Pod's that share the IPC Namespace need to share /dev/shm

Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: #8181 Signed-off-by: Daniel J Walsh <[email protected]>
containers · Oct 30, 2020 · 916825b · 916825b
1 parent 228396a
commit 916825b
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 0 deletions.
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
@@ -131,6 +131,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 
 	logrus.Debugf("Using %q as infra container entrypoint", entryCmd)
 
+	g.RemoveMount("/dev/shm")
 	if isRootless {
 		g.RemoveMount("/dev/pts")
 		devPts := spec.Mount{

diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
@@ -127,6 +127,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
 			return nil, errNoInfra
 		}
 		toReturn = append(toReturn, libpod.WithIPCNSFrom(infraCtr))
+		toReturn = append(toReturn, libpod.WithShmDir(infraCtr.ShmDir()))
 	case specgen.FromContainer:
 		ipcCtr, err := rt.LookupContainer(s.IpcNS.Value)
 		if err != nil {

diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go
@@ -60,6 +60,25 @@ var _ = Describe("Podman pod create", func() {
 		Expect(NAMESPACE1).To(Equal(NAMESPACE2))
 	})
 
+	It("podman pod container share ipc && /dev/shm ", func() {
+		session := podmanTest.Podman([]string{"pod", "create"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		podID := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"pod", "start", podID})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "touch", "/dev/shm/test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "ls", "/dev/shm/test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
 	It("podman pod container dontshare PIDNS", func() {
 		session := podmanTest.Podman([]string{"pod", "create"})
 		session.WaitWithDefaultTimeout()

diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
@@ -116,6 +116,30 @@ function teardown() {
     run_podman 1 pod exists $podname
 }
 
+@test "podman pod - communicating via /dev/shm " {
+    if is_remote && is_rootless; then
+        skip "FIXME: pending #7139"
+    fi
+
+    podname=pod$(random_string)
+    run_podman 1 pod exists $podname
+    run_podman pod create --infra=true --name=$podname
+    podid="$output"
+    run_podman pod exists $podname
+    run_podman pod exists $podid
+
+    run_podman run --rm --pod $podname $IMAGE touch /dev/shm/test1
+    run_podman run --rm --pod $podname $IMAGE ls /dev/shm/test1
+    is "$output" "/dev/shm/test1"
+
+    # ...then rm the pod, then rmi the pause image so we don't leave strays.
+    run_podman pod rm $podname
+
+    # Pod no longer exists
+    run_podman 1 pod exists $podid
+    run_podman 1 pod exists $podname
+}
+
 # Random byte
 function octet() {
     echo $(( $RANDOM & 255 ))