From 3f83be294b4a47f09658ac43314421ee6223a9aa Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Fri, 17 May 2024 08:59:55 +0200 Subject: [PATCH] T6358: Add config option for host process namespace (cherry picked from commit f5051de4fc034bd95677ef142423e59eae47cd2f) --- interface-definitions/container.xml.in | 8 +++++++- smoketest/config-tests/container-simple | 1 + smoketest/configs/container-simple | 1 + src/conf_mode/container.py | 6 +++++- 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index e7dacea367..2296a3e9e8 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -15,9 +15,15 @@ Container name must be alphanumeric and can contain hyphens + + + Allow sharing host process namespace with container + + + - Allow host networks in container + Allow sharing host networking with container diff --git a/smoketest/config-tests/container-simple b/smoketest/config-tests/container-simple index 299af64cbe..cc80ef4cf5 100644 --- a/smoketest/config-tests/container-simple +++ b/smoketest/config-tests/container-simple @@ -8,5 +8,6 @@ set container name c01 capability 'net-bind-service' set container name c01 capability 'net-raw' set container name c01 image 'busybox:stable' set container name c02 allow-host-networks +set container name c02 allow-host-pid set container name c02 capability 'sys-time' set container name c02 image 'busybox:stable' diff --git a/smoketest/configs/container-simple b/smoketest/configs/container-simple index 05efe05e9c..82983afb70 100644 --- a/smoketest/configs/container-simple +++ b/smoketest/configs/container-simple @@ -7,6 +7,7 @@ container { } name c02 { allow-host-networks + allow-host-pid cap-add sys-time image busybox:stable } diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index c3b661ac51..91a10e8913 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -329,9 +329,13 @@ def generate_run_arguments(name, container_config): prop = vol_config['propagation'] volume += f' --volume {svol}:{dvol}:{mode},{prop}' + host_pid = '' + if 'allow_host_pid' in container_config: + host_pid = '--pid host' + container_base_cmd = f'--detach --interactive --tty --replace {capabilities} ' \ f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \ - f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid}' + f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid} {host_pid}' entrypoint = '' if 'entrypoint' in container_config: