Merge pull request #3476 from vyos/mergify/bp/sagitta/pr-3472

T6358: Container config option to enable host pid (backport #3472)
vyos · May 17, 2024 · c015e36 · c015e36
2 parents badc6a2 + 3f83be2
commit c015e36
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 7 deletions.
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
@@ -15,9 +15,15 @@
           <constraintErrorMessage>Container name must be alphanumeric and can contain hyphens</constraintErrorMessage>
         </properties>
         <children>
+          <leafNode name="allow-host-pid">
+            <properties>
+              <help>Allow sharing host process namespace with container</help>
+              <valueless/>
+            </properties>
+          </leafNode>
           <leafNode name="allow-host-networks">
             <properties>
-              <help>Allow host networks in container</help>
+              <help>Allow sharing host networking with container</help>
               <valueless/>
             </properties>
           </leafNode>

diff --git a/smoketest/config-tests/container-simple b/smoketest/config-tests/container-simple
@@ -8,5 +8,6 @@ set container name c01 capability 'net-bind-service'
 set container name c01 capability 'net-raw'
 set container name c01 image 'busybox:stable'
 set container name c02 allow-host-networks
+set container name c02 allow-host-pid
 set container name c02 capability 'sys-time'
 set container name c02 image 'busybox:stable'
diff --git a/smoketest/configs/container-simple b/smoketest/configs/container-simple
@@ -7,6 +7,7 @@ container {
     }
     name c02 {
         allow-host-networks
+        allow-host-pid
         cap-add sys-time
         image busybox:stable
     }

diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
@@ -329,21 +329,20 @@ def generate_run_arguments(name, container_config):
             prop = vol_config['propagation']
             volume += f' --volume {svol}:{dvol}:{mode},{prop}'
 
+    host_pid = ''
+    if 'allow_host_pid' in container_config:
+      host_pid = '--pid host'
+
     container_base_cmd = f'--detach --interactive --tty --replace {capabilities} ' \
                          f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \
-                         f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid}'
+                         f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid} {host_pid}'
 
     entrypoint = ''
     if 'entrypoint' in container_config:
         # it needs to be json-formatted with single quote on the outside
         entrypoint = json_write(container_config['entrypoint'].split()).replace('"', "&quot;")
         entrypoint = f'--entrypoint &apos;{entrypoint}&apos;'
 
-    hostname = ''
-    if 'host_name' in container_config:
-        hostname = container_config['host_name']
-        hostname = f'--hostname {hostname}'
-
     command = ''
     if 'command' in container_config:
         command = container_config['command'].strip()