opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-19 07:09:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Podman Pod Create --sysctl support

Browse Source 
added support for pod wide sysctls. The sysctls supported are the same as the continer run controls.

These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl

resolves #12747

Signed-off-by: cdoern <cdoern@redhat.com>
This commit is contained in:
cdoern
2022-01-10 20:25:08 -05:00
parent 7a839f7a74
commit f257d98394
5 changed files with 84 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
test/e2e/pod_create_test.go
View File

@@ -1029,4 +1029,43 @@ ENTRYPOINT ["sleep","99999"]
Expect(inspect[0].AppArmorProfile).To(Equal(apparmor.Profile))
})
It("podman pod create --sysctl test", func() {
SkipIfRootless("Network sysctls are not available root rootless")
podCreate := podmanTest.Podman([]string{"pod", "create", "--sysctl", "net.core.somaxconn=65535"})
podCreate.WaitWithDefaultTimeout()
Expect(podCreate).Should(Exit(0))
session := podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "net.core.somaxconn"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("net.core.somaxconn = 65535"))
// if not sharing the net NS, nothing should fail, but the sysctl should not be passed
podCreate = podmanTest.Podman([]string{"pod", "create", "--share", "pid", "--sysctl", "net.core.somaxconn=65535"})
podCreate.WaitWithDefaultTimeout()
Expect(podCreate).Should(Exit(0))
session = podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "net.core.somaxconn"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).NotTo(ContainSubstring("net.core.somaxconn = 65535"))
// one other misc option
podCreate = podmanTest.Podman([]string{"pod", "create", "--sysctl", "kernel.msgmax=65535"})
podCreate.WaitWithDefaultTimeout()
Expect(podCreate).Should(Exit(0))
session = podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "kernel.msgmax"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("kernel.msgmax = 65535"))
podCreate = podmanTest.Podman([]string{"pod", "create", "--share", "pid", "--sysctl", "kernel.msgmax=65535"})
podCreate.WaitWithDefaultTimeout()
Expect(podCreate).Should(Exit(0))
session = podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "kernel.msgmax"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).NotTo(ContainSubstring("kernel.msgmax = 65535"))
})
})