Merge pull request #17201 from rhatdan/ipc

Correct output when inspecting containers created with --ipc
containers · Jan 24, 2023 · 3cee9d9 · 3cee9d9
2 parents 8073e90 + 623ad2a
commit 3cee9d9
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 7 deletions.
diff --git a/libpod/container_inspect_linux.go b/libpod/container_inspect_linux.go
@@ -183,23 +183,29 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
 		// If there is none, it's ipc=host.
 		// If there is one and it has a path, it's "ns:".
 		// If no path, it's default - the empty string.
+		hostConfig.IpcMode = "host"
 		for _, ns := range ctrSpec.Linux.Namespaces {
 			if ns.Type == spec.IPCNamespace {
 				if ns.Path != "" {
 					hostConfig.IpcMode = fmt.Sprintf("ns:%s", ns.Path)
 				} else {
-					break
+					switch {
+					case c.config.NoShm:
+						hostConfig.IpcMode = "none"
+					case c.config.NoShmShare:
+						hostConfig.IpcMode = "private"
+					default:
+						hostConfig.IpcMode = "shareable"
+					}
 				}
+				break
 			}
 		}
 	case c.config.NoShm:
 		hostConfig.IpcMode = "none"
 	case c.config.NoShmShare:
 		hostConfig.IpcMode = "private"
 	}
-	if hostConfig.IpcMode == "" {
-		hostConfig.IpcMode = "shareable"
-	}
 
 	// Cgroup namespace mode
 	cgroupMode := ""

diff --git a/test/system/190-run-ipcns.bats b/test/system/190-run-ipcns.bats
@@ -8,14 +8,20 @@ load helpers
 
 @test "podman --ipc=host" {
     hostipc="$(readlink /proc/self/ns/ipc)"
-    run_podman run --rm --ipc=host $IMAGE readlink /proc/self/ns/ipc
+    run_podman run --name IPC --ipc=host $IMAGE readlink /proc/self/ns/ipc
     is "$output" "$hostipc" "HostIPC and container IPC should be same"
+    run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
+    is "$output" "host" "host mode should be selected"
+    run_podman rm IPC
 }
 
 @test "podman --ipc=none" {
     hostipc="$(readlink /proc/self/ns/ipc)"
-    run_podman run --rm --ipc=none $IMAGE readlink /proc/self/ns/ipc
+    run_podman run --ipc=none --name IPC $IMAGE readlink /proc/self/ns/ipc
     assert "$output" != "$hostipc" "containeripc should != hostipc"
+    run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
+    is "$output" "none" "none mode should be selected"
+    run_podman rm IPC
 
     run_podman 1 run --rm --ipc=none $IMAGE ls /dev/shm
     is "$output" "ls: /dev/shm: No such file or directory" "Should fail with missing /dev/shm"
@@ -25,6 +31,8 @@ load helpers
     hostipc="$(readlink /proc/self/ns/ipc)"
     run_podman run -d --ipc=private --name test $IMAGE sleep 100
     assert "$output" != "$hostipc" "containeripc should != hostipc"
+    run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
+    is "$output" "private" "private mode should be selected"
 
     run_podman 125 run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
     is "$output" ".*is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)" "Containers should not share private ipc namespace"
@@ -36,6 +44,8 @@ load helpers
     hostipc="$(readlink /proc/self/ns/ipc)"
     run_podman run -d --ipc=shareable --name test $IMAGE sleep 100
     assert "$output" != "$hostipc" "containeripc(shareable) should != hostipc"
+    run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
+    is "$output" "shareable" "shareable mode should be selected"
 
     run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
     assert "$output" != "$hostipc" "containeripc(:test) should != hostipc"
@@ -47,12 +57,19 @@ load helpers
 @test "podman --ipc=container@test" {
     hostipc="$(readlink /proc/self/ns/ipc)"
     run_podman run -d --name test $IMAGE sleep 100
+    containerid=$output
+    run_podman inspect test --format '{{ .HostConfig.IpcMode }}'
+    is "$output" "shareable" "shareable mode should be selected"
     run_podman exec test readlink /proc/self/ns/ipc
     assert "$output" != "$hostipc" "containeripc(exec) should != hostipc"
 
     testipc=$output
-    run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
+    run_podman run --name IPC --ipc=container:test $IMAGE readlink /proc/self/ns/ipc
     assert "$output" = "$testipc" "Containers should share ipc namespace"
+    run_podman inspect IPC --format '{{ .HostConfig.IpcMode }}'
+    is "$output" "container:$containerid" "ipc mode should be selected"
+    run_podman rm IPC
+
     run_podman stop -t 0 test
     run_podman rm test
 }