Added option to share kernel namespaces in libpod and podman

A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
2025-10-29 00:38:34 +08:00 · 2018-07-27 13:58:50 -04:00
parent 63dd200e7e
commit d5e690914d
41 changed files with 2575 additions and 391 deletions
--- a/libpod/container_ffjson.go
+++ b/libpod/container_ffjson.go
@ -194,6 +194,62 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
 		fflib.WriteJsonString(buf, string(j.CgroupNsCtr))
 		buf.WriteByte(',')
 	}
+	if j.IPCNsPod != false {
+		if j.IPCNsPod {
+			buf.WriteString(`"ipcNsPod":true`)
+		} else {
+			buf.WriteString(`"ipcNsPod":false`)
+		}
+		buf.WriteByte(',')
+	}
+	if j.MountNsPod != false {
+		if j.MountNsPod {
+			buf.WriteString(`"mountNsPod":true`)
+		} else {
+			buf.WriteString(`"mountNsPod":false`)
+		}
+		buf.WriteByte(',')
+	}
+	if j.NetNsPod != false {
+		if j.NetNsPod {
+			buf.WriteString(`"netNsPod":true`)
+		} else {
+			buf.WriteString(`"netNsPod":false`)
+		}
+		buf.WriteByte(',')
+	}
+	if j.PIDNsPod != false {
+		if j.PIDNsPod {
+			buf.WriteString(`"pidNsPod":true`)
+		} else {
+			buf.WriteString(`"pidNsPod":false`)
+		}
+		buf.WriteByte(',')
+	}
+	if j.UserNsPod != false {
+		if j.UserNsPod {
+			buf.WriteString(`"userNsPod":true`)
+		} else {
+			buf.WriteString(`"userNsPod":false`)
+		}
+		buf.WriteByte(',')
+	}
+	if j.UTSNsPod != false {
+		if j.UTSNsPod {
+			buf.WriteString(`"utsNsPod":true`)
+		} else {
+			buf.WriteString(`"utsNsPod":false`)
+		}
+		buf.WriteByte(',')
+	}
+	if j.CgroupNsPod != false {
+		if j.CgroupNsPod {
+			buf.WriteString(`"cgroupNsPod":true`)
+		} else {
+			buf.WriteString(`"cgroupNsPod":false`)
+		}
+		buf.WriteByte(',')
+	}
 	buf.WriteString(`"Dependencies":`)
 	if j.Dependencies != nil {
 		buf.WriteString(`[`)
@ -461,6 +517,11 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
 	} else {
 		buf.WriteString(`null`)
 	}
+	if j.IsPause {
+		buf.WriteString(`,"pause":true`)
+	} else {
+		buf.WriteString(`,"pause":false`)
+	}
 	buf.WriteByte('}')
 	return nil
 }
@ -521,6 +582,20 @@ const (

 	ffjtContainerConfigCgroupNsCtr

+	ffjtContainerConfigIPCNsPod
+
+	ffjtContainerConfigMountNsPod
+
+	ffjtContainerConfigNetNsPod
+
+	ffjtContainerConfigPIDNsPod
+
+	ffjtContainerConfigUserNsPod
+
+	ffjtContainerConfigUTSNsPod
+
+	ffjtContainerConfigCgroupNsPod
+
 	ffjtContainerConfigDependencies

 	ffjtContainerConfigCreateNetNS
@ -564,6 +639,8 @@ const (
 	ffjtContainerConfigExitCommand

 	ffjtContainerConfigLocalVolumes
+
+	ffjtContainerConfigIsPause
 )

 var ffjKeyContainerConfigSpec = []byte("spec")
@ -618,6 +695,20 @@ var ffjKeyContainerConfigUTSNsCtr = []byte("utsNsCtr")

 var ffjKeyContainerConfigCgroupNsCtr = []byte("cgroupNsCtr")

+var ffjKeyContainerConfigIPCNsPod = []byte("ipcNsPod")
+
+var ffjKeyContainerConfigMountNsPod = []byte("mountNsPod")
+
+var ffjKeyContainerConfigNetNsPod = []byte("netNsPod")
+
+var ffjKeyContainerConfigPIDNsPod = []byte("pidNsPod")
+
+var ffjKeyContainerConfigUserNsPod = []byte("userNsPod")
+
+var ffjKeyContainerConfigUTSNsPod = []byte("utsNsPod")
+
+var ffjKeyContainerConfigCgroupNsPod = []byte("cgroupNsPod")
+
 var ffjKeyContainerConfigDependencies = []byte("Dependencies")

 var ffjKeyContainerConfigCreateNetNS = []byte("createNetNS")
@ -662,6 +753,8 @@ var ffjKeyContainerConfigExitCommand = []byte("exitCommand")

 var ffjKeyContainerConfigLocalVolumes = []byte("LocalVolumes")

