Skip to content

generate: Assorted namespace cleanups (add --user, no clobber, ...) #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mrunalp merged 3 commits into from
May 13, 2016
Merged

generate: Assorted namespace cleanups (add --user, no clobber, ...) #60

mrunalp merged 3 commits into from
May 13, 2016

Conversation

@wking
Copy link
Contributor

@wking wking commented May 7, 2016

Details in the commit messages.

@wking wking force-pushed the namespace-setup branch 2 times, most recently from f595d37 to 77ed36a Compare May 7, 2016 06:48
wking added 3 commits May 6, 2016 23:49
@wking
generate: Add replaceOrAppendNamespace to avoid clobbering template
b7e458a 
If the template already has namespaces in it, we don't want to blow
them away in setupNamespaces.  For example:

  $ echo '{"linux": {"namespaces": [{"type": "pid"}]}}' >config-template.json
  $ ocitools generate --template config-template.json --network=abc
  $ jq .linux.namespaces config.json
  [
    {
      "type": "pid"
    },
    {
      "type": "network",
      "path": "abc"
    }
  ]
  $ ocitools generate --template config-template.json
  $ jq .linux.namespaces config.json
  [
    {
      "type": "pid"
    }
  ]

Signed-off-by: W. Trevor King <[email protected]>
@wking
generate: Don't add namespaces by default
6c52ea0 
And actively remove them if the PATH is the keyword "host".

This helps with --template, because it's harder to get clean template
round-trips if you have to opt-out of the namespace additions.  The
default template includes the non-user namespaces, so this commit
doesn't effect the bare 'ocitools generate' output.

Also document the PATH argument in ocitools-generate(1).  I couldn't
find a way to support '--network', etc. in codegangsta/cli, so the:

  --network=[PATH]

and such are intentional.  I would have preferred --network[=PATH],
but using --network= instead of --network for "create a new network
namespace" isn't that bad.

Signed-off-by: W. Trevor King <[email protected]>
@wking
generate: Add --user and consolidate user-namespace handling
77ed36a 
Put this in setupNamespaces with the other namespaces.  This commit
allows users to:

* Join an existing user namespace with --user=path/to/ns.
* Create a new user namespace without mapping IDs (although this is
  likely not very useful).
* Clear a templated user namespace with --user=host (although without
  being able to clear the ID mappings, this may not be very useful).

I haven't checked for likely-invalid configuration like:

  --uidmappings=1000:0:1 --user=path/to/ns

We can add that in a follow-up commit if we want.

Signed-off-by: W. Trevor King <[email protected]>
@wking wking mentioned this pull request May 7, 2016
Closed
@mrunalp
Copy link
Contributor

mrunalp commented May 13, 2016

Thanks! LGTM

@mrunalp mrunalp merged commit efd8d8f into opencontainers:master May 13, 2016
@wking wking deleted the namespace-setup branch May 13, 2016 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wking @mrunalp