From 2fa691c114ea95410d367dc1337ffeac07f86099 Mon Sep 17 00:00:00 2001 From: Arjun Raja Yogidas Date: Mon, 9 Dec 2024 23:38:33 +0000 Subject: [PATCH] chore: add PidMode and Priviledged option Signed-off-by: Arjun Raja Yogidas --- api/handlers/container/create.go | 2 ++ api/handlers/container/create_test.go | 24 ++++++++++++++++++++++++ api/types/container_types.go | 8 ++++---- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/api/handlers/container/create.go b/api/handlers/container/create.go index 4544395..382a2df 100644 --- a/api/handlers/container/create.go +++ b/api/handlers/container/create.go @@ -172,6 +172,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) { OomKillDisable: req.HostConfig.OomKillDisable, CidFile: req.HostConfig.ContainerIDFile, // CidFile write the container ID to the file OomScoreAdj: req.HostConfig.OomScoreAdj, + Pid: req.HostConfig.PidMode, // Pid namespace to use // #endregion // #region for platform flags @@ -207,6 +208,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) { SecurityOpt: []string{}, // nerdctl default. CapAdd: capAdd, CapDrop: capDrop, + Privileged: req.HostConfig.Privileged, // #endregion // #region for runtime flags diff --git a/api/handlers/container/create_test.go b/api/handlers/container/create_test.go index a845547..fa191c5 100644 --- a/api/handlers/container/create_test.go +++ b/api/handlers/container/create_test.go @@ -629,6 +629,29 @@ var _ = Describe("Container Create API ", func() { Expect(rr.Body).Should(MatchJSON(jsonResponse)) }) + It("should set PidMode and Privileged option", func() { + body := []byte(`{ + "Image": "test-image", + "HostConfig": { + "PidMode": "host", + "Privileged": true + } + }`) + req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body)) + + // expected create options + createOpt.Pid = "host" + createOpt.Privileged = true + + service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return( + cid, nil) + + // handler should return success message with 201 status code. + h.create(rr, req) + Expect(rr).Should(HaveHTTPStatus(http.StatusCreated)) + Expect(rr.Body).Should(MatchJSON(jsonResponse)) + }) + It("should return 404 if the image was not found", func() { body := []byte(`{"Image": "test-image"}`) req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body)) @@ -825,6 +848,7 @@ func getDefaultCreateOpt(conf config.Config) types.ContainerCreateOptions { SecurityOpt: []string{}, // nerdctl default. CapAdd: []string{}, // nerdctl default. CapDrop: []string{}, // nerdctl default. + Privileged: false, // #endregion // #region for runtime flags diff --git a/api/types/container_types.go b/api/types/container_types.go index 0ee5cee..9a02c47 100644 --- a/api/types/container_types.go +++ b/api/types/container_types.go @@ -81,10 +81,10 @@ type ContainerHostConfig struct { IpcMode string // IPC namespace to use for the container // TODO: Cgroup CgroupSpec // Cgroup to use for the container // TODO: Links []string // List of links (in the name:alias form) - OomKillDisable bool // specifies whether to disable OOM Killer - OomScoreAdj int // specifies the tune container’s OOM preferences (-1000 to 1000, rootless: 100 to 1000) - // TODO: PidMode PidMode // PID namespace to use for the container - // TODO: Privileged bool // Is the container in privileged mode + OomKillDisable bool // specifies whether to disable OOM Killer + OomScoreAdj int // specifies the tune container’s OOM preferences (-1000 to 1000, rootless: 100 to 1000) + PidMode string // PID namespace to use for the container + Privileged bool // Is the container in privileged mode // TODO: PublishAllPorts bool // Should docker publish all exposed port for the container // TODO: ReadonlyRootfs bool // Is the container root filesystem in read-only // TODO: SecurityOpt []string // List of string values to customize labels for MLS systems, such as SELinux.