feat: Add VolumesFrom, Tmpfs and UTSMode option (runfinch#231)

Signed-off-by: Arjun Raja Yogidas <[email protected]>

Author: coderbirju

api/handlers/container/create.go

@@ -166,6 +166,16 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		CpuQuota = req.HostConfig.CPUQuota
 	}
 
+	volumesFrom := []string{}
+	if req.HostConfig.VolumesFrom != nil {
+		volumesFrom = req.HostConfig.VolumesFrom
+	}
+
+	tmpfs := []string{}
+	if req.HostConfig.Tmpfs != nil {
+		tmpfs = translateTmpfs(req.HostConfig.Tmpfs)
+	}
+
 	globalOpt := ncTypes.GlobalCommandOptions(*h.Config)
 	createOpt := ncTypes.ContainerCreateOptions{
 		Stdout:   nil,
@@ -229,7 +239,9 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		// #endregion
 
 		// #region for volume flags
-		Volume: volumes,
+		Volume:      volumes,
+		VolumesFrom: volumesFrom,
+		Tmpfs:       tmpfs,
 		// #endregion
 
 		// #region for env flags
@@ -287,6 +299,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		PortMappings:         portMappings,
 		AddHost:              req.HostConfig.ExtraHosts, // Extra hosts.
 		MACAddress:           req.MacAddress,
+		UTSNamespace:         req.HostConfig.UTSMode,
 	}
 
 	ctx := namespaces.WithNamespace(r.Context(), h.Config.Namespace)
@@ -310,6 +323,21 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 	response.JSON(w, http.StatusCreated, containerCreateResponse{cid})
 }
 
+// translateTmpfs converts a map of tmpfs mounts to a slice of strings in the format "DEST:OPTIONS".
+// Tmpfs are passed in as a map of strings,
+// but nerdctl expects an array of strings with format [TMPFS1:VALUE1, TMPFS2:VALUE2, ...].
+func translateTmpfs(tmpfs map[string]string) []string {
+	var result []string
+	for dest, options := range tmpfs {
+		if options == "" {
+			result = append(result, dest)
+		} else {
+			result = append(result, fmt.Sprintf("%s:%s", dest, options))
+		}
+	}
+	return result
+}
+
 // translate docker port mappings to go-cni port mappings.
 func translatePortMappings(portMappings nat.PortMap) ([]gocni.PortMapping, error) {
 	ports := []gocni.PortMapping{}

api/handlers/container/create_test.go

@@ -775,6 +775,48 @@ var _ = Describe("Container Create API ", func() {
 			Expect(rr.Body).Should(MatchJSON(jsonResponse))
 		})
 
+		It("should set VolumesFrom option", func() {
+			body := []byte(`{
+				"Image": "test-image",
+				"HostConfig": {
+					"VolumesFrom": [ "parent", "other:ro"]
+				}
+			}`)
+			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
+
+			createOpt.VolumesFrom = []string{"parent", "other:ro"}
+
+			service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return(
+				cid, nil)
+
+			h.create(rr, req)
+			Expect(rr).Should(HaveHTTPStatus(http.StatusCreated))
+			Expect(rr.Body).Should(MatchJSON(jsonResponse))
+		})
+
+		It("should set Tmpfs and UTSMode option", func() {
+			body := []byte(`{
+				"Image": "test-image",
+				"HostConfig": {
+					"Tmpfs": { "/run": "rw,noexec,nosuid,size=65536k" },
+					"UTSMode": "host"
+				}
+			}`)
+			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
+
+			// expected create options
+			createOpt.Tmpfs = []string{"/run:rw,noexec,nosuid,size=65536k"}
+			netOpt.UTSNamespace = "host"
+
+			service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return(
+				cid, nil)
+
+			// handler should return success message with 201 status code.
+			h.create(rr, req)
+			Expect(rr).Should(HaveHTTPStatus(http.StatusCreated))
+			Expect(rr.Body).Should(MatchJSON(jsonResponse))
+		})
+
 		Context("translate port mappings", func() {
 			It("should return empty if port mappings is nil", func() {
 				Expect(translatePortMappings(nil)).Should(BeEmpty())
@@ -843,6 +885,46 @@ var _ = Describe("Container Create API ", func() {
 				Expect(cniPortMappings).Should(ContainElements(expected))
 			})
 		})
+
+		Context("translate tmpfs", func() {
+			It("should return nil for nil input", func() {
+				Expect(translateTmpfs(nil)).Should(BeNil())
+			})
+
+			It("should return empty slice for empty map", func() {
+				Expect(translateTmpfs(map[string]string{})).Should(BeEmpty())
+			})
+
+			It("should handle single tmpfs mount with options", func() {
+				input := map[string]string{
+					"/run": "rw,noexec,nosuid,size=65536k",
+				}
+				expected := []string{"/run:rw,noexec,nosuid,size=65536k"}
+				Expect(translateTmpfs(input)).Should(Equal(expected))
+			})
+
+			It("should handle multiple tmpfs mounts with different options", func() {
+				input := map[string]string{
+					"/run": "rw,noexec,nosuid,size=65536k",
+					"/tmp": "rw,exec,size=32768k",
+					"/var": "",
+				}
+				result := translateTmpfs(input)
+				Expect(result).Should(ConsistOf(
+					"/run:rw,noexec,nosuid,size=65536k",
+					"/tmp:rw,exec,size=32768k",
+					"/var",
+				))
+			})
+
+			It("should handle tmpfs mount without options", func() {
+				input := map[string]string{
+					"/run": "",
+				}
+				expected := []string{"/run"}
+				Expect(translateTmpfs(input)).Should(Equal(expected))
+			})
+		})
 	})
 })
 
