api: add cgroupns option to container create (#2930)

Signed-off-by: David Otto <ottodavid@gmx.net>
2022-07-29 20:04:47 +02:00 · 2022-07-29 20:04:47 +02:00 · d69de54d7c
parent 1a4cacdfb6
commit d69de54d7c
3 changed files with 13 additions and 1 deletions
--- a/docker/models/containers.py
+++ b/docker/models/containers.py
@ -553,6 +553,11 @@ class ContainerCollection(Collection):
                ``["SYS_ADMIN", "MKNOD"]``.
            cap_drop (list of str): Drop kernel capabilities.
            cgroup_parent (str): Override the default parent cgroup.
+            cgroupns (str): Override the default cgroup namespace mode for the
+                container. One of:
+                - ``private`` the container runs in its own private cgroup
+                  namespace.
+                - ``host`` use the host system's cgroup namespace.
            cpu_count (int): Number of usable CPUs (Windows only).
            cpu_percent (int): Usable percentage of the available CPUs
                (Windows only).
@ -1002,6 +1007,7 @@ RUN_HOST_CONFIG_KWARGS = [
    'cap_add',
    'cap_drop',
    'cgroup_parent',
+    'cgroupns',
    'cpu_count',
    'cpu_percent',
    'cpu_period',
--- a/docker/types/containers.py
+++ b/docker/types/containers.py
@ -272,7 +272,8 @@ class HostConfig(dict):
                 volume_driver=None, cpu_count=None, cpu_percent=None,
                 nano_cpus=None, cpuset_mems=None, runtime=None, mounts=None,
                 cpu_rt_period=None, cpu_rt_runtime=None,
-                 device_cgroup_rules=None, device_requests=None):
+                 device_cgroup_rules=None, device_requests=None,
+                 cgroupns=None):

        if mem_limit is not None:
            self['Memory'] = parse_bytes(mem_limit)
@ -646,6 +647,9 @@ class HostConfig(dict):
                    req = DeviceRequest(**req)
                self['DeviceRequests'].append(req)

+        if cgroupns:
+            self['CgroupnsMode'] = cgroupns
+

 def host_config_type_error(param, param_value, expected):
    error_msg = 'Invalid type for {0} param: expected {1} but found {2}'
--- a/tests/unit/models_containers_test.py
+++ b/tests/unit/models_containers_test.py
@ -39,6 +39,7 @@ class ContainerCollectionTest(unittest.TestCase):
            cap_add=['foo'],
            cap_drop=['bar'],
            cgroup_parent='foobar',
+            cgroupns='host',
            cpu_period=1,
            cpu_quota=2,
            cpu_shares=5,
@ -135,6 +136,7 @@ class ContainerCollectionTest(unittest.TestCase):
                'BlkioWeight': 2,
                'CapAdd': ['foo'],
                'CapDrop': ['bar'],
+                'CgroupnsMode': 'host',
                'CgroupParent': 'foobar',
                'CpuPeriod': 1,
                'CpuQuota': 2,