+var ffjKeyContainerConfigIsPause = []byte("pause")
+
 // UnmarshalJSON umarshall json - template of ffjson
 func (j *ContainerConfig) UnmarshalJSON(input []byte) error {
 	fs := fflib.NewFFLexer(input)
@ -770,6 +863,11 @@ mainparse:
 						state = fflib.FFParse_want_colon
 						goto mainparse

+					} else if bytes.Equal(ffjKeyContainerConfigCgroupNsPod, kn) {
+						currentKey = ffjtContainerConfigCgroupNsPod
+						state = fflib.FFParse_want_colon
+						goto mainparse
+
 					} else if bytes.Equal(ffjKeyContainerConfigCreateNetNS, kn) {
 						currentKey = ffjtContainerConfigCreateNetNS
 						state = fflib.FFParse_want_colon
@ -864,6 +962,11 @@ mainparse:
 						currentKey = ffjtContainerConfigIPCNsCtr
 						state = fflib.FFParse_want_colon
 						goto mainparse
+
+					} else if bytes.Equal(ffjKeyContainerConfigIPCNsPod, kn) {
+						currentKey = ffjtContainerConfigIPCNsPod
+						state = fflib.FFParse_want_colon
+						goto mainparse
 					}

 				case 'l':
@ -890,6 +993,11 @@ mainparse:
 						currentKey = ffjtContainerConfigMountNsCtr
 						state = fflib.FFParse_want_colon
 						goto mainparse
+
+					} else if bytes.Equal(ffjKeyContainerConfigMountNsPod, kn) {
+						currentKey = ffjtContainerConfigMountNsPod
+						state = fflib.FFParse_want_colon
+						goto mainparse
 					}

 				case 'n':
@ -909,6 +1017,11 @@ mainparse:
 						state = fflib.FFParse_want_colon
 						goto mainparse

+					} else if bytes.Equal(ffjKeyContainerConfigNetNsPod, kn) {
+						currentKey = ffjtContainerConfigNetNsPod
+						state = fflib.FFParse_want_colon
+						goto mainparse
+
 					} else if bytes.Equal(ffjKeyContainerConfigNetworks, kn) {
 						currentKey = ffjtContainerConfigNetworks
 						state = fflib.FFParse_want_colon
@ -932,6 +1045,11 @@ mainparse:
 						state = fflib.FFParse_want_colon
 						goto mainparse

+					} else if bytes.Equal(ffjKeyContainerConfigPIDNsPod, kn) {
+						currentKey = ffjtContainerConfigPIDNsPod
+						state = fflib.FFParse_want_colon
+						goto mainparse
+
 					} else if bytes.Equal(ffjKeyContainerConfigPortMappings, kn) {
 						currentKey = ffjtContainerConfigPortMappings
 						state = fflib.FFParse_want_colon
@ -941,6 +1059,11 @@ mainparse:
 						currentKey = ffjtContainerConfigPostConfigureNetNS
 						state = fflib.FFParse_want_colon
 						goto mainparse
+
+					} else if bytes.Equal(ffjKeyContainerConfigIsPause, kn) {
+						currentKey = ffjtContainerConfigIsPause
+						state = fflib.FFParse_want_colon
+						goto mainparse
 					}

 				case 'r':
@ -1011,6 +1134,16 @@ mainparse:
 						state = fflib.FFParse_want_colon
 						goto mainparse

+					} else if bytes.Equal(ffjKeyContainerConfigUserNsPod, kn) {
+						currentKey = ffjtContainerConfigUserNsPod
+						state = fflib.FFParse_want_colon
+						goto mainparse
+
+					} else if bytes.Equal(ffjKeyContainerConfigUTSNsPod, kn) {
+						currentKey = ffjtContainerConfigUTSNsPod
+						state = fflib.FFParse_want_colon
+						goto mainparse
+
 					} else if bytes.Equal(ffjKeyContainerConfigUserVolumes, kn) {
 						currentKey = ffjtContainerConfigUserVolumes
 						state = fflib.FFParse_want_colon
@ -1019,6 +1152,12 @@ mainparse:

 				}

+				if fflib.EqualFoldRight(ffjKeyContainerConfigIsPause, kn) {
+					currentKey = ffjtContainerConfigIsPause
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
 				if fflib.EqualFoldRight(ffjKeyContainerConfigLocalVolumes, kn) {
 					currentKey = ffjtContainerConfigLocalVolumes
 					state = fflib.FFParse_want_colon
@ -1151,6 +1290,48 @@ mainparse:
 					goto mainparse
 				}

