From 2ce475576781dc50ec5e2998982d19c80c305117 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 23 May 2022 17:45:09 -0400 Subject: [PATCH] Allow podman pod create --share +pid Fixes: https://github.com/containers/podman/issues/13422 Signed-off-by: Daniel J Walsh --- cmd/podman/pods/create.go | 7 ++++++- docs/source/markdown/podman-pod-create.1.md | 20 ++++++++++---------- test/system/200-pod.bats | 7 +++++++ 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index 62f8207904..1623796596 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -159,7 +159,12 @@ func create(cmd *cobra.Command, args []string) error { if strings.Contains(share, "cgroup") && shareParent { return errors.Wrapf(define.ErrInvalidArg, "cannot define the pod as the cgroup parent at the same time as joining the infra container's cgroupNS") } - createOptions.Share = strings.Split(share, ",") + + if strings.HasPrefix(share, "+") { + createOptions.Share = append(createOptions.Share, strings.Split(specgen.DefaultKernelNamespaces, ",")...) + share = share[1:] + } + createOptions.Share = append(createOptions.Share, strings.Split(share, ",")...) createOptions.ShareParent = &shareParent if cmd.Flag("infra-command").Changed { // Only send content to server side if user changed defaults diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index fa431b611b..af8f9605e4 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -13,6 +13,15 @@ containers added to it. The pod id is printed to STDOUT. You can then use **podman create --pod `` ...** to add containers to the pod, and **podman pod start ``** to start the pod. +The operator can identify a pod in three ways: +UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”) +UUID short identifier (“f78375b1c487”) +Name (“jonah”) + +podman generates a UUID for each pod, and if a name is not assigned +to the container with **--name** then a random string name will be generated +for it. The name is useful any place you need to identify a pod. + ## OPTIONS #### **--add-host**=_host_:_ip_ @@ -266,16 +275,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the #### **--share**=*namespace* -A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. - -The operator can identify a pod in three ways: -UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”) -UUID short identifier (“f78375b1c487”) -Name (“jonah”) - -podman generates a UUID for each pod, and if a name is not assigned -to the container with **--name** then a random string name will be generated -for it. The name is useful any place you need to identify a pod. +A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts) #### **--share-parent** diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 4250f26805..279e3f4d7e 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -335,8 +335,15 @@ EOF is "$output" ".*Invalid kernel namespace to share: bogus. Options are: cgroup, ipc, net, pid, uts or none" \ "pod test for bogus --share option" run_podman pod create --share ipc --name $pod_name + run_podman pod inspect $pod_name --format "{{.SharedNamespaces}}" + is "$output" "[ipc]" run_podman run --rm --pod $pod_name --hostname foobar $IMAGE hostname is "$output" "foobar" "--hostname should work with non share UTS namespace" + run_podman pod create --share +pid --replace --name $pod_name + run_podman pod inspect $pod_name --format "{{.SharedNamespaces}}" + for ns in uts pid ipc net; do + is "$output" ".*$ns" + done } @test "podman pod create --pod new:$POD --hostname" {