opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Correct output when inspecting containers created with --ipc

Browse Source 
Fixes: https://github.com/containers/podman/issues/17189

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2023-01-24 11:00:16 -05:00
parent ce504bbfe3
commit 623ad2a636
2 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libpod/container_inspect_linux.go
View File

@ -183,13 +183,22 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
// If there is none, it's ipc=host. // If there is none, it's ipc=host.
// If there is one and it has a path, it's "ns:". // If there is one and it has a path, it's "ns:".
// If no path, it's default - the empty string. // If no path, it's default - the empty string.
hostConfig.IpcMode = "host"
for _, ns := range ctrSpec.Linux.Namespaces { for _, ns := range ctrSpec.Linux.Namespaces {
if ns.Type == spec.IPCNamespace { if ns.Type == spec.IPCNamespace {
if ns.Path != "" { if ns.Path != "" {
hostConfig.IpcMode = fmt.Sprintf("ns:%s", ns.Path) hostConfig.IpcMode = fmt.Sprintf("ns:%s", ns.Path)
} else { } else {
break switch {
case c.config.NoShm:
hostConfig.IpcMode = "none"
case c.config.NoShmShare:
hostConfig.IpcMode = "private"
default:
hostConfig.IpcMode = "shareable"
}
} }
break
} }
} }
case c.config.NoShm: case c.config.NoShm:
@ -197,9 +206,6 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
case c.config.NoShmShare: case c.config.NoShmShare:
hostConfig.IpcMode = "private" hostConfig.IpcMode = "private"
} }
if hostConfig.IpcMode == "" {
hostConfig.IpcMode = "shareable"
}
// Cgroup namespace mode // Cgroup namespace mode
cgroupMode := "" cgroupMode := ""

23
test/system/190-run-ipcns.bats
View File

@ -8,14 +8,20 @@ load helpers
@test "podman --ipc=host" { @test "podman --ipc=host" {
hostipc="$(readlink /proc/self/ns/ipc)" hostipc="$(readlink /proc/self/ns/ipc)"
run_podman run --rm --ipc=host $IMAGE readlink /proc/self/ns/ipc run_podman run --name IPC --ipc=host $IMAGE readlink /proc/self/ns/ipc
is "$output" "$hostipc" "HostIPC and container IPC should be same" is "$output" "$hostipc" "HostIPC and container IPC should be same"
run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
is "$output" "host" "host mode should be selected"
run_podman rm IPC
} }
@test "podman --ipc=none" { @test "podman --ipc=none" {
hostipc="$(readlink /proc/self/ns/ipc)" hostipc="$(readlink /proc/self/ns/ipc)"
run_podman run --rm --ipc=none $IMAGE readlink /proc/self/ns/ipc run_podman run --ipc=none --name IPC $IMAGE readlink /proc/self/ns/ipc
assert "$output" != "$hostipc" "containeripc should != hostipc" assert "$output" != "$hostipc" "containeripc should != hostipc"
run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
is "$output" "none" "none mode should be selected"
run_podman rm IPC
run_podman 1 run --rm --ipc=none $IMAGE ls /dev/shm run_podman 1 run --rm --ipc=none $IMAGE ls /dev/shm
is "$output" "ls: /dev/shm: No such file or directory" "Should fail with missing /dev/shm" is "$output" "ls: /dev/shm: No such file or directory" "Should fail with missing /dev/shm"
@ -25,6 +31,8 @@ load helpers
hostipc="$(readlink /proc/self/ns/ipc)" hostipc="$(readlink /proc/self/ns/ipc)"
run_podman run -d --ipc=private --name test $IMAGE sleep 100 run_podman run -d --ipc=private --name test $IMAGE sleep 100
assert "$output" != "$hostipc" "containeripc should != hostipc" assert "$output" != "$hostipc" "containeripc should != hostipc"
run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
is "$output" "private" "private mode should be selected"
run_podman 125 run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc run_podman 125 run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
is "$output" ".*is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)" "Containers should not share private ipc namespace" is "$output" ".*is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)" "Containers should not share private ipc namespace"
@ -36,6 +44,8 @@ load helpers
hostipc="$(readlink /proc/self/ns/ipc)" hostipc="$(readlink /proc/self/ns/ipc)"
run_podman run -d --ipc=shareable --name test $IMAGE sleep 100 run_podman run -d --ipc=shareable --name test $IMAGE sleep 100
assert "$output" != "$hostipc" "containeripc(shareable) should != hostipc" assert "$output" != "$hostipc" "containeripc(shareable) should != hostipc"
run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
is "$output" "shareable" "shareable mode should be selected"
run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
assert "$output" != "$hostipc" "containeripc(:test) should != hostipc" assert "$output" != "$hostipc" "containeripc(:test) should != hostipc"
@ -47,12 +57,19 @@ load helpers
@test "podman --ipc=container@test" { @test "podman --ipc=container@test" {
hostipc="$(readlink /proc/self/ns/ipc)" hostipc="$(readlink /proc/self/ns/ipc)"
run_podman run -d --name test $IMAGE sleep 100 run_podman run -d --name test $IMAGE sleep 100
containerid=$output
run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
is "$output" "shareable" "shareable mode should be selected"
run_podman exec test readlink /proc/self/ns/ipc run_podman exec test readlink /proc/self/ns/ipc
assert "$output" != "$hostipc" "containeripc(exec) should != hostipc" assert "$output" != "$hostipc" "containeripc(exec) should != hostipc"
testipc=$output testipc=$output
run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc run_podman run --name IPC --ipc=container:test $IMAGE readlink /proc/self/ns/ipc
assert "$output" = "$testipc" "Containers should share ipc namespace" assert "$output" = "$testipc" "Containers should share ipc namespace"
run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
is "$output" "container:$containerid" "ipc mode should be selected"
run_podman rm IPC
run_podman stop -t 0 test run_podman stop -t 0 test
run_podman rm test run_podman rm test
} }