kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Add pid host support

Browse source 
Tested using global-net-plugin-ipc which sets PidHost in config.json.

Plugins might need access to host pid namespace. Add support for that.
Tested using aragunathan/global-net-plugin-ipc which sets "pidhost" in
config.json. Observed using `readlink /proc/self/ns/pid` that plugin and
host have the same ns.

Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
This commit is contained in:
Anusha Ragunathan 2017-03-10 14:17:24 -08:00
parent 6d6185c257
commit 4d1edcb2cc
5 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/swagger.yaml
View file

@ -1445,6 +1445,7 @@ definitions:
- WorkDir - WorkDir
- Network - Network
- Linux - Linux
- PidHost
- PropagatedMount - PropagatedMount
- IpcHost - IpcHost
- Mounts - Mounts
@ -1517,6 +1518,9 @@ definitions:
IpcHost: IpcHost:
type: "boolean" type: "boolean"
x-nullable: false x-nullable: false
PidHost:
type: "boolean"
x-nullable: false
Mounts: Mounts:
type: "array" type: "array"
items: items:

4
api/types/plugin.go
View file

@ -74,6 +74,10 @@ type PluginConfig struct {
// Required: true // Required: true
Network PluginConfigNetwork `json:"Network"` Network PluginConfigNetwork `json:"Network"`
// pid host
// Required: true
PidHost bool `json:"PidHost"`
// propagated mount // propagated mount
// Required: true // Required: true
PropagatedMount string `json:"PropagatedMount"` PropagatedMount string `json:"PropagatedMount"`

2
docs/extend/config.md
View file

@ -117,6 +117,8 @@ Config provides the base accessible fields for working with V0 plugin format
- **`ipchost`** *boolean* - **`ipchost`** *boolean*
Access to host ipc namespace. Access to host ipc namespace.
- **`pidhost`** *boolean*
Access to host pid namespace.
- **`propagatedMount`** *string* - **`propagatedMount`** *string*

7
plugin/backend_linux.go
View file

@ -157,6 +157,13 @@ func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) {
Value: []string{"true"}, Value: []string{"true"},
}) })
} }
if c.PidHost {
privileges = append(privileges, types.PluginPrivilege{
Name: "host pid namespace",
Description: "allow access to host pid namespace",
Value: []string{"true"},
})
}
for _, mount := range c.Mounts { for _, mount := range c.Mounts {
if mount.Source != nil { if mount.Source != nil {
privileges = append(privileges, types.PluginPrivilege{ privileges = append(privileges, types.PluginPrivilege{

3
plugin/v2/plugin_linux.go
View file

@ -60,6 +60,9 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {
Options: []string{"rbind", "ro"}, Options: []string{"rbind", "ro"},
}) })
} }
if p.PluginObj.Config.PidHost {
oci.RemoveNamespace(&s, specs.NamespaceType("pid"))
}
if p.PluginObj.Config.IpcHost { if p.PluginObj.Config.IpcHost {
oci.RemoveNamespace(&s, specs.NamespaceType("ipc")) oci.RemoveNamespace(&s, specs.NamespaceType("ipc"))