api: add namespace adjustment

We are interested in running some parts of a pod in host or totally separate pid and network namespaces, so add an adjustment that allows for that. Signed-off-by: Tycho Andersen <[email protected]>
containerd · Nov 25, 2024 · 698e6ae · 698e6ae
1 parent 6d486ac
commit 698e6ae
Show file tree

Hide file tree

Showing 5 changed files with 250 additions and 156 deletions.
diff --git a/pkg/adaptation/result.go b/pkg/adaptation/result.go
@@ -219,6 +219,9 @@ func (r *result) adjust(rpl *ContainerAdjustment, plugin string) error {
 		if err := r.adjustOomScoreAdj(rpl.Linux.OomScoreAdj, plugin); err != nil {
 			return err
 		}
+		if err := r.adjustNamespaces(rpl.Linux.Namespaces, plugin); err != nil {
+			return err
+		}
 	}
 	if err := r.adjustRlimits(rpl.Rlimits, plugin); err != nil {
 		return err
@@ -738,6 +741,22 @@ func (r *result) adjustOomScoreAdj(OomScoreAdj *OptionalInt, plugin string) erro
 	return nil
 }
 
+func (r *result) adjustNamespaces(adjustment []*LinuxNamespace, plugin string) error {
+	if adjustment == nil {
+		return nil
+	}
+	create, id := r.request.create, r.request.create.Container.Id
+
+	if err := r.owners.claimNamespaces(id, plugin); err != nil {
+		return err
+	}
+
+	create.Container.Linux.Namespaces = adjustment
+	r.reply.adjust.Linux.Namespaces = adjustment
+
+	return nil
+}
+
 func (r *result) adjustRlimits(rlimits []*POSIXRlimit, plugin string) error {
 	create, id, adjust := r.request.create, r.request.create.Container.Id, r.reply.adjust
 	for _, l := range rlimits {
@@ -976,6 +995,7 @@ type owners struct {
 	unified             map[string]string
 	cgroupsPath         string
 	oomScoreAdj         string
+	namespaces          string
 	rlimits             map[string]string
 }
 
@@ -1096,6 +1116,10 @@ func (ro resultOwners) claimOomScoreAdj(id, plugin string) error {
 	return ro.ownersFor(id).claimOomScoreAdj(plugin)
 }
 
+func (ro resultOwners) claimNamespaces(id, plugin string) error {
+	return ro.ownersFor(id).claimNamespaces(plugin)
+}
+
 func (ro resultOwners) claimRlimits(id, typ, plugin string) error {
 	return ro.ownersFor(id).claimRlimit(typ, plugin)
 }
@@ -1349,6 +1373,14 @@ func (o *owners) claimOomScoreAdj(plugin string) error {
 	return nil
 }
 
+func (o *owners) claimNamespaces(plugin string) error {
+	if other := o.namespaces; other != "" {
+		return conflict(plugin, other, "namespaces")
+	}
+	o.namespaces = plugin
+	return nil
+}
+
 func (ro resultOwners) clearAnnotation(id, key string) {
 	ro.ownersFor(id).clearAnnotation(key)
 }