Support pause containers in varlink

Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
2024-10-21 01:34:37 +00:00 · 2018-08-16 17:12:16 -04:00 · 2018-08-16 17:12:16 -04:00 · 697b46430a
parent d5e690914d
commit 697b46430a
5 changed files with 62 additions and 28 deletions
--- a/cmd/podman/pod_create.go
+++ b/cmd/podman/pod_create.go
@ -6,6 +6,7 @@ import (
 	"strings"

 	"github.com/containers/libpod/cmd/podman/libpodruntime"
+	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -116,29 +117,11 @@ func podCreateCmd(c *cli.Context) error {

 	if c.BoolT("pause") {
 		options = append(options, libpod.WithPauseContainer())
-		for _, toShare := range strings.Split(c.String("share"), ",") {
-			switch toShare {
-			case "net":
-				options = append(options, libpod.WithPodNet())
-			case "mnt":
-				//options = append(options, libpod.WithPodMNT())
-				logrus.Debug("Mount Namespace sharing functionality not supported")
-			case "pid":
-				options = append(options, libpod.WithPodPID())
-			case "user":
-				// Note: more set up needs to be done before this doesn't error out a create.
-				logrus.Debug("User Namespace sharing functionality not supported")
-			case "ipc":
-				options = append(options, libpod.WithPodIPC())
-			case "uts":
-				options = append(options, libpod.WithPodUTS())
-			case "":
-			case "none":
-				continue
-			default:
-				return errors.Errorf("Invalid kernel namespace to share: %s. Options are: %s, or none", toShare, strings.Join(libpod.KernelNamespaces, ","))
-			}
+		nsOptions, err := shared.GetNamespaceOptions(strings.Split(c.String("share"), ","))
+		if err != nil {
+			return err
 		}
+		options = append(options, nsOptions...)
 	}

 	// always have containers use pod cgroups
--- a/cmd/podman/shared/pod.go
+++ b/cmd/podman/shared/pod.go
@ -2,6 +2,7 @@ package shared

 import (
 	"github.com/containers/libpod/libpod"
+	"github.com/pkg/errors"
 )

 const (
@ -60,3 +61,35 @@ func GetPodStatus(pod *libpod.Pod) (string, error) {
 	}
 	return created, nil
 }
+
+// GetNamespaceOptions transforms a slice of kernel namespaces
+// into a slice of pod create options. Currently, not all
+// kernel namespaces are supported, and they will be returned in an error
+func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) {
+	var options []libpod.PodCreateOption
+	var erroredOptions []libpod.PodCreateOption
+	for _, toShare := range ns {
+		switch toShare {
+		case "net":
+			options = append(options, libpod.WithPodNet())
+		case "mnt":
+			//options = append(options, libpod.WithPodMNT())
+			return erroredOptions, errors.Errorf("Mount sharing functionality not supported on pod level")
+		case "pid":
+			options = append(options, libpod.WithPodPID())
+		case "user":
+			// Note: more set up needs to be done before this doesn't error out a create.
+			return erroredOptions, errors.Errorf("User sharing functionality not supported on pod level")
+		case "ipc":
+			options = append(options, libpod.WithPodIPC())
+		case "uts":
+			options = append(options, libpod.WithPodUTS())
+		case "":
+		case "none":
+			return erroredOptions, nil
+		default:
+			return erroredOptions, errors.Errorf("Invalid kernel namespace to share: %s. Options are: net, pid, ipc, uts or none", toShare)
+		}
+	}
+	return options, nil
+}
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@ -335,10 +335,15 @@ type ListPodContainerInfo (
 )

 # PodCreate is an input structure for creating pods.
+# It emulates options to podman pod create, however
+# changing pause image name and pause container
+# is not currently supported
 type PodCreate (
    name: string,
    cgroupParent: string,
-    labels: [string]string
+    labels: [string]string,
+    share: []string,
+    pause: bool
 )

 # ListPodData is the returned struct for an individual pod
@ -651,6 +656,10 @@ method PullImage(name: string) -> (id: string)
 #   "pod": "b05dee7bd4ccfee688099fe1588a7a898d6ddd6897de9251d4671c9b0feacb2a"
 # }
 #
+# $ varlink call unix:/run/podman/io.podman/io.podman.CreatePod '{"create": {"pause": true, "share": ["ipc", "net", "uts"]}}'
+# {
+#   "pod": "d7697449a8035f613c1a8891286502aca68fff7d5d49a85279b3bda229af3b28"
+# }
 # ~~~
 method CreatePod(create: PodCreate) -> (pod: string)

--- a/libpod/pod.go
+++ b/libpod/pod.go
@ -7,11 +7,6 @@ import (
 	"github.com/pkg/errors"
 )

-var (
-	// KernelNamespaces is a list of the kernel namespaces a pod can share
-	KernelNamespaces = []string{"ipc", "net", "pid", "user", "mnt", "uts", "cgroup"}
-)
-
 // Pod represents a group of containers that are managed together.
 // Any operations on a Pod that access state must begin with a call to
 // updatePod().
--- a/pkg/varlinkapi/pods.go
+++ b/pkg/varlinkapi/pods.go
@ -21,6 +21,20 @@ func (i *LibpodAPI) CreatePod(call iopodman.VarlinkCall, create iopodman.PodCrea
 	if create.Name != "" {
 		options = append(options, libpod.WithPodName(create.Name))
 	}
+	if len(create.Share) > 0 && !create.Pause {
+		return call.ReplyErrorOccurred("You cannot share kernel namespaces on the pod level without a pause container")
+	}
+	if len(create.Share) == 0 && create.Pause {
+		return call.ReplyErrorOccurred("You must share kernel namespaces to run a pause container")
+	}
+	if create.Pause {
+		options = append(options, libpod.WithPauseContainer())
+		nsOptions, err := shared.GetNamespaceOptions(create.Share)
+		if err != nil {
+			return err
+		}
+		options = append(options, nsOptions...)
+	}
 	options = append(options, libpod.WithPodCgroups())

 	pod, err := i.Runtime.NewPod(getContext(), options...)