fix an overriding logic and load config problem

Fix an overriding logic in Inhearit function. Alos, ToSpecGen function doesn't load the cgroup/image volume config from containers.conf. Signed-off-by: karta0807913 <[email protected]>
containers · Dec 1, 2022 · 1d84f0a · 1d84f0a
1 parent c00d8a2
commit 1d84f0a
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 4 deletions.
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
@@ -615,7 +615,7 @@ func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtim
 	}
 
 	// this causes errors when shmSize is the default value, it will still get passed down unless we manually override.
-	if s.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) {
+	if inheritSpec.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) {
 		s.ShmSize = nil
 	}
 	return options, infraSpec, compatibleOptions, nil

diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
@@ -16,6 +16,7 @@ import (
 
 	"github.com/containers/common/libimage"
 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/parse"
 	"github.com/containers/common/pkg/secrets"
 	cutil "github.com/containers/common/pkg/util"
@@ -145,6 +146,21 @@ type CtrSpecGenOptions struct {
 func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGenerator, error) {
 	s := specgen.NewSpecGenerator(opts.Container.Image, false)
 
+	rtc, err := config.Default()
+	if err != nil {
+		return nil, err
+	}
+
+	if s.CgroupsMode == "" {
+		s.CgroupsMode = rtc.Cgroups()
+	}
+	if len(s.ImageVolumeMode) == 0 {
+		s.ImageVolumeMode = rtc.Engine.ImageVolumeMode
+	}
+	if s.ImageVolumeMode == "bind" {
+		s.ImageVolumeMode = "anonymous"
+	}
+
 	// pod name should be non-empty for Deployment objects to be able to create
 	// multiple pods having containers with unique names
 	if len(opts.PodName) < 1 {
@@ -196,7 +212,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 	s.InitContainerType = opts.InitContainerType
 
 	setupSecurityContext(s, opts.Container.SecurityContext, opts.PodSecurityContext)
-	err := setupLivenessProbe(s, opts.Container, opts.RestartPolicy)
+	err = setupLivenessProbe(s, opts.Container, opts.RestartPolicy)
 	if err != nil {
 		return nil, fmt.Errorf("failed to configure livenessProbe: %w", err)
 	}

diff --git a/test/e2e/config/containers-cgroup.conf b/test/e2e/config/containers-cgroup.conf
@@ -0,0 +1,12 @@
+[containers]
+netns="host"
+userns="host"
+ipcns="host"
+utsns="host"
+cgroupns="host"
+cgroups="disabled"
+log_driver = "k8s-file"
+[engine]
+cgroup_manager = "cgroupfs"
+events_logger="file"
+runtime="crun"
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
@@ -175,8 +175,19 @@ spec:
   volumes:
     - name: foo
       secret:
-        secretName: oldsecret
-`
+        secretName: oldsecret`
+
+var simplePodYaml = `
+apiVersion: v1
+kind: Pod
+metadata:
+  name: libpod-test
+spec:
+  containers:
+  - image: quay.io/libpod/alpine_nginx:latest
+    command:
+      - sleep
+      - "3600"`
 
 var unknownKindYaml = `
 apiVersion: v1
@@ -4376,4 +4387,13 @@ ENV OPENJ9_JAVA_OPTIONS=%q
 		deleteAndTestSecret(podmanTest, "newsecret")
 	})
 
+	It("podman play kube with disabled cgroup", func() {
+		os.Setenv("CONTAINERS_CONF", "config/containers-cgroup.conf")
+		err := writeYaml(simplePodYaml, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+	})
 })