Skip to content

Commit 26f0815

Browse files
cypharcyphar
committed
cmd: generate: add --linux-namespace-* family of flags
This allows users to modify what namespaces are used by a container. Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 parent f3499f2 commit 26f0815

1 file changed

Lines changed: 45 additions & 0 deletions

File tree

cmd/oci-runtime-tool/generate.go

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,9 @@ var generateFlags = []cli.Flag{
4747
cli.Uint64Flag{Name: "linux-mem-swap", Usage: "total memory limit (memory + swap) (in bytes)"},
4848
cli.Uint64Flag{Name: "linux-mem-swappiness", Usage: "how aggressive the kernel will swap memory pages (Range from 0 to 100)"},
4949
cli.StringFlag{Name: "linux-mems", Usage: "list of memory nodes in the cpuset (default is to use any available memory node)"},
50+
cli.StringSliceFlag{Name: "linux-namespace-add", Usage: "adds a namespace to the set of namespaces to create or join of the form 'ns[:path]'"},
51+
cli.StringSliceFlag{Name: "linux-namespace-remove", Usage: "removes a namespace from the set of namespaces to create or join of the form 'ns'"},
52+
cli.BoolFlag{Name: "linux-namespace-remove-all", Usage: "removes all namespaces from the set of namespaces created or joined"},
5053
cli.IntFlag{Name: "linux-network-classid", Usage: "specifies class identifier tagged by container's network packets"},
5154
cli.StringSliceFlag{Name: "linux-network-priorities", Usage: "specifies priorities of network traffic"},
5255
cli.Int64Flag{Name: "linux-pids-limit", Usage: "maximum number of PIDs"},
@@ -461,6 +464,32 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
461464
}
462465
}
463466

467+
if context.IsSet("linux-namespace-add") {
468+
namespaces := context.StringSlice("linux-namespace-add")
469+
for _, ns := range namespaces {
470+
name, path, err := parseNamespace(ns)
471+
if err != nil {
472+
return err
473+
}
474+
if err := g.AddOrReplaceLinuxNamespace(name, path); err != nil {
475+
return err
476+
}
477+
}
478+
}
479+
480+
if context.IsSet("linux-namespace-remove") {
481+
namespaces := context.StringSlice("linux-namespace-remove")
482+
for _, name := range namespaces {
483+
if err := g.RemoveLinuxNamespace(name); err != nil {
484+
return err
485+
}
486+
}
487+
}
488+
489+
if context.IsSet("linux-namespace-remove-all") {
490+
g.ClearLinuxNamespaces()
491+
}
492+
464493
if context.IsSet("rlimits-add") {
465494
rlimits := context.StringSlice("rlimits-add")
466495
for _, rlimit := range rlimits {
@@ -608,6 +637,22 @@ func parseRlimit(rlimit string) (string, uint64, uint64, error) {
608637
return parts[0], uint64(hard), uint64(soft), nil
609638
}
610639

640+
func parseNamespace(ns string) (string, string, error) {
641+
parts := strings.SplitN(ns, ":", 2)
642+
if len(parts) == 0 || parts[0] == "" {
643+
return "", "", fmt.Errorf("invalid namespace value: %s", ns)
644+
}
645+
646+
nsType := parts[0]
647+
nsPath := ""
648+
649+
if len(parts) == 2 {
650+
nsPath = parts[1]
651+
}
652+
653+
return nsType, nsPath, nil
654+
}
655+
611656
func addSeccomp(context *cli.Context, g *generate.Generator) error {
612657

613658
// Set the DefaultAction of seccomp

0 commit comments

Comments
 (0)