPIDNSFromPod() CtrCreateOption {
// WithUTSNSFromPod indicates the the container should join the UTS namespace of
// its pod
func WithUTSNSFromPod() CtrCreateOption {
func WithUTSNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
if p == nil {
return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
}
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
ctr.config.UTSNsPod = true
if ctr.config.Pod != p.ID() {
return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
}
infraContainer, err := p.InfraContainerID()
if err != nil {
return err
}
ctr.config.UTSNsCtr = infraContainer
return nil
}
@ -641,17 +701,29 @@ func WithUTSNSFromPod() CtrCreateOption {
// WithUserNSFromPod indicates the the container should join the User namespace of
// its pod
func WithUserNSFromPod() CtrCreateOption {
func WithUserNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
if p == nil {
return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
}
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
ctr.config.UserNsPod = true
if ctr.config.Pod != p.ID() {
return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
}
infraContainer, err := p.InfraContainerID()
if err != nil {
return err
}
ctr.config.UserNsCtr = infraContainer
return nil
}
@ -659,17 +731,29 @@ func WithUserNSFromPod() CtrCreateOption {
// WithCgroupNSFromPod indicates the the container should join the Cgroup namespace of
// its pod
func WithCgroupNSFromPod() CtrCreateOption {
func WithCgroupNSFromPod(p *Pod) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return ErrCtrFinalized
}
if p == nil {
return errors.Wrapf(ErrInvalidArg, "pod passed in was nil. Container may not be associated with a pod")
}
if ctr.config.Pod == "" {
return errors.Wrapf(ErrInvalidArg, "container is not a member of any pod")
}
ctr.config.CgroupNsPod = true
if ctr.config.Pod != p.ID() {
return errors.Wrapf(ErrInvalidArg, "pod passed in is not the pod the container is associated with")
}
infraContainer, err := p.InfraContainerID()
if err != nil {
return err
}
ctr.config.CgroupNsCtr = infraContainer
return nil
}
@ -1284,17 +1368,19 @@ func WithPodNet() PodCreateOption {
}
}
// WithPodMNT tells containers in this pod to use the mount namespace
// WithPodMount tells containers in this pod to use the mount namespace
// created for this pod.
// Containers in a pod will inherit the kernel namespaces from the
// first container added.
func WithPodMNT() PodCreateOption {
// TODO implement WithMountNSFrom, so WithMountNsFromPod functions properly
// Then this option can be added on the pod level
func WithPodMount() PodCreateOption {
return func(pod *Pod) error {
if pod.valid {
return ErrPodFinalized
}
pod.config.UsePodMNT = true
pod.config.UsePodMount = true
return nil
}
@ -1304,6 +1390,8 @@ func WithPodMNT() PodCreateOption {
// created for this pod.
// Containers in a pod will inherit the kernel namespaces from the
// first container added.
// TODO implement WithUserNSFrom, so WithUserNsFromPod functions properly
// Then this option can be added on the pod level
func WithPodUser() PodCreateOption {
return func(pod *Pod) error {
if pod.valid {

