From 2c1d9ddeea1ea241b0c860bf86668dd7bd891733 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 18 Oct 2018 16:28:25 -0500 Subject: [PATCH] cli: make, remove and join persistent namespaces Depending of the command and the container type the runtime joins, make or remove a persistent namespace. Signed-off-by: Julio Montes --- cli/create.go | 7 +++++++ cli/delete.go | 12 ++++++++++++ cli/exec.go | 7 +++++-- cli/kill.go | 5 ++++- cli/start.go | 4 ++++ cli/state.go | 4 ++++ cli/update.go | 15 +++++++++------ 7 files changed, 45 insertions(+), 9 deletions(-) diff --git a/cli/create.go b/cli/create.go index eaefbc7b74..7000fe9858 100644 --- a/cli/create.go +++ b/cli/create.go @@ -269,6 +269,10 @@ func setKernelParams(containerID string, runtimeConfig *oci.RuntimeConfig) error func createSandbox(ctx context.Context, ociSpec oci.CompatOCISpec, runtimeConfig oci.RuntimeConfig, containerID, bundlePath, console, consoleSocket string, disableOutput, systemdCgroup bool) (vc.Process, error) { + if err := newPersistentNamespaces(containerID, "", ociSpec.Linux.Namespaces); err != nil { + return vc.Process{}, err + } + span, ctx := trace(ctx, "createSandbox") defer span.Finish() @@ -345,6 +349,9 @@ func createContainer(ctx context.Context, ociSpec oci.CompatOCISpec, containerID return vc.Process{}, err } + if err := newPersistentNamespaces(sandboxID, containerID, ociSpec.Linux.Namespaces); err != nil { + return vc.Process{}, err + } span, ctx := trace(ctx, "createContainer") defer span.Finish() diff --git a/cli/delete.go b/cli/delete.go index ff939f0648..7c010a85eb 100644 --- a/cli/delete.go +++ b/cli/delete.go @@ -60,6 +60,10 @@ EXAMPLE: } func delete(ctx context.Context, containerID string, force bool) error { + if err := joinNamespaces(containerID); err != nil { + return err + } + span, ctx := trace(ctx, "delete") defer span.Finish() @@ -123,6 +127,10 @@ func delete(ctx context.Context, containerID string, force bool) error { return err } + return cleanupSystem(ctx, ociSpec, containerType, sandboxID, containerID) +} + +func cleanupSystem(ctx context.Context, ociSpec oci.CompatOCISpec, containerType vc.ContainerType, sandboxID, containerID string) error { // In order to prevent any file descriptor leak related to cgroups files // that have been previously created, we have to remove them before this // function returns. @@ -135,6 +143,10 @@ func delete(ctx context.Context, containerID string, force bool) error { return err } + if err := removePersistentNamespaces(sandboxID, containerID, ociSpec.Linux.Namespaces); err != nil { + return err + } + return removeCgroupsPath(ctx, containerID, cgroupsPathList) } diff --git a/cli/exec.go b/cli/exec.go index de559b026c..8631241ab4 100644 --- a/cli/exec.go +++ b/cli/exec.go @@ -188,11 +188,14 @@ func generateExecParams(context *cli.Context, specProcess *oci.CompatOCIProcess) } func execute(ctx context.Context, context *cli.Context) error { + containerID := context.Args().First() + if err := joinNamespaces(containerID); err != nil { + return err + } + span, ctx := trace(ctx, "execute") defer span.Finish() - containerID := context.Args().First() - kataLog = kataLog.WithField("container", containerID) setExternalLoggers(ctx, kataLog) span.SetTag("container", containerID) diff --git a/cli/kill.go b/cli/kill.go index 0f47e3b13c..4db6bd18bd 100644 --- a/cli/kill.go +++ b/cli/kill.go @@ -97,6 +97,10 @@ var signalList = map[string]syscall.Signal{ } func kill(ctx context.Context, containerID, signal string, all bool) error { + if err := joinNamespaces(containerID); err != nil { + return err + } + span, _ := trace(ctx, "kill") defer span.Finish() @@ -106,7 +110,6 @@ func kill(ctx context.Context, containerID, signal string, all bool) error { // Checks the MUST and MUST NOT from OCI runtime specification status, sandboxID, err := getExistingContainerInfo(ctx, containerID) - if err != nil { return err } diff --git a/cli/start.go b/cli/start.go index d8e20664d7..77a56c6278 100644 --- a/cli/start.go +++ b/cli/start.go @@ -48,6 +48,10 @@ var startCLICommand = cli.Command{ } func start(ctx context.Context, containerID string) (vc.VCSandbox, error) { + if err := joinNamespaces(containerID); err != nil { + return nil, err + } + span, _ := trace(ctx, "start") defer span.Finish() diff --git a/cli/state.go b/cli/state.go index 33c7c01bf0..06d27aac95 100644 --- a/cli/state.go +++ b/cli/state.go @@ -40,6 +40,10 @@ instance of a container.`, } func state(ctx context.Context, containerID string) error { + if err := joinNamespaces(containerID); err != nil { + return err + } + span, _ := trace(ctx, "state") defer span.Finish() diff --git a/cli/update.go b/cli/update.go index 4b21ffbfc3..fbdcd52537 100644 --- a/cli/update.go +++ b/cli/update.go @@ -127,6 +127,15 @@ other options are ignored. }, }, Action: func(context *cli.Context) error { + if context.Args().Present() == false { + return fmt.Errorf("Missing container ID, should at least provide one") + } + + containerID := context.Args().First() + if err := joinNamespaces(containerID); err != nil { + return err + } + ctx, err := cliContextToContext(context) if err != nil { return err @@ -135,12 +144,6 @@ other options are ignored. span, _ := trace(ctx, "update") defer span.Finish() - if context.Args().Present() == false { - return fmt.Errorf("Missing container ID, should at least provide one") - } - - containerID := context.Args().First() - kataLog = kataLog.WithField("container", containerID) setExternalLoggers(ctx, kataLog) span.SetTag("container", containerID)