Skip to content

Commit 081b841

Browse files
cypharcyphar
committed
cmd: generate: add --linux-namespace-* family of flags
This allows users to modify what namespaces are used by a container. Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 parent 308b6d9 commit 081b841

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

cmd/oci-runtime-tool/generate.go

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,9 @@ var generateFlags = []cli.Flag{
4747
cli.Uint64Flag{Name: "linux-mem-swap", Usage: "total memory limit (memory + swap) (in bytes)"},
4848
cli.Uint64Flag{Name: "linux-mem-swappiness", Usage: "how aggressive the kernel will swap memory pages (Range from 0 to 100)"},
4949
cli.StringFlag{Name: "linux-mems", Usage: "list of memory nodes in the cpuset (default is to use any available memory node)"},
50+
cli.StringSliceFlag{Name: "linux-namespace-add", Usage: "adds a namespace to the set of namespaces to create or join of the form 'ns[:path]'"},
51+
cli.StringSliceFlag{Name: "linux-namespace-remove", Usage: "removes a namespace from the set of namespaces to create or join of the form 'ns'"},
52+
cli.BoolFlag{Name: "linux-namespace-remove-all", Usage: "removes all namespaces from the set of namespaces created or joined"},
5053
cli.IntFlag{Name: "linux-network-classid", Usage: "specifies class identifier tagged by container's network packets"},
5154
cli.StringSliceFlag{Name: "linux-network-priorities", Usage: "specifies priorities of network traffic"},
5255
cli.Int64Flag{Name: "linux-pids-limit", Usage: "maximum number of PIDs"},
@@ -457,6 +460,32 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
457460
}
458461
}
459462

463+
if context.IsSet("linux-namespace-add") {
464+
namespaces := context.StringSlice("linux-namespace-add")
465+
for _, ns := range namespaces {
466+
name, path, err := parseNamespace(ns)
467+
if err != nil {
468+
return err
469+
}
470+
if err := g.AddOrReplaceLinuxNamespace(name, path); err != nil {
471+
return err
472+
}
473+
}
474+
}
475+
476+
if context.IsSet("linux-namespace-remove") {
477+
namespaces := context.StringSlice("linux-namespace-remove")
478+
for _, name := range namespaces {
479+
if err := g.RemoveLinuxNamespace(name); err != nil {
480+
return err
481+
}
482+
}
483+
}
484+
485+
if context.IsSet("linux-namespace-remove-all") {
486+
g.ClearLinuxNamespaces()
487+
}
488+
460489
if context.IsSet("rlimits-add") {
461490
rlimits := context.StringSlice("rlimits-add")
462491
for _, rlimit := range rlimits {
@@ -604,6 +633,18 @@ func parseRlimit(rlimit string) (string, uint64, uint64, error) {
604633
return parts[0], uint64(hard), uint64(soft), nil
605634
}
606635

636+
func parseNamespace(ns string) (string, string, error) {
637+
parts := strings.Split(ns, ":")
638+
switch len(parts) {
639+
case 1:
640+
return parts[0], "", nil
641+
case 2:
642+
return parts[0], parts[1], nil
643+
default:
644+
return "", "", fmt.Errorf("invalid namespace value: %s", ns)
645+
}
646+
}
647+
607648
func addSeccomp(context *cli.Context, g *generate.Generator) error {
608649

609650
// Set the DefaultAction of seccomp

0 commit comments

Comments
 (0)