From 3e534eff9d4e5e3a790870c5a7943a3473f51770 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 21 Jul 2023 13:16:37 -0400
Subject: [PATCH] Add support for ShmSize to quadlet

I am working on running android auto in a quadlet.

[Container]
AddDevice=/dev/dri/renderD128
AddDevice=/dev/kvm
DropCapability=all
Environment=PULSE_SERVER=$XDG_RUNTIME_DIR/pulse/native
Environment=WAYLAND_DISPLAY=wayland-0
Environment=XDG_RUNTIME_DIR
Image=quay.io/slopezpa/qemu-aaos
ContainerName=Android
PodmanArgs=--shm-size=5g
SecurityLabelDisable=true
Volume=$XDG_RUNTIME_DIR:$XDG_RUNTIME_DIR

And I need to be able to set the --shm-size option.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 docs/source/markdown/podman-systemd.unit.5.md |  7 +++++++
 pkg/systemd/quadlet/quadlet.go                | 13 ++++++++++---
 test/e2e/quadlet/shmsize.container            |  5 +++++
 test/e2e/quadlet_test.go                      |  1 +
 4 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 test/e2e/quadlet/shmsize.container

diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md
index ed89f6e53c..6372ad8e14 100644
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@@ -132,6 +132,7 @@ Valid options for `[Container]` are listed below:
 | SecurityLabelLevel=s0:c1,c2    | --security-opt label=level:s0:c1,c2                  |
 | SecurityLabelNested=true       | --security-opt label=nested                          |
 | SecurityLabelType=spc_t        | --security-opt label=type:spc_t                      |
+| ShmSize=100m                   | --shm-size=100m                                      |
 | Sysctl=name=value              | --sysctl=name=value                                  |
 | Timezone=local                 | --tz local                                           |
 | Tmpfs=/work                    | --tmpfs /work                                        |
@@ -447,6 +448,12 @@ Set the label process type for the container processes.
 Use a Podman secret in the container either as a file or an environment variable.
 This is equivalent to the Podman `--secret` option and generally has the form `secret[,opt=opt ...]`
 
+### `ShmSize=`
+
+Size of /dev/shm.
+
+This is equivalent to the Podman `--shm-size` option and generally has the form `number[unit]`
+
 ### `Sysctl=`
 
 Configures namespaced kernel parameters for the container. The format is `Sysctl=name=value`.
diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go
index 34b735824a..dd823f79c6 100644
--- a/pkg/systemd/quadlet/quadlet.go
+++ b/pkg/systemd/quadlet/quadlet.go
@@ -55,6 +55,7 @@ const (
 	KeyEnvironmentFile       = "EnvironmentFile"
 	KeyEnvironmentHost       = "EnvironmentHost"
 	KeyExec                  = "Exec"
+	KeyExitCodePropagation   = "ExitCodePropagation"
 	KeyExposeHostPort        = "ExposeHostPort"
 	KeyGroup                 = "Group"
 	KeyHealthCmd             = "HealthCmd"
@@ -69,10 +70,9 @@ const (
 	KeyHealthStartupTimeout  = "HealthStartupTimeout"
 	KeyHealthTimeout         = "HealthTimeout"
 	KeyHostName              = "HostName"
-	KeyImage                 = "Image"
 	KeyIP                    = "IP"
 	KeyIP6                   = "IP6"
-	KeyExitCodePropagation   = "ExitCodePropagation"
+	KeyImage                 = "Image"
 	KeyLabel                 = "Label"
 	KeyLogDriver             = "LogDriver"
 	KeyMask                  = "Mask"
@@ -102,13 +102,14 @@ const (
 	KeyRootfs                = "Rootfs"
 	KeyRunInit               = "RunInit"
 	KeySeccompProfile        = "SeccompProfile"
+	KeySecret                = "Secret"
 	KeySecurityLabelDisable  = "SecurityLabelDisable"
 	KeySecurityLabelFileType = "SecurityLabelFileType"
 	KeySecurityLabelLevel    = "SecurityLabelLevel"
 	KeySecurityLabelNested   = "SecurityLabelNested"
 	KeySecurityLabelType     = "SecurityLabelType"
-	KeySecret                = "Secret"
 	KeySetWorkingDirectory   = "SetWorkingDirectory"
+	KeyShmSize               = "ShmSize"
 	KeySysctl                = "Sysctl"
 	KeyTimezone              = "Timezone"
 	KeyTmpfs                 = "Tmpfs"
@@ -179,6 +180,7 @@ var (
 		KeySecurityLabelLevel:    true,
 		KeySecurityLabelNested:   true,
 		KeySecurityLabelType:     true,
+		KeyShmSize:               true,
 		KeySysctl:                true,
 		KeyTimezone:              true,
 		KeyTmpfs:                 true,
@@ -493,6 +495,11 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse
 		podman.addf("--cap-add=%s", strings.ToLower(caps))
 	}
 
+	shmSize, hasShmSize := container.Lookup(ContainerGroup, KeyShmSize)
+	if hasShmSize {
+		podman.addf("--shm-size=%s", shmSize)
+	}
+
 	sysctl := container.LookupAllStrv(ContainerGroup, KeySysctl)
 	for _, sysctlItem := range sysctl {
 		podman.addf("--sysctl=%s", sysctlItem)
diff --git a/test/e2e/quadlet/shmsize.container b/test/e2e/quadlet/shmsize.container
new file mode 100644
index 0000000000..fe8df7d152
--- /dev/null
+++ b/test/e2e/quadlet/shmsize.container
@@ -0,0 +1,5 @@
+## assert-podman-args "--shm-size=5g"
+
+[Container]
+Image=localhost/imagename
+ShmSize=5g
diff --git a/test/e2e/quadlet_test.go b/test/e2e/quadlet_test.go
index 1d2e499d78..be904fb7d5 100644
--- a/test/e2e/quadlet_test.go
+++ b/test/e2e/quadlet_test.go
@@ -594,6 +594,7 @@ BOGUS=foo
 		Entry("seccomp.container", "seccomp.container", 0, ""),
 		Entry("secrets.container", "secrets.container", 0, ""),
 		Entry("selinux.container", "selinux.container", 0, ""),
+		Entry("shmsize.container", "shmsize.container", 0, ""),
 		Entry("shortname.container", "shortname.container", 0, "Warning: shortname.container specifies the image \"shortname\" which not a fully qualified image name. This is not ideal for performance and security reasons. See the podman-pull manpage discussion of short-name-aliases.conf for details."),
 		Entry("sysctl.container", "sysctl.container", 0, ""),
 		Entry("timezone.container", "timezone.container", 0, ""),