21
libpod/pod.go
View File

@ -39,7 +39,6 @@ type PodConfig struct {
Labels map[string]string `json:"labels"`
// CgroupParent contains the pod's CGroup parent
CgroupParent string `json:"cgroupParent"`
// UsePodCgroup indicates whether the pod will create its own CGroup and
// join containers to it.
// If true, all containers joined to the pod will use the pod cgroup as
@ -48,12 +47,12 @@ type PodConfig struct {
// The following UsePod{kernelNamespace} indicate whether the containers
// in the pod will inherit the namespace from the first container in the pod.
UsePodPID bool `json:"sharesPid,omitempty"`
UsePodIPC bool `json:"sharesIpc,omitempty"`
UsePodNet bool `json:"sharesNet,omitempty"`
UsePodMNT bool `json:"sharesMnt,omitempty"`
UsePodUser bool `json:"sharesUser,omitempty"`
UsePodUTS bool `json:"sharesUts,omitempty"`
UsePodPID bool `json:"sharesPid,omitempty"`
UsePodIPC bool `json:"sharesIpc,omitempty"`
UsePodNet bool `json:"sharesNet,omitempty"`
UsePodMount bool `json:"sharesMnt,omitempty"`
UsePodUser bool `json:"sharesUser,omitempty"`
UsePodUTS bool `json:"sharesUts,omitempty"`
InfraContainer *InfraContainerConfig `json:"infraConfig"`
@ -149,10 +148,10 @@ func (p *Pod) SharesNet() bool {
return p.config.UsePodNet
}
// SharesMNT returns whether containers in pod
// SharesMount returns whether containers in pod
// default to use PID namespace of first container in pod
func (p *Pod) SharesMNT() bool {
return p.config.UsePodMNT
func (p *Pod) SharesMount() bool {
return p.config.UsePodMount
}
// SharesUser returns whether containers in pod
@ -227,7 +226,7 @@ func (p *Pod) HasInfraContainer() bool {
// SharesNamespaces checks if the pod has any kernel namespaces set as shared. An infra container will not be
// created if no kernel namespaces are shared.
func (p *Pod) SharesNamespaces() bool {
return p.SharesPID() || p.SharesIPC() || p.SharesNet() || p.SharesMNT() || p.SharesUser() || p.SharesUTS()
return p.SharesPID() || p.SharesIPC() || p.SharesNet() || p.SharesMount() || p.SharesUser() || p.SharesUTS()
}
// InfraContainerID returns the infra container ID for a pod.

3
libpod/pod_api.go
View File

@ -427,9 +427,6 @@ func (p *Pod) Inspect() (*PodInspect, error) {
podContainers = append(podContainers, pc)
}
infraContainerID := p.state.InfraContainerID
if err != nil {
return &PodInspect{}, err
}
config := new(PodConfig)
deepcopier.Copy(p.config).To(config)

28
libpod/pod_ffjson.go
View File

@ -299,8 +299,8 @@ func (j *PodConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
}
buf.WriteByte(',')
}
if j.UsePodMNT != false {
if j.UsePodMNT {
if j.UsePodMount != false {
if j.UsePodMount {
buf.WriteString(`"sharesMnt":true`)
} else {
buf.WriteString(`"sharesMnt":false`)
@ -374,7 +374,7 @@ const (
ffjtPodConfigUsePodNet
ffjtPodConfigUsePodMNT
ffjtPodConfigUsePodMount
ffjtPodConfigUsePodUser
@ -403,7 +403,7 @@ var ffjKeyPodConfigUsePodIPC = []byte("sharesIpc")
var ffjKeyPodConfigUsePodNet = []byte("sharesNet")
var ffjKeyPodConfigUsePodMNT = []byte("sharesMnt")
var ffjKeyPodConfigUsePodMount = []byte("sharesMnt")
var ffjKeyPodConfigUsePodUser = []byte("sharesUser")
@ -543,8 +543,8 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyPodConfigUsePodMNT, kn) {
currentKey = ffjtPodConfigUsePodMNT
} else if bytes.Equal(ffjKeyPodConfigUsePodMount, kn) {
currentKey = ffjtPodConfigUsePodMount
state = fflib.FFParse_want_colon
goto mainparse
@ -585,8 +585,8 @@ mainparse:
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyPodConfigUsePodMNT, kn) {
currentKey = ffjtPodConfigUsePodMNT
if fflib.EqualFoldRight(ffjKeyPodConfigUsePodMount, kn) {
currentKey = ffjtPodConfigUsePodMount
state = fflib.FFParse_want_colon
goto mainparse
}
@ -689,8 +689,8 @@ mainparse:
case ffjtPodConfigUsePodNet:
goto handle_UsePodNet
case ffjtPodConfigUsePodMNT:
goto handle_UsePodMNT
case ffjtPodConfigUsePodMount:
goto handle_UsePodMount
case ffjtPodConfigUsePodUser:
goto handle_UsePodUser
@ -1067,9 +1067,9 @@ handle_UsePodNet:
state = fflib.FFParse_after_value
goto mainparse
handle_UsePodMNT:
handle_UsePodMount:
/* handler: j.UsePodMNT type=bool kind=bool quoted=false*/
/* handler: j.UsePodMount type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
@ -1085,11 +1085,11 @@ handle_UsePodMNT:
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.UsePodMNT = true
j.UsePodMount = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.UsePodMNT = false
j.UsePodMount = false
} else {
err = errors.New("unexpected bytes for true/false value")

