vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Enable per pod PID namespace setting

Browse source 
If the pid namespace mode is set to POD, then the container's namespace
should be set to the namespace of the pod infra container.

Signed-off-by: umohnani8 <umohnani@redhat.com>
This commit is contained in:
umohnani8 2018-02-28 16:41:11 -05:00
parent e5fdb6bc9e
commit 156e21ddf9
8 changed files with 8 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

19
test/namespaces.bats
View file

@ -6,14 +6,15 @@ function teardown() {
cleanup_test
}
function pid_namespace_test() {
@test "pid_namespace_mode_pod_test" {
start_crio
run crictl runp "$TESTDATA"/sandbox_config.json
pidNamespaceMode=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["security_context"]["namespace_options"]["pid"] = 0; json.dump(obj, sys.stdout)')
echo "$pidNamespaceMode" > "$TESTDIR"/sandbox_pidnamespacemode_config.json
run crictl runp "$TESTDIR"/sandbox_pidnamespacemode_config.json
echo "$output"
[ "$status" -eq 0 ]
pod_id="$output"
run crictl create "$pod_id" "$TESTDATA"/container_redis.json "$TESTDATA"/sandbox_config.json
run crictl create "$pod_id" "$TESTDATA"/container_redis.json "$TESTDIR"/sandbox_pidnamespacemode_config.json
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
@ -23,7 +24,7 @@ function pid_namespace_test() {
run crictl exec --sync "$ctr_id" cat /proc/1/cmdline
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "${EXPECTED_INIT:-redis}" ]]
[[ "$output" =~ pause ]]
run crictl stopp "$pod_id"
echo "$output"
@ -35,11 +36,3 @@ function pid_namespace_test() {
cleanup_pods
stop_crio
}
@test "pod disable shared pid namespace" {
ENABLE_SHARED_PID_NAMESPACE=false pid_namespace_test
}
@test "pod enable shared pid namespace" {
ENABLE_SHARED_PID_NAMESPACE=true EXPECTED_INIT=pause pid_namespace_test
}