Add ability to work with individual namespaces

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2022-11-09 12:21:53 -05:00 · 2014-03-21 00:23:34 +00:00 · 2014-03-21 00:23:34 +00:00 · 70f3b9f4ce
commit 70f3b9f4ce
parent 443a75d5f6
3 changed files with 25 additions and 6 deletions
--- a/pkg/libcontainer/nsinit/command.go
+++ b/pkg/libcontainer/nsinit/command.go
@ -39,7 +39,9 @@ func (c *DefaultCommandFactory) Create(container *libcontainer.Container, consol
 // flags on clone, unshare, and setns
 func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
 	for _, ns := range namespaces {
-		flag |= ns.Value
+		if ns.Enabled {
+			flag |= ns.Value
+		}
 	}
 	return flag
 }
--- a/pkg/libcontainer/types.go
+++ b/pkg/libcontainer/types.go
@ -53,7 +53,8 @@ func (ns *Namespace) String() string {
 func GetNamespace(key string) *Namespace {
 	for _, ns := range namespaceList {
 		if ns.Key == key {
-			return ns
+			cpy := *ns
+			return &cpy
 		}
 	}
 	return nil
@ -62,12 +63,16 @@ func GetNamespace(key string) *Namespace {
 // Contains returns true if the specified Namespace is
 // in the slice
 func (n Namespaces) Contains(ns string) bool {
+	return n.Get(ns) != nil
+}
+
+func (n Namespaces) Get(ns string) *Namespace {
 	for _, nsp := range n {
 		if nsp.Key == ns {
-			return true
+			return nsp
 		}
 	}
-	return false
+	return nil
 }

 type (
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@ -77,10 +77,12 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 // i.e: cgroup devices.allow *:*
 func configureCustomOptions(container *libcontainer.Container, opts []string) {
 	for _, opt := range opts {
-		parts := strings.Split(strings.TrimSpace(opt), " ")
+		var (
+			parts = strings.Split(strings.TrimSpace(opt), " ")
+			value = strings.TrimSpace(parts[1])
+		)
 		switch parts[0] {
 		case "cap":
-			value := strings.TrimSpace(parts[1])
 			c := container.CapabilitiesMask.Get(value[1:])
 			if c == nil {
 				continue
@ -93,6 +95,16 @@ func configureCustomOptions(container *libcontainer.Container, opts []string) {
 			default:
 				// do error here
 			}
+		case "ns":
+			ns := container.Namespaces.Get(value[1:])
+			switch value[0] {
+			case '-':
+				ns.Enabled = false
+			case '+':
+				ns.Enabled = true
+			default:
+				// error
+			}
 		}
 	}
 }