3
libpod/runtime_ctr.go
View File

@ -88,7 +88,6 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
ctr.runtime = r
var pod *Pod
if ctr.config.Pod != "" {
// Get the pod from state
pod, err = r.state.Pod(ctr.config.Pod)
@ -230,7 +229,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool)
infraID := pod.state.InfraContainerID
if c.ID() == infraID {
return errors.Errorf("an infra container cannot be removed without removing pod %s", pod.ID())
return errors.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID())
}
}

8
libpod/runtime_pod.go
View File

@ -33,6 +33,14 @@ func (r *Runtime) RemovePod(ctx context.Context, p *Pod, removeCtrs, force bool)
return ErrRuntimeStopped
}
if !p.valid {
if ok, _ := r.state.HasPod(p.ID()); !ok {
// Pod probably already removed
// Or was never in the runtime to begin with
return nil
}
}
p.lock.Lock()
defer p.lock.Unlock()

7
libpod/runtime_pod_infra_linux.go
View File

@ -6,6 +6,8 @@ import (
"context"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/rootless"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/opencontainers/runtime-tools/generate"
)
@ -33,6 +35,11 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
options = append(options, WithName(containerName))
options = append(options, withIsInfra())
// Since user namespace sharing is not implemented, we only need to check if it's rootless
portMappings := make([]ocicni.PortMapping, 0)
networks := make([]string, 0)
options = append(options, WithNetNS(portMappings, rootless.IsRootless(), networks))
return r.newContainer(ctx, g.Config, options...)
}

11
libpod/runtime_pod_linux.go
View File

@ -115,12 +115,8 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod,
}
func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) error {
if !p.valid {
if ok, _ := r.state.HasPod(p.ID()); !ok {
// Pod probably already removed
// Or was never in the runtime to begin with
return nil
}
if err := p.updatePod(); err != nil {
return err
}
ctrs, err := r.state.PodContainers(p)
@ -131,9 +127,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
numCtrs := len(ctrs)
// If the only container in the pod is the pause container, remove the pod and container unconditionally.
if err := p.updatePod(); err != nil {
return err
}
pauseCtrID := p.state.InfraContainerID
if numCtrs == 1 && ctrs[0].ID() == pauseCtrID {
removeCtrs = true

