chore: add Tmpfs and UTSMode option

Signed-off-by: Arjun Raja Yogidas <[email protected]>
runfinch · Dec 11, 2024 · e7b1e10 · e7b1e10
1 parent e7f9e86
commit e7b1e10
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 8 deletions.
diff --git a/api/handlers/container/create.go b/api/handlers/container/create.go
@@ -107,6 +107,16 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	// Tmpfs:
+	// Tmpfs are passed in as a map of strings,
+	// but nerdctl expects an array of strings with format [TMPFS1:VALUE1, TMPFS2:VALUE2, ...].
+	tmpfs := []string{}
+	if req.HostConfig.Tmpfs != nil {
+		for key, val := range req.HostConfig.Tmpfs {
+			tmpfs = append(tmpfs, fmt.Sprintf("%s:%s", key, val))
+		}
+	}
+
 	// Environment vars:
 	env := []string{}
 	if req.Env != nil {
@@ -223,6 +233,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		// #region for volume flags
 		Volume:      volumes,
 		VolumesFrom: volumesFrom,
+		Tmpfs:       tmpfs,
 		// #endregion
 
 		// #region for env flags
@@ -282,6 +293,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		PortMappings:         portMappings,
 		AddHost:              req.HostConfig.ExtraHosts, // Extra hosts.
 		MACAddress:           req.MacAddress,
+		UTSNamespace:         req.HostConfig.UTSMode,
 	}
 
 	ctx := namespaces.WithNamespace(r.Context(), h.Config.Namespace)

diff --git a/api/handlers/container/create_test.go b/api/handlers/container/create_test.go
@@ -675,6 +675,29 @@ var _ = Describe("Container Create API ", func() {
 			Expect(rr.Body).Should(MatchJSON(jsonResponse))
 		})
 
+		It("should set Tmpfs and UTSMode option", func() {
+			body := []byte(`{
+				"Image": "test-image",
+				"HostConfig": {
+					"Tmpfs": { "/run": "rw,noexec,nosuid,size=65536k" },
+					"UTSMode": "host"
+				}
+			}`)
+			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
+
+			// expected create options
+			createOpt.Tmpfs = []string{"/run:rw,noexec,nosuid,size=65536k"}
+			netOpt.UTSNamespace = "host"
+
+			service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return(
+				cid, nil)
+
+			// handler should return success message with 201 status code.
+			h.create(rr, req)
+			Expect(rr).Should(HaveHTTPStatus(http.StatusCreated))
+			Expect(rr.Body).Should(MatchJSON(jsonResponse))
+		})
+
 		It("should return 404 if the image was not found", func() {
 			body := []byte(`{"Image": "test-image"}`)
 			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
@@ -881,6 +904,7 @@ func getDefaultCreateOpt(conf config.Config) types.ContainerCreateOptions {
 		// #region for volume flags
 		Volume:      nil,
 		VolumesFrom: []string{}, // nerdctl default.
+		Tmpfs:       []string{},
 		// #endregion
 
 		// #region for env flags

diff --git a/api/types/container_types.go b/api/types/container_types.go
@@ -81,16 +81,16 @@ type ContainerHostConfig struct {
 	IpcMode    string   // IPC namespace to use for the container
 	// TODO: Cgroup          CgroupSpec        // Cgroup to use for the container
 	// TODO: Links           []string          // List of links (in the name:alias form)
-	OomKillDisable bool     // specifies whether to disable OOM Killer
-	OomScoreAdj    int      // specifies the tune container’s OOM preferences (-1000 to 1000, rootless: 100 to 1000)
-	PidMode        string   // PID namespace to use for the container
-	Privileged     bool     // Is the container in privileged mode
-	ReadonlyRootfs bool     // Is the container root filesystem in read-only
-	SecurityOpt    []string // List of string values to customize labels for MLS systems, such as SELinux. (["key=value"])
+	OomKillDisable bool              // specifies whether to disable OOM Killer
+	OomScoreAdj    int               // specifies the tune container’s OOM preferences (-1000 to 1000, rootless: 100 to 1000)
+	PidMode        string            // PID namespace to use for the container
+	Privileged     bool              // Is the container in privileged mode
+	ReadonlyRootfs bool              // Is the container root filesystem in read-only
+	SecurityOpt    []string          // List of string values to customize labels for MLS systems, such as SELinux. (["key=value"])
+	Tmpfs          map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container
+	UTSMode        string            // UTS namespace to use for the container
 	// TODO: PublishAllPorts bool              // Should docker publish all exposed port for the container
 	// TODO: StorageOpt      map[string]string `json:",omitempty"` // Storage driver options per container.
-	// TODO: Tmpfs           map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container
-	// TODO: UTSMode         UTSMode           // UTS namespace to use for the container
 	// TODO: UsernsMode      UsernsMode        // The user namespace to use for the container
 	// TODO: ShmSize         int64             // Total shm memory usage
 	// TODO: Sysctls         map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container