MCPcopy Index your code
hub / github.com/moby/moby / WithNamespaces

Function WithNamespaces

daemon/oci_linux.go:228–372  ·  view source on GitHub ↗

WithNamespaces sets the container's namespaces

(daemon *Daemon, c *container.Container)

Source from the content-addressed store, hash-verified

226
227// WithNamespaces sets the container's namespaces
228func WithNamespaces(daemon *Daemon, c *container.Container) coci.SpecOpts {
229 return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
230 userNS := false
231 // user
232 if c.HostConfig.UsernsMode.IsPrivate() {
233 if uidMap := daemon.idMapping.UIDMaps; uidMap != nil {
234 userNS = true
235 setNamespace(s, specs.LinuxNamespace{
236 Type: specs.UserNamespace,
237 })
238 s.Linux.UIDMappings = specMapping(uidMap)
239 s.Linux.GIDMappings = specMapping(daemon.idMapping.GIDMaps)
240 }
241 }
242 // network
243 if !c.Config.NetworkDisabled {
244 networkMode := c.HostConfig.NetworkMode
245 switch {
246 case networkMode.IsContainer():
247 nc, err := daemon.getNetworkedContainer(c.ID, networkMode.ConnectedContainer())
248 if err != nil {
249 return err
250 }
251 setNamespace(s, specs.LinuxNamespace{
252 Type: specs.NetworkNamespace,
253 Path: fmt.Sprintf("/proc/%d/ns/net", nc.State.GetPID()),
254 })
255 if userNS {
256 // to share a net namespace, the containers must also share a user namespace.
257 //
258 // FIXME(thaJeztah): this will silently overwrite an earlier user namespace when joining multiple containers: https://github.com/moby/moby/issues/46210
259 setNamespace(s, specs.LinuxNamespace{
260 Type: specs.UserNamespace,
261 Path: fmt.Sprintf("/proc/%d/ns/user", nc.State.GetPID()),
262 })
263 }
264 case networkMode.IsHost():
265 oci.RemoveNamespace(s, specs.NetworkNamespace)
266 default:
267 setNamespace(s, specs.LinuxNamespace{
268 Type: specs.NetworkNamespace,
269 })
270 }
271 }
272
273 // Remove time-namespace if not supported. We can remove this once we
274 // drop support for kernel < 5.6.
275 sysInfo, err := daemon.RawSysInfo()
276 if err != nil {
277 return errdefs.System(err)
278 }
279 if !sysInfo.TimeNamespaces {
280 oci.RemoveNamespace(s, specs.TimeNamespace)
281 }
282
283 // ipc
284 ipcMode := c.HostConfig.IpcMode
285 if !ipcMode.Valid() {

Callers 1

createSpecMethod · 0.85

Calls 15

RemoveNamespaceFunction · 0.92
SystemFunction · 0.92
InvalidParameterFunction · 0.92
setNamespaceFunction · 0.85
specMappingFunction · 0.85
getNetworkedContainerMethod · 0.80
ConnectedContainerMethod · 0.80
GetPIDMethod · 0.80
ErrorfMethod · 0.80
getIPCContainerMethod · 0.80
IsShareableMethod · 0.80
getPIDContainerMethod · 0.80

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…