api/types: hostconfig: create enum for CgroupnsMode

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-09 12:21:53 -05:00 · 2019-10-13 14:18:57 +02:00 · 2019-10-13 14:18:57 +02:00 · 09cf117b31
commit 09cf117b31
parent 98f0f0dd87
5 changed files with 26 additions and 13 deletions
--- a/api/server/router/container/container_routes.go
+++ b/api/server/router/container/container_routes.go
@ -497,7 +497,7 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 	if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
 		// Older clients expect the default to be "host" on cgroup v1 hosts
 		if hostConfig.CgroupnsMode.IsEmpty() {
-			hostConfig.CgroupnsMode = container.CgroupnsMode("host")
+			hostConfig.CgroupnsMode = container.CgroupnsModeHost
 		}
 	}

--- a/api/types/container/host_config.go
+++ b/api/types/container/host_config.go
@ -13,19 +13,26 @@ import (
 // CgroupnsMode represents the cgroup namespace mode of the container
 type CgroupnsMode string

+// cgroup namespace modes for containers
+const (
+	CgroupnsModeEmpty   CgroupnsMode = ""
+	CgroupnsModePrivate CgroupnsMode = "private"
+	CgroupnsModeHost    CgroupnsMode = "host"
+)
+
 // IsPrivate indicates whether the container uses its own private cgroup namespace
 func (c CgroupnsMode) IsPrivate() bool {
-	return c == "private"
+	return c == CgroupnsModePrivate
 }

 // IsHost indicates whether the container shares the host's cgroup namespace
 func (c CgroupnsMode) IsHost() bool {
-	return c == "host"
+	return c == CgroupnsModeHost
 }

 // IsEmpty indicates whether the container cgroup namespace mode is unset
 func (c CgroupnsMode) IsEmpty() bool {
-	return c == ""
+	return c == CgroupnsModeEmpty
 }

 // Valid indicates whether the cgroup namespace mode is valid
--- a/cmd/dockerd/config_unix.go
+++ b/cmd/dockerd/config_unix.go
@ -66,10 +66,10 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
 	// rootless needs to be explicitly specified for running "rootful" dockerd in rootless dockerd (#38702)
 	// Note that defaultUserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
 	flags.BoolVar(&conf.Rootless, "rootless", rootless.RunningWithRootlessKit(), "Enable rootless mode; typically used with RootlessKit")
-	defaultCgroupNamespaceMode := "host"
-	if cgroups.Mode() == cgroups.Unified {
-		defaultCgroupNamespaceMode = "private"
+	defaultCgroupNamespaceMode := config.DefaultCgroupNamespaceMode
+	if cgroups.Mode() != cgroups.Unified {
+		defaultCgroupNamespaceMode = config.DefaultCgroupV1NamespaceMode
 	}
-	flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", defaultCgroupNamespaceMode, `Default mode for containers cgroup namespace ("host" | "private")`)
+	flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", string(defaultCgroupNamespaceMode), `Default mode for containers cgroup namespace ("host" | "private")`)
 	return nil
 }
--- a/daemon/config/config_linux.go
+++ b/daemon/config/config_linux.go
@ -13,6 +13,12 @@ import (
 const (
 	// DefaultIpcMode is default for container's IpcMode, if not set otherwise
 	DefaultIpcMode = containertypes.IPCModePrivate
+
+	// DefaultCgroupNamespaceMode is the default mode for containers cgroup namespace when using cgroups v2.
+	DefaultCgroupNamespaceMode = containertypes.CgroupnsModePrivate
+
+	// DefaultCgroupV1NamespaceMode is the default mode for containers cgroup namespace when using cgroups v1.
+	DefaultCgroupV1NamespaceMode = containertypes.CgroupnsModeHost
 )

 // BridgeConfig stores all the bridge driver specific
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@ -357,16 +357,16 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 		// for cgroup v2: unshare cgroupns even for privileged containers
 		// https://github.com/containers/libpod/pull/4374#issuecomment-549776387
 		if hostConfig.Privileged && cgroups.Mode() != cgroups.Unified {
-			hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
+			hostConfig.CgroupnsMode = containertypes.CgroupnsModeHost
 		} else {
-			m := "host"
+			m := containertypes.CgroupnsModeHost
 			if cgroups.Mode() == cgroups.Unified {
-				m = "private"
+				m = containertypes.CgroupnsModePrivate
 			}
 			if daemon.configStore != nil {
-				m = daemon.configStore.CgroupNamespaceMode
+				m = containertypes.CgroupnsMode(daemon.configStore.CgroupNamespaceMode)
 			}
-			hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
+			hostConfig.CgroupnsMode = m
 		}
 	}