From 623ad2a6362382e286a49c428488d06eeffeec05 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 24 Jan 2023 11:00:16 -0500 Subject: [PATCH] Correct output when inspecting containers created with --ipc Fixes: https://github.com/containers/podman/issues/17189 Signed-off-by: Daniel J Walsh --- libpod/container_inspect_linux.go | 14 ++++++++++---- test/system/190-run-ipcns.bats | 23 ++++++++++++++++++++--- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/libpod/container_inspect_linux.go b/libpod/container_inspect_linux.go index 0bdd501ca6..b6872bd07f 100644 --- a/libpod/container_inspect_linux.go +++ b/libpod/container_inspect_linux.go @@ -183,13 +183,22 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC // If there is none, it's ipc=host. // If there is one and it has a path, it's "ns:". // If no path, it's default - the empty string. + hostConfig.IpcMode = "host" for _, ns := range ctrSpec.Linux.Namespaces { if ns.Type == spec.IPCNamespace { if ns.Path != "" { hostConfig.IpcMode = fmt.Sprintf("ns:%s", ns.Path) } else { - break + switch { + case c.config.NoShm: + hostConfig.IpcMode = "none" + case c.config.NoShmShare: + hostConfig.IpcMode = "private" + default: + hostConfig.IpcMode = "shareable" + } } + break } } case c.config.NoShm: @@ -197,9 +206,6 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC case c.config.NoShmShare: hostConfig.IpcMode = "private" } - if hostConfig.IpcMode == "" { - hostConfig.IpcMode = "shareable" - } // Cgroup namespace mode cgroupMode := "" diff --git a/test/system/190-run-ipcns.bats b/test/system/190-run-ipcns.bats index db1d716d74..a764f9a7b4 100644 --- a/test/system/190-run-ipcns.bats +++ b/test/system/190-run-ipcns.bats @@ -8,14 +8,20 @@ load helpers @test "podman --ipc=host" { hostipc="$(readlink /proc/self/ns/ipc)" - run_podman run --rm --ipc=host $IMAGE readlink /proc/self/ns/ipc + run_podman run --name IPC --ipc=host $IMAGE readlink /proc/self/ns/ipc is "$output" "$hostipc" "HostIPC and container IPC should be same" + run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}' + is "$output" "host" "host mode should be selected" + run_podman rm IPC } @test "podman --ipc=none" { hostipc="$(readlink /proc/self/ns/ipc)" - run_podman run --rm --ipc=none $IMAGE readlink /proc/self/ns/ipc + run_podman run --ipc=none --name IPC $IMAGE readlink /proc/self/ns/ipc assert "$output" != "$hostipc" "containeripc should != hostipc" + run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}' + is "$output" "none" "none mode should be selected" + run_podman rm IPC run_podman 1 run --rm --ipc=none $IMAGE ls /dev/shm is "$output" "ls: /dev/shm: No such file or directory" "Should fail with missing /dev/shm" @@ -25,6 +31,8 @@ load helpers hostipc="$(readlink /proc/self/ns/ipc)" run_podman run -d --ipc=private --name test $IMAGE sleep 100 assert "$output" != "$hostipc" "containeripc should != hostipc" + run_podman inspect test --format '{{ .HostConfig.IpcMode }}' + is "$output" "private" "private mode should be selected" run_podman 125 run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc is "$output" ".*is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)" "Containers should not share private ipc namespace" @@ -36,6 +44,8 @@ load helpers hostipc="$(readlink /proc/self/ns/ipc)" run_podman run -d --ipc=shareable --name test $IMAGE sleep 100 assert "$output" != "$hostipc" "containeripc(shareable) should != hostipc" + run_podman inspect test --format '{{ .HostConfig.IpcMode }}' + is "$output" "shareable" "shareable mode should be selected" run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc assert "$output" != "$hostipc" "containeripc(:test) should != hostipc" @@ -47,12 +57,19 @@ load helpers @test "podman --ipc=container@test" { hostipc="$(readlink /proc/self/ns/ipc)" run_podman run -d --name test $IMAGE sleep 100 + containerid=$output + run_podman inspect test --format '{{ .HostConfig.IpcMode }}' + is "$output" "shareable" "shareable mode should be selected" run_podman exec test readlink /proc/self/ns/ipc assert "$output" != "$hostipc" "containeripc(exec) should != hostipc" testipc=$output - run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc + run_podman run --name IPC --ipc=container:test $IMAGE readlink /proc/self/ns/ipc assert "$output" = "$testipc" "Containers should share ipc namespace" + run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}' + is "$output" "container:$containerid" "ipc mode should be selected" + run_podman rm IPC + run_podman stop -t 0 test run_podman rm test }