11
pkg/spec/createconfig.go
View File

@ -309,6 +309,7 @@ func createExitCommand(runtime *libpod.Runtime) []string {
func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error) {
var options []libpod.CtrCreateOption
var portBindings []ocicni.PortMapping
var pod *libpod.Pod
var err error
// Uncomment after talking to mheon about unimplemented funcs
@ -323,7 +324,7 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
}
if c.Pod != "" {
logrus.Debugf("adding container to pod %s", c.Pod)
pod, err := runtime.LookupPod(c.Pod)
pod, err = runtime.LookupPod(c.Pod)
if err != nil {
return nil, errors.Wrapf(err, "unable to add container to pod %s", c.Pod)
}
@ -385,7 +386,7 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
}
options = append(options, libpod.WithNetNSFrom(connectedCtr))
} else if IsPod(string(c.NetMode)) {
options = append(options, libpod.WithNetNSFromPod())
options = append(options, libpod.WithNetNSFromPod(pod))
} else if !c.NetMode.IsHost() && !c.NetMode.IsNone() {
isRootless := rootless.IsRootless()
postConfigureNetNS := isRootless || (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost()
@ -404,7 +405,7 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
options = append(options, libpod.WithPIDNSFrom(connectedCtr))
}
if IsPod(string(c.PidMode)) {
options = append(options, libpod.WithPIDNSFromPod())
options = append(options, libpod.WithPIDNSFromPod(pod))
}
if c.IpcMode.IsContainer() {
@ -416,11 +417,11 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
options = append(options, libpod.WithIPCNSFrom(connectedCtr))
}
if IsPod(string(c.IpcMode)) {
options = append(options, libpod.WithIPCNSFromPod())
options = append(options, libpod.WithIPCNSFromPod(pod))
}
if IsPod(string(c.UtsMode)) {
options = append(options, libpod.WithUTSNSFromPod())
options = append(options, libpod.WithUTSNSFromPod(pod))
}
// TODO: MNT, USER, CGROUP

6
pkg/spec/parse.go
View File

@ -8,6 +8,10 @@ import (
"github.com/docker/go-units"
)
// POD signifies a kernel namespace is being shared
// by a container with the pod it is associated with
const POD = "pod"
// weightDevice is a structure that holds device:weight pair
type weightDevice struct {
path string
@ -32,7 +36,7 @@ func IsNS(s string) bool {
// IsPod returns if the specified string is pod
func IsPod(s string) bool {
return s == "pod"
return s == POD
}
// Valid checks the validity of a linux namespace

16
test/e2e/pod_stats_test.go
View File

@ -60,12 +60,10 @@ var _ = Describe("Podman pod stats", func() {
})
It("podman stats on a specific running pod with shortID", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("")
Expect(ec).To(Equal(0))
session = podmanTest.RunTopContainerInPod("", podid)
session := podmanTest.RunTopContainerInPod("", podid)
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@ -79,12 +77,10 @@ var _ = Describe("Podman pod stats", func() {
})
It("podman stats on a specific running pod with name", func() {
session := podmanTest.Podman([]string{"pod", "create", "--name", "test"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("test")
Expect(ec).To(Equal(0))
session = podmanTest.RunTopContainerInPod("", podid)
session := podmanTest.RunTopContainerInPod("", podid)
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))

46
test/e2e/pod_top_test.go
View File

@ -44,10 +44,8 @@ var _ = Describe("Podman top", func() {
})
It("podman pod top on non-running pod", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("")
Expect(ec).To(Equal(0))
result := podmanTest.Podman([]string{"top", podid})
result.WaitWithDefaultTimeout()
@ -55,12 +53,10 @@ var _ = Describe("Podman top", func() {
})
It("podman pod top on pod", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("")
Expect(ec).To(Equal(0))
session = podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session := podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@ -71,12 +67,10 @@ var _ = Describe("Podman top", func() {
})
It("podman pod top with options", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("")
Expect(ec).To(Equal(0))
session = podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session := podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@ -87,12 +81,10 @@ var _ = Describe("Podman top", func() {
})
It("podman pod top on pod invalid options", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("")
Expect(ec).To(Equal(0))
session = podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session := podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@ -102,12 +94,10 @@ var _ = Describe("Podman top", func() {
})
It("podman pod top on pod with containers in same pid namespace", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("")
Expect(ec).To(Equal(0))
session = podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session := podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
cid := session.OutputToString()
@ -123,12 +113,10 @@ var _ = Describe("Podman top", func() {
})
It("podman pod top on pod with containers in different namespace", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
podid := session.OutputToString()
_, ec, podid := podmanTest.CreatePod("")
Expect(ec).To(Equal(0))
session = podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session := podmanTest.Podman([]string{"run", "-d", "--pod", podid, ALPINE, "top", "-d", "2"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))