@@ -917,7 +999,9 @@ func getDefaultCreateOpt(conf config.Config) types.ContainerCreateOptions {
 		// #endregion
 
 		// #region for volume flags
-		Volume: nil,
+		Volume:      nil,
+		VolumesFrom: []string{},
+		Tmpfs:       []string{},
 		// #endregion
 
 		// #region for env flags

api/types/container_types.go

@@ -66,8 +66,8 @@ type ContainerHostConfig struct {
 	PortBindings    nat.PortMap   // Port mapping between the exposed port (container) and the host
 	RestartPolicy   RestartPolicy // Restart policy to be used for the container
 	AutoRemove      bool          // Automatically remove container when it exits
+	VolumesFrom     []string      // List of volumes to take from other container
 	// TODO: VolumeDriver    string            // Name of the volume driver used to mount volumes
-	// TODO: VolumesFrom     []string      // List of volumes to take from other container
 	// TODO: ConsoleSize     [2]uint           // Initial console size (height,width)
 	// TODO: Annotations     map[string]string `json:",omitempty"` // Arbitrary non-identifying metadata attached to container and provided to the runtime
 
@@ -89,8 +89,8 @@ type ContainerHostConfig struct {
 	Privileged bool // Is the container in privileged mode
 	// TODO: ReadonlyRootfs bool              // Is the container root filesystem in read-only
 	// TODO: SecurityOpt []string          // List of string values to customize labels for MLS systems, such as SELinux. (["key=value"])
-	// TODO: Tmpfs   map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container
-	// TODO: UTSMode string            // UTS namespace to use for the container
+	Tmpfs   map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container
+	UTSMode string            // UTS namespace to use for the container
 	// TODO: ShmSize int64             // Size of /dev/shm in bytes. The size must be greater than 0.
 	// TODO: Sysctls map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container
 	// TODO: Runtime string            `json:",omitempty"` // Runtime to use with this container

