mirror of
https://github.com/containers/podman.git
synced 2025-08-06 03:19:52 +08:00
Correct output when inspecting containers created with --ipc
Fixes: https://github.com/containers/podman/issues/17189 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
@ -183,13 +183,22 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
|
||||
// If there is none, it's ipc=host.
|
||||
// If there is one and it has a path, it's "ns:".
|
||||
// If no path, it's default - the empty string.
|
||||
hostConfig.IpcMode = "host"
|
||||
for _, ns := range ctrSpec.Linux.Namespaces {
|
||||
if ns.Type == spec.IPCNamespace {
|
||||
if ns.Path != "" {
|
||||
hostConfig.IpcMode = fmt.Sprintf("ns:%s", ns.Path)
|
||||
} else {
|
||||
break
|
||||
switch {
|
||||
case c.config.NoShm:
|
||||
hostConfig.IpcMode = "none"
|
||||
case c.config.NoShmShare:
|
||||
hostConfig.IpcMode = "private"
|
||||
default:
|
||||
hostConfig.IpcMode = "shareable"
|
||||
}
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
case c.config.NoShm:
|
||||
@ -197,9 +206,6 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
|
||||
case c.config.NoShmShare:
|
||||
hostConfig.IpcMode = "private"
|
||||
}
|
||||
if hostConfig.IpcMode == "" {
|
||||
hostConfig.IpcMode = "shareable"
|
||||
}
|
||||
|
||||
// Cgroup namespace mode
|
||||
cgroupMode := ""
|
||||
|
||||
@ -8,14 +8,20 @@ load helpers
|
||||
|
||||
@test "podman --ipc=host" {
|
||||
hostipc="$(readlink /proc/self/ns/ipc)"
|
||||
run_podman run --rm --ipc=host $IMAGE readlink /proc/self/ns/ipc
|
||||
run_podman run --name IPC --ipc=host $IMAGE readlink /proc/self/ns/ipc
|
||||
is "$output" "$hostipc" "HostIPC and container IPC should be same"
|
||||
run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
|
||||
is "$output" "host" "host mode should be selected"
|
||||
run_podman rm IPC
|
||||
}
|
||||
|
||||
@test "podman --ipc=none" {
|
||||
hostipc="$(readlink /proc/self/ns/ipc)"
|
||||
run_podman run --rm --ipc=none $IMAGE readlink /proc/self/ns/ipc
|
||||
run_podman run --ipc=none --name IPC $IMAGE readlink /proc/self/ns/ipc
|
||||
assert "$output" != "$hostipc" "containeripc should != hostipc"
|
||||
run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
|
||||
is "$output" "none" "none mode should be selected"
|
||||
run_podman rm IPC
|
||||
|
||||
run_podman 1 run --rm --ipc=none $IMAGE ls /dev/shm
|
||||
is "$output" "ls: /dev/shm: No such file or directory" "Should fail with missing /dev/shm"
|
||||
@ -25,6 +31,8 @@ load helpers
|
||||
hostipc="$(readlink /proc/self/ns/ipc)"
|
||||
run_podman run -d --ipc=private --name test $IMAGE sleep 100
|
||||
assert "$output" != "$hostipc" "containeripc should != hostipc"
|
||||
run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
|
||||
is "$output" "private" "private mode should be selected"
|
||||
|
||||
run_podman 125 run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
|
||||
is "$output" ".*is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)" "Containers should not share private ipc namespace"
|
||||
@ -36,6 +44,8 @@ load helpers
|
||||
hostipc="$(readlink /proc/self/ns/ipc)"
|
||||
run_podman run -d --ipc=shareable --name test $IMAGE sleep 100
|
||||
assert "$output" != "$hostipc" "containeripc(shareable) should != hostipc"
|
||||
run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
|
||||
is "$output" "shareable" "shareable mode should be selected"
|
||||
|
||||
run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
|
||||
assert "$output" != "$hostipc" "containeripc(:test) should != hostipc"
|
||||
@ -47,12 +57,19 @@ load helpers
|
||||
@test "podman --ipc=container@test" {
|
||||
hostipc="$(readlink /proc/self/ns/ipc)"
|
||||
run_podman run -d --name test $IMAGE sleep 100
|
||||
containerid=$output
|
||||
run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
|
||||
is "$output" "shareable" "shareable mode should be selected"
|
||||
run_podman exec test readlink /proc/self/ns/ipc
|
||||
assert "$output" != "$hostipc" "containeripc(exec) should != hostipc"
|
||||
|
||||
testipc=$output
|
||||
run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
|
||||
run_podman run --name IPC --ipc=container:test $IMAGE readlink /proc/self/ns/ipc
|
||||
assert "$output" = "$testipc" "Containers should share ipc namespace"
|
||||
run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
|
||||
is "$output" "container:$containerid" "ipc mode should be selected"
|
||||
run_podman rm IPC
|
||||
|
||||
run_podman stop -t 0 test
|
||||
run_podman rm test
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user