Merge pull request #8192 from rhatdan/shm

Pod's that share the IPC Namespace need to share /dev/shm
2025-06-20 17:13:43 +08:00 · 2020-10-30 16:54:00 +01:00
parent 3db54bacaa 916825b675
commit 6b5a94cf28
4 changed files with 45 additions and 0 deletions
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@ -131,6 +131,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm

 	logrus.Debugf("Using %q as infra container entrypoint", entryCmd)

+	g.RemoveMount("/dev/shm")
 	if isRootless {
 		g.RemoveMount("/dev/pts")
 		devPts := spec.Mount{
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@ -127,6 +127,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
 			return nil, errNoInfra
 		}
 		toReturn = append(toReturn, libpod.WithIPCNSFrom(infraCtr))
+		toReturn = append(toReturn, libpod.WithShmDir(infraCtr.ShmDir()))
 	case specgen.FromContainer:
 		ipcCtr, err := rt.LookupContainer(s.IpcNS.Value)
 		if err != nil {
--- a/test/e2e/pod_pod_namespaces.go
+++ b/test/e2e/pod_pod_namespaces.go
@ -60,6 +60,25 @@ var _ = Describe("Podman pod create", func() {
 		Expect(NAMESPACE1).To(Equal(NAMESPACE2))
 	})

+	It("podman pod container share ipc && /dev/shm ", func() {
+		session := podmanTest.Podman([]string{"pod", "create"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		podID := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"pod", "start", podID})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "touch", "/dev/shm/test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "ls", "/dev/shm/test"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
 	It("podman pod container dontshare PIDNS", func() {
 		session := podmanTest.Podman([]string{"pod", "create"})
 		session.WaitWithDefaultTimeout()
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@ -116,6 +116,30 @@ function teardown() {
    run_podman 1 pod exists $podname
 }

+@test "podman pod - communicating via /dev/shm " {
+    if is_remote && is_rootless; then
+        skip "FIXME: pending #7139"
+    fi
+
+    podname=pod$(random_string)
+    run_podman 1 pod exists $podname
+    run_podman pod create --infra=true --name=$podname
+    podid="$output"
+    run_podman pod exists $podname
+    run_podman pod exists $podid
+
+    run_podman run --rm --pod $podname $IMAGE touch /dev/shm/test1
+    run_podman run --rm --pod $podname $IMAGE ls /dev/shm/test1
+    is "$output" "/dev/shm/test1"
+
+    # ...then rm the pod, then rmi the pause image so we don't leave strays.
+    run_podman pod rm $podname
+
+    # Pod no longer exists
+    run_podman 1 pod exists $podid
+    run_podman 1 pod exists $podname
+}
+
 # Random byte
 function octet() {
    echo $(( $RANDOM & 255 ))