+				if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsPod, kn) {
+					currentKey = ffjtContainerConfigCgroupNsPod
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
+				if fflib.EqualFoldRight(ffjKeyContainerConfigUTSNsPod, kn) {
+					currentKey = ffjtContainerConfigUTSNsPod
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
+				if fflib.EqualFoldRight(ffjKeyContainerConfigUserNsPod, kn) {
+					currentKey = ffjtContainerConfigUserNsPod
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
+				if fflib.EqualFoldRight(ffjKeyContainerConfigPIDNsPod, kn) {
+					currentKey = ffjtContainerConfigPIDNsPod
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
+				if fflib.EqualFoldRight(ffjKeyContainerConfigNetNsPod, kn) {
+					currentKey = ffjtContainerConfigNetNsPod
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
+				if fflib.EqualFoldRight(ffjKeyContainerConfigMountNsPod, kn) {
+					currentKey = ffjtContainerConfigMountNsPod
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
+				if fflib.EqualFoldRight(ffjKeyContainerConfigIPCNsPod, kn) {
+					currentKey = ffjtContainerConfigIPCNsPod
+					state = fflib.FFParse_want_colon
+					goto mainparse
+				}
+
 				if fflib.EqualFoldRight(ffjKeyContainerConfigCgroupNsCtr, kn) {
 					currentKey = ffjtContainerConfigCgroupNsCtr
 					state = fflib.FFParse_want_colon
@ -1402,6 +1583,27 @@ mainparse:
 				case ffjtContainerConfigCgroupNsCtr:
 					goto handle_CgroupNsCtr

+				case ffjtContainerConfigIPCNsPod:
+					goto handle_IPCNsPod
+
+				case ffjtContainerConfigMountNsPod:
+					goto handle_MountNsPod
+
+				case ffjtContainerConfigNetNsPod:
+					goto handle_NetNsPod
+
+				case ffjtContainerConfigPIDNsPod:
+					goto handle_PIDNsPod
+
+				case ffjtContainerConfigUserNsPod:
+					goto handle_UserNsPod
+
+				case ffjtContainerConfigUTSNsPod:
+					goto handle_UTSNsPod
+
+				case ffjtContainerConfigCgroupNsPod:
+					goto handle_CgroupNsPod
+
 				case ffjtContainerConfigDependencies:
 					goto handle_Dependencies

@ -1468,6 +1670,9 @@ mainparse:
 				case ffjtContainerConfigLocalVolumes:
 					goto handle_LocalVolumes

+				case ffjtContainerConfigIsPause:
+					goto handle_IsPause
+
 				case ffjtContainerConfignosuchkey:
 					err = fs.SkipField(tok)
 					if err != nil {
@ -2264,6 +2469,251 @@ handle_CgroupNsCtr:
 	state = fflib.FFParse_after_value
 	goto mainparse

+handle_IPCNsPod:
+
+	/* handler: j.IPCNsPod type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.IPCNsPod = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.IPCNsPod = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
+handle_MountNsPod:
+
+	/* handler: j.MountNsPod type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.MountNsPod = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.MountNsPod = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
+handle_NetNsPod:
+
+	/* handler: j.NetNsPod type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.NetNsPod = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.NetNsPod = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
+handle_PIDNsPod:
+
+	/* handler: j.PIDNsPod type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.PIDNsPod = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.PIDNsPod = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
+handle_UserNsPod:
+
+	/* handler: j.UserNsPod type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.UserNsPod = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.UserNsPod = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
+handle_UTSNsPod:
+
+	/* handler: j.UTSNsPod type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.UTSNsPod = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.UTSNsPod = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
+handle_CgroupNsPod:
+
+	/* handler: j.CgroupNsPod type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.CgroupNsPod = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.CgroupNsPod = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
 handle_Dependencies:

 	/* handler: j.Dependencies type=[]string kind=slice quoted=false*/
@ -3523,6 +3973,41 @@ handle_LocalVolumes:
 	state = fflib.FFParse_after_value
 	goto mainparse

+handle_IsPause:
+
+	/* handler: j.IsPause type=bool kind=bool quoted=false*/
+
+	{
+		if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
+			return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
+		}
+	}
+
+	{
+		if tok == fflib.FFTok_null {
+
+		} else {
+			tmpb := fs.Output.Bytes()
+
+			if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
+
+				j.IsPause = true
+
+			} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
+
+				j.IsPause = false
+
+			} else {
+				err = errors.New("unexpected bytes for true/false value")
+				return fs.WrapErr(err)
+			}
+
+		}
+	}
+
+	state = fflib.FFParse_after_value
+	goto mainparse
+
 wantedvalue:
 	return fs.WrapErr(fmt.Errorf("wanted value token, but got token: %v", tok))
 wrongtokenerror: