We do not want to join pod namespaces if no infra container is
present. A pod may claim it shares namespaces without an infra
container (I'll take an action item to fix that - it really
should not be allowed), which was tripping up our default
namespace code and forcing us to try and join the namespaces of
the nonexistant infra container.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Namespaces have now been changed to properly handle all cases.
Spec handling code for namespaces was consolidated in a single
function.
Still missing:
- Image ports
- Pod namespaces likely still broken in Podmanv2
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
If user sets capabilities list we need handle minimal capabilities.
Also handle seccomp-policy being passed in.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We were not handling the parsing of --ip. This pr adds validation
checks and now will support the flag.
Move validation to the actual parsing of the network flags.
We should only parse the dns flags if the user changed them. We don't
want to pass default options if set in containers.conf to the server.
Potential for duplicating defaults.
Add support for --dns-opt flag passing
Begin handling of --network flag, although we don't have a way right now
to translate a string into a specgen.Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