e2e/tests/container_create.go

@@ -962,6 +962,170 @@ func ContainerCreate(opt *option.Option) {
 			Expect(responseReadIopsDevices[0].String()).Should(Equal(readIopsDevices[0].String()))
 			Expect(responseWriteIopsDevices[0].String()).Should(Equal(writeIopsDevices[0].String()))
 		})
+
+		It("should create container with volumes from another container", func() {
+			tID := testContainerName
+
+			// Create temporary directories
+			rwDir, err := os.MkdirTemp("", "rw")
+			Expect(err).Should(BeNil())
+			roDir, err := os.MkdirTemp("", "ro")
+			Expect(err).Should(BeNil())
+			defer os.RemoveAll(rwDir)
+			defer os.RemoveAll(roDir)
+
+			// Create named volumes
+			rwVolName := tID + "-rw"
+			roVolName := tID + "-ro"
+			command.Run(opt, "volume", "create", rwVolName)
+			command.Run(opt, "volume", "create", roVolName)
+			defer command.Run(opt, "volume", "rm", "-f", rwVolName)
+			defer command.Run(opt, "volume", "rm", "-f", roVolName)
+
+			// Create source container with multiple volume types
+			fromContainerName := tID + "-from"
+			sourceOptions := types.ContainerCreateRequest{}
+			sourceOptions.Image = defaultImage
+			sourceOptions.Cmd = []string{"top"}
+			sourceOptions.HostConfig.Binds = []string{
+				fmt.Sprintf("%s:%s", rwDir, "/mnt1"),
+				fmt.Sprintf("%s:%s:ro", roDir, "/mnt2"),
+				fmt.Sprintf("%s:%s", rwVolName, "/mnt3"),
+				fmt.Sprintf("%s:%s:ro", roVolName, "/mnt4"),
+			}
+
+			// Create and start source container
+			statusCode, _ := createContainer(uClient, url, fromContainerName, sourceOptions)
+			Expect(statusCode).Should(Equal(http.StatusCreated))
+			command.Run(opt, "start", fromContainerName)
+			defer command.Run(opt, "rm", "-f", fromContainerName)
+
+			// Create target container with volumes-from
+			toContainerName := tID + "-to"
+			targetOptions := types.ContainerCreateRequest{}
+			targetOptions.Image = defaultImage
+			targetOptions.Cmd = []string{"top"}
+			targetOptions.HostConfig.VolumesFrom = []string{fromContainerName}
+
+			// Create and start target container
+			statusCode, _ = createContainer(uClient, url, toContainerName, targetOptions)
+			Expect(statusCode).Should(Equal(http.StatusCreated))
+			command.Run(opt, "start", toContainerName)
+			defer command.Run(opt, "rm", "-f", toContainerName)
+
+			// Test write permissions
+			command.Run(opt, "exec", toContainerName, "sh", "-exc", "echo -n str1 > /mnt1/file1")
+			command.RunWithoutSuccessfulExit(opt, "exec", toContainerName, "sh", "-exc", "echo -n str2 > /mnt2/file2")
+			command.Run(opt, "exec", toContainerName, "sh", "-exc", "echo -n str3 > /mnt3/file3")
+			command.RunWithoutSuccessfulExit(opt, "exec", toContainerName, "sh", "-exc", "echo -n str4 > /mnt4/file4")
+
+			// Remove target container
+			command.Run(opt, "rm", "-f", toContainerName)
+
+			// Create a new container to verify data persistence
+			verifyOptions := types.ContainerCreateRequest{}
+			verifyOptions.Image = defaultImage
+			verifyOptions.Cmd = []string{"sh", "-c", "cat /mnt1/file1 /mnt3/file3"}
+			verifyOptions.HostConfig.VolumesFrom = []string{fromContainerName}
+
+			statusCode, _ = createContainer(uClient, url, "verify-container", verifyOptions)
+			Expect(statusCode).Should(Equal(http.StatusCreated))
+			out := command.StdoutStr(opt, "start", "-a", "verify-container")
+			Expect(out).Should(Equal("str1str3"))
+			defer command.Run(opt, "rm", "-f", "verify-container")
+		})
+
+		It("should create a container with tmpfs mounts", func() {
+			// Define options
+			options.Cmd = []string{"sleep", "Infinity"}
+			options.HostConfig.Tmpfs = map[string]string{
+				"/tmpfs1": "rw,noexec,nosuid,size=65536k",
+				"/tmpfs2": "", // no options
+			}
+
+			// Create container
+			statusCode, ctr := createContainer(uClient, url, testContainerName, options)
+			Expect(statusCode).Should(Equal(http.StatusCreated))
+			Expect(ctr.ID).ShouldNot(BeEmpty())
+
+			// Start container
+			command.Run(opt, "start", testContainerName)
+
+			// Verify tmpfs mounts using native inspect
+			nativeResp := command.Stdout(opt, "inspect", "--mode=native", testContainerName)
+			var nativeInspect []map[string]interface{}
+			err := json.Unmarshal(nativeResp, &nativeInspect)
+			Expect(err).Should(BeNil())
+			Expect(nativeInspect).Should(HaveLen(1))
+
+			// Navigate to the mounts section
+			spec, ok := nativeInspect[0]["Spec"].(map[string]interface{})
+			Expect(ok).Should(BeTrue())
+			mounts, ok := spec["mounts"].([]interface{})
+			Expect(ok).Should(BeTrue())
+
+			// Verify tmpfs mounts
+			foundMounts := make(map[string]bool)
+			for _, mount := range mounts {
+				m := mount.(map[string]interface{})
+				if m["type"] == "tmpfs" {
+					foundMounts[m["destination"].(string)] = true
+					if m["destination"] == "/tmpfs1" {
+						options := m["options"].([]interface{})
+						optionsStr := make([]string, len(options))
+						for i, opt := range options {
+							optionsStr[i] = opt.(string)
+						}
+						Expect(optionsStr).Should(ContainElements(
+							"rw",
+							"noexec",
+							"nosuid",
+							"size=65536k",
+						))
+					}
+				}
+			}
+		})
+
+		It("should create a container with UTSMode set to host", func() {
+			// Define options
+			options.Cmd = []string{"sleep", "Infinity"}
+			options.HostConfig.UTSMode = "host"
+
+			// Create container
+			statusCode, ctr := createContainer(uClient, url, testContainerName, options)
+			Expect(statusCode).Should(Equal(http.StatusCreated))
+			Expect(ctr.ID).ShouldNot(BeEmpty())
+
+			// Start container
+			command.Run(opt, "start", testContainerName)
+
+			// Inspect using native format to verify UTS namespace configuration
+			nativeResp := command.Stdout(opt, "inspect", "--mode=native", testContainerName)
+			var nativeInspect []map[string]interface{}
+			err := json.Unmarshal(nativeResp, &nativeInspect)
+			Expect(err).Should(BeNil())
+			Expect(nativeInspect).Should(HaveLen(1))
+
+			// Navigate to the namespaces section
+			spec, ok := nativeInspect[0]["Spec"].(map[string]interface{})
+			Expect(ok).Should(BeTrue())
+			linux, ok := spec["linux"].(map[string]interface{})
+			Expect(ok).Should(BeTrue())
+			namespaces, ok := linux["namespaces"].([]interface{})
+			Expect(ok).Should(BeTrue())
+
+			// Verify UTS namespace is not present (indicating host namespace is used)
+			foundUTSNamespace := false
+			for _, ns := range namespaces {
+				namespace := ns.(map[string]interface{})
+				if namespace["type"] == "uts" {
+					foundUTSNamespace = true
+					break
+				}
+			}
+			Expect(foundUTSNamespace).Should(BeFalse())
+		})
 	})
 }