api/types: hostconfig: define consts for IpcMode
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
parent
5e498e20f7
commit
98f0f0dd87
7 changed files with 24 additions and 17 deletions
|
|
@ -491,7 +491,7 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
|
|||
|
||||
// Older clients (API < 1.40) expects the default to be shareable, make them happy
|
||||
if hostConfig.IpcMode.IsEmpty() {
|
||||
hostConfig.IpcMode = container.IpcMode("shareable")
|
||||
hostConfig.IpcMode = container.IPCModeShareable
|
||||
}
|
||||
}
|
||||
if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
|
||||
|
|
|
|||
|
|
@ -67,30 +67,38 @@ const (
|
|||
// IpcMode represents the container ipc stack.
|
||||
type IpcMode string
|
||||
|
||||
// IpcMode constants
|
||||
const (
|
||||
IPCModeNone IpcMode = "none"
|
||||
IPCModeHost IpcMode = "host"
|
||||
IPCModeContainer IpcMode = "container"
|
||||
IPCModePrivate IpcMode = "private"
|
||||
IPCModeShareable IpcMode = "shareable"
|
||||
)
|
||||
|
||||
// IsPrivate indicates whether the container uses its own private ipc namespace which can not be shared.
|
||||
func (n IpcMode) IsPrivate() bool {
|
||||
return n == "private"
|
||||
return n == IPCModePrivate
|
||||
}
|
||||
|
||||
// IsHost indicates whether the container shares the host's ipc namespace.
|
||||
func (n IpcMode) IsHost() bool {
|
||||
return n == "host"
|
||||
return n == IPCModeHost
|
||||
}
|
||||
|
||||
// IsShareable indicates whether the container's ipc namespace can be shared with another container.
|
||||
func (n IpcMode) IsShareable() bool {
|
||||
return n == "shareable"
|
||||
return n == IPCModeShareable
|
||||
}
|
||||
|
||||
// IsContainer indicates whether the container uses another container's ipc namespace.
|
||||
func (n IpcMode) IsContainer() bool {
|
||||
parts := strings.SplitN(string(n), ":", 2)
|
||||
return len(parts) > 1 && parts[0] == "container"
|
||||
return strings.HasPrefix(string(n), string(IPCModeContainer)+":")
|
||||
}
|
||||
|
||||
// IsNone indicates whether container IpcMode is set to "none".
|
||||
func (n IpcMode) IsNone() bool {
|
||||
return n == "none"
|
||||
return n == IPCModeNone
|
||||
}
|
||||
|
||||
// IsEmpty indicates whether container IpcMode is empty
|
||||
|
|
@ -105,9 +113,8 @@ func (n IpcMode) Valid() bool {
|
|||
|
||||
// Container returns the name of the container ipc stack is going to be used.
|
||||
func (n IpcMode) Container() string {
|
||||
parts := strings.SplitN(string(n), ":", 2)
|
||||
if len(parts) > 1 && parts[0] == "container" {
|
||||
return parts[1]
|
||||
if n.IsContainer() {
|
||||
return strings.TrimPrefix(string(n), string(IPCModeContainer)+":")
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
|
|||
flags.StringVar(&conf.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile")
|
||||
flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers")
|
||||
flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers")
|
||||
flags.StringVar(&conf.IpcMode, "default-ipc-mode", config.DefaultIpcMode, `Default mode for containers ipc ("shareable" | "private")`)
|
||||
flags.StringVar(&conf.IpcMode, "default-ipc-mode", string(config.DefaultIpcMode), `Default mode for containers ipc ("shareable" | "private")`)
|
||||
flags.Var(&conf.NetworkConfig.DefaultAddressPools, "default-address-pool", "Default address pools for node specific local networks")
|
||||
// rootless needs to be explicitly specified for running "rootful" dockerd in rootless dockerd (#38702)
|
||||
// Note that defaultUserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import (
|
|||
|
||||
const (
|
||||
// DefaultIpcMode is default for container's IpcMode, if not set otherwise
|
||||
DefaultIpcMode = "private"
|
||||
DefaultIpcMode = containertypes.IPCModePrivate
|
||||
)
|
||||
|
||||
// BridgeConfig stores all the bridge driver specific
|
||||
|
|
|
|||
|
|
@ -347,9 +347,9 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
|
|||
if hostConfig.IpcMode.IsEmpty() {
|
||||
m := config.DefaultIpcMode
|
||||
if daemon.configStore != nil {
|
||||
m = daemon.configStore.IpcMode
|
||||
m = containertypes.IpcMode(daemon.configStore.IpcMode)
|
||||
}
|
||||
hostConfig.IpcMode = containertypes.IpcMode(m)
|
||||
hostConfig.IpcMode = m
|
||||
}
|
||||
|
||||
// Set default cgroup namespace mode, if unset for container
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ func TestTmpfsDevShmNoDupMount(t *testing.T) {
|
|||
c := &container.Container{
|
||||
ShmPath: "foobar", // non-empty, for c.IpcMounts() to work
|
||||
HostConfig: &containertypes.HostConfig{
|
||||
IpcMode: containertypes.IpcMode("shareable"), // default mode
|
||||
IpcMode: containertypes.IPCModeShareable, // default mode
|
||||
// --tmpfs /dev/shm:rw,exec,size=NNN
|
||||
Tmpfs: map[string]string{
|
||||
"/dev/shm": "rw,exec,size=1g",
|
||||
|
|
@ -89,7 +89,7 @@ func TestIpcPrivateVsReadonly(t *testing.T) {
|
|||
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||
c := &container.Container{
|
||||
HostConfig: &containertypes.HostConfig{
|
||||
IpcMode: containertypes.IpcMode("private"),
|
||||
IpcMode: containertypes.IPCModePrivate,
|
||||
ReadonlyRootfs: true,
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -199,7 +199,7 @@ func TestAPIIpcModeHost(t *testing.T) {
|
|||
Cmd: []string{"top"},
|
||||
}
|
||||
hostCfg := containertypes.HostConfig{
|
||||
IpcMode: containertypes.IpcMode("host"),
|
||||
IpcMode: containertypes.IPCModeHost,
|
||||
}
|
||||
ctx := context.Background()
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue