Skip to content

Commit d574c09

Browse files
tych0tych0
committed
api: add namespace adjustment
We are interested in running some parts of a pod in host or totally separate pid and network namespaces, so add an adjustment that allows for that. Signed-off-by: Tycho Andersen <[email protected]>
1 parent 6d486ac commit d574c09

File tree

5 files changed

+250
-156
lines changed

5 files changed

+250
-156
lines changed

pkg/adaptation/result.go

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,9 @@ func (r *result) adjust(rpl *ContainerAdjustment, plugin string) error {
219219
if err := r.adjustOomScoreAdj(rpl.Linux.OomScoreAdj, plugin); err != nil {
220220
return err
221221
}
222+
if err := r.adjustNamespaces(rpl.Linux.Namespaces, plugin); err != nil {
223+
return err
224+
}
222225
}
223226
if err := r.adjustRlimits(rpl.Rlimits, plugin); err != nil {
224227
return err
@@ -738,6 +741,22 @@ func (r *result) adjustOomScoreAdj(OomScoreAdj *OptionalInt, plugin string) erro
738741
return nil
739742
}
740743

744+
func (r *result) adjustNamespaces(adjustment []*LinuxNamespace, plugin string) error {
745+
if adjustment == nil {
746+
return nil
747+
}
748+
create, id := r.request.create, r.request.create.Container.Id
749+
750+
if err := r.owners.claimNamespaces(id, plugin); err != nil {
751+
return err
752+
}
753+
754+
create.Container.Linux.Namespaces = adjustment
755+
r.reply.adjust.Linux.Namespaces = adjustment
756+
757+
return nil
758+
}
759+
741760
func (r *result) adjustRlimits(rlimits []*POSIXRlimit, plugin string) error {
742761
create, id, adjust := r.request.create, r.request.create.Container.Id, r.reply.adjust
743762
for _, l := range rlimits {
@@ -976,6 +995,7 @@ type owners struct {
976995
unified map[string]string
977996
cgroupsPath string
978997
oomScoreAdj string
998+
namespaces string
979999
rlimits map[string]string
9801000
}
9811001

@@ -1096,6 +1116,10 @@ func (ro resultOwners) claimOomScoreAdj(id, plugin string) error {
10961116
return ro.ownersFor(id).claimOomScoreAdj(plugin)
10971117
}
10981118

1119+
func (ro resultOwners) claimNamespaces(id, plugin string) error {
1120+
return ro.ownersFor(id).claimNamespaces(plugin)
1121+
}
1122+
10991123
func (ro resultOwners) claimRlimits(id, typ, plugin string) error {
11001124
return ro.ownersFor(id).claimRlimit(typ, plugin)
11011125
}
@@ -1349,6 +1373,14 @@ func (o *owners) claimOomScoreAdj(plugin string) error {
13491373
return nil
13501374
}
13511375

1376+
func (o *owners) claimNamespaces(plugin string) error {
1377+
if other := o.namespaces; other != "" {
1378+
return conflict(plugin, other, "seccomp policy")
1379+
}
1380+
o.namespaces = plugin
1381+
return nil
1382+
}
1383+
13521384
func (ro resultOwners) clearAnnotation(id, key string) {
13531385
ro.ownersFor(id).clearAnnotation(key)
13541386
}

0 commit comments

Comments
 (0)