Skip to content

Commit 0c21974

Browse files
cypharcyphar
committed
cmd: generate: remove old namespace flags
--uts, --user and the other flags are not properly namespaced or extensible, so remove them in favour of the new --linux-namespace-* family of flags. Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 parent bb75a1b commit 0c21974

1 file changed

Lines changed: 2 additions & 26 deletions

File tree

cmd/oci-runtime-tool/generate.go

Lines changed: 2 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@ var generateFlags = []cli.Flag{
2424
cli.StringSliceFlag{Name: "bind", Usage: "bind mount directories src:dest[:options...]"},
2525
cli.StringSliceFlag{Name: "cap-add", Usage: "add Linux capabilities"},
2626
cli.StringSliceFlag{Name: "cap-drop", Usage: "drop Linux capabilities"},
27-
cli.StringFlag{Name: "cgroup", Usage: "cgroup namespace"},
2827
cli.StringFlag{Name: "cgroups-path", Usage: "specify the path to the cgroups"},
2928
cli.StringFlag{Name: "cwd", Value: "/", Usage: "current working directory for the process"},
3029
cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},
@@ -34,7 +33,6 @@ var generateFlags = []cli.Flag{
3433
cli.StringSliceFlag{Name: "gidmappings", Usage: "add GIDMappings e.g HostID:ContainerID:Size"},
3534
cli.StringSliceFlag{Name: "groups", Usage: "supplementary groups for the process"},
3635
cli.StringFlag{Name: "hostname", Usage: "hostname value for the container"},
37-
cli.StringFlag{Name: "ipc", Usage: "ipc namespace"},
3836
cli.StringSliceFlag{Name: "label", Usage: "add annotations to the configuration e.g. key=value"},
3937
cli.Uint64Flag{Name: "linux-cpu-shares", Usage: "the relative share of CPU time available to the tasks in a cgroup"},
4038
cli.Uint64Flag{Name: "linux-cpu-period", Usage: "the CPU period to be used for hardcapping (in usecs)"},
@@ -56,15 +54,12 @@ var generateFlags = []cli.Flag{
5654
cli.Uint64Flag{Name: "linux-realtime-period", Usage: "CPU period to be used for realtime scheduling (in usecs)"},
5755
cli.Uint64Flag{Name: "linux-realtime-runtime", Usage: "the time realtime scheduling may use (in usecs)"},
5856
cli.StringSliceFlag{Name: "masked-paths", Usage: "specifies paths can not be read inside container"},
59-
cli.StringFlag{Name: "mount", Usage: "mount namespace"},
6057
cli.StringFlag{Name: "mount-cgroups", Value: "no", Usage: "mount cgroups (rw,ro,no)"},
6158
cli.StringFlag{Name: "mount-label", Usage: "selinux mount context label"},
62-
cli.StringFlag{Name: "network", Usage: "network namespace"},
6359
cli.BoolFlag{Name: "no-new-privileges", Usage: "set no new privileges bit for the container process"},
6460
cli.IntFlag{Name: "oom-score-adj", Usage: "oom_score_adj for the container"},
6561
cli.StringFlag{Name: "os", Value: runtime.GOOS, Usage: "operating system the container is created for"},
6662
cli.StringFlag{Name: "output", Usage: "output file (defaults to stdout)"},
67-
cli.StringFlag{Name: "pid", Usage: "pid namespace"},
6863
cli.StringSliceFlag{Name: "poststart", Usage: "set command to run in poststart hooks"},
6964
cli.StringSliceFlag{Name: "poststop", Usage: "set command to run in poststop hooks"},
7065
cli.StringSliceFlag{Name: "prestart", Usage: "set command to run in prestart hooks"},
@@ -94,8 +89,6 @@ var generateFlags = []cli.Flag{
9489
cli.BoolFlag{Name: "tty", Usage: "allocate a new tty for the container process"},
9590
cli.IntFlag{Name: "uid", Usage: "uid for the process"},
9691
cli.StringSliceFlag{Name: "uidmappings", Usage: "add UIDMappings e.g HostID:ContainerID:Size"},
97-
cli.StringFlag{Name: "user", Usage: "user namespace"},
98-
cli.StringFlag{Name: "uts", Usage: "uts namespace"},
9992
}
10093

10194
var generateCommand = cli.Command{
@@ -287,8 +280,6 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
287280
}
288281
}
289282

290-
needsNewUser := false
291-
292283
var uidMaps, gidMaps []string
293284

294285
if context.IsSet("uidmappings") {
@@ -299,12 +290,11 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
299290
gidMaps = context.StringSlice("gidmappings")
300291
}
301292

293+
// Add default user namespace.
302294
if len(uidMaps) > 0 || len(gidMaps) > 0 {
303-
needsNewUser = true
295+
g.AddOrReplaceLinuxNamespace("user", "")
304296
}
305297

306-
setupLinuxNamespaces(context, g, needsNewUser)
307-
308298
if context.IsSet("tmpfs") {
309299
tmpfsSlice := context.StringSlice("tmpfs")
310300
for _, s := range tmpfsSlice {
@@ -519,20 +509,6 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
519509
return err
520510
}
521511

522-
func setupLinuxNamespaces(context *cli.Context, g *generate.Generator, needsNewUser bool) {
523-
for _, nsName := range generate.Namespaces {
524-
if !context.IsSet(nsName) && !(needsNewUser && nsName == "user") {
525-
continue
526-
}
527-
nsPath := context.String(nsName)
528-
if nsPath == "host" {
529-
g.RemoveLinuxNamespace(nsName)
530-
continue
531-
}
532-
g.AddOrReplaceLinuxNamespace(nsName, nsPath)
533-
}
534-
}
535-
536512
func parseIDMapping(idms string) (uint32, uint32, uint32, error) {
537513
idm := strings.Split(idms, ":")
538514
if len(idm) != 3 {

0 commit comments

Comments
 (0)