We use cookies to ensure you get the best experience on our website
Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
0ct0pu5
/
moby
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

Add pid host support

Tested using global-net-plugin-ipc which sets PidHost in config.json.

Plugins might need access to host pid namespace. Add support for that.
Tested using aragunathan/global-net-plugin-ipc which sets "pidhost" in
config.json. Observed using `readlink /proc/self/ns/pid` that plugin and
host have the same ns.

Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
Anusha Ragunathan há 8 anos atrás
pai
6d6185c257
commit
4d1edcb2cc
5 ficheiros alterados com 20 adições e 0 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 4 0
      api/swagger.yaml
  2. 4 0
      api/types/plugin.go
  3. 2 0
      docs/extend/config.md
  4. 7 0
      plugin/backend_linux.go
  5. 3 0
      plugin/v2/plugin_linux.go

+ 4 - 0
api/swagger.yaml
Ver Ficheiro 

@@ -1445,6 +1445,7 @@ definitions:
 
           - WorkDir
 
           - Network
 
           - Linux
 
+          - PidHost
 
           - PropagatedMount
 
           - IpcHost
 
           - Mounts
 
@@ -1517,6 +1518,9 @@ definitions:
 
           IpcHost:
 
             type: "boolean"
 
             x-nullable: false
 
+          PidHost:
 
+            type: "boolean"
 
+            x-nullable: false
 
           Mounts:
 
             type: "array"
 
             items:

+ 4 - 0
api/types/plugin.go
Ver Ficheiro 

@@ -74,6 +74,10 @@ type PluginConfig struct {
 
 	// Required: true
 
 	Network PluginConfigNetwork `json:"Network"`
 
 
+	// pid host
 
+	// Required: true
 
+	PidHost bool `json:"PidHost"`
 
+
 
 	// propagated mount
 
 	// Required: true
 
 	PropagatedMount string `json:"PropagatedMount"`

+ 2 - 0
docs/extend/config.md
Ver Ficheiro 

@@ -117,6 +117,8 @@ Config provides the base accessible fields for working with V0 plugin format
 
 
 - **`ipchost`** *boolean*
 
    Access to host ipc namespace.
 
+- **`pidhost`** *boolean*
 
+   Access to host pid namespace.
 
 
 - **`propagatedMount`** *string*

+ 7 - 0
plugin/backend_linux.go
Ver Ficheiro 

@@ -157,6 +157,13 @@ func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) {
 
 			Value:       []string{"true"},
 
 		})
 
 	}
 
+	if c.PidHost {
 
+		privileges = append(privileges, types.PluginPrivilege{
 
+			Name:        "host pid namespace",
 
+			Description: "allow access to host pid namespace",
 
+			Value:       []string{"true"},
 
+		})
 
+	}
 
 	for _, mount := range c.Mounts {
 
 		if mount.Source != nil {
 
 			privileges = append(privileges, types.PluginPrivilege{

+ 3 - 0
plugin/v2/plugin_linux.go
Ver Ficheiro 

@@ -60,6 +60,9 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
 
 				Options:     []string{"rbind", "ro"},
 
 			})
 
 	}
 
+	if p.PluginObj.Config.PidHost {
 
+		oci.RemoveNamespace(&s, specs.NamespaceType("pid"))
 
+	}
 
 
 	if p.PluginObj.Config.IpcHost {
 
 		oci.RemoveNamespace(&s, specs.NamespaceType("ipc"))

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5