8000 stage1: implement IPC namespace sharing · Issue #3291 · rkt/rkt · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Feb 24, 2020. It is now read-only.

stage1: implement IPC namespace sharing #3291

Closed
lucab opened this issue Oct 18, 2016 · 6 comments · Fixed by #3787
Closed

stage1: implement IPC namespace sharing #3291

lucab opened this issue Oct 18, 2016 · 6 comments · Fixed by #3787
Labels
depends-on/systemd kind/enhancement required-by/rktnetes
Milestone
v1+

Comments

@lucab
Copy link
Member
lucab commented Oct 18, 2016
edited
Loading

rkt run/sandbox should gain an option to run a pod/stage1 within the host IPC namespace.

Stage0 details:

  • via CLI option, proposed --ipc=[auto|private|parent] (default to auto if missing)

Stage1 details:

  • this will require a new argument to stage1 run entrypoint, with auto being stage1-specific default
  • stage1-fly only supports "parent" mode
  • stage1-coreos can support both "private" and "parent" mode (via SYSTEMD_NSPAWN_SHARE_NS_IPC=true since systemd v232, see nspawn: split down SYSTEMD_NSPAWN_SHARE_SYSTEM systemd/systemd#4023)
  • stage1-kvm only supports "private" mode

This is in accordance with to kubernetes spec, where hostIPC is a pod property.
@bcg62
Copy link
bcg62 commented Nov 11, 2016

+1

@jonboulle
Copy link
Contributor

@lucab is the only thing really blocking this getting a new systemd release? (or backported patch)

@lucab
Copy link
Member Author
lucab commented Nov 11, 2016

Probably, but I didn't do any further investigation after adding the systemd-nspawn flag.

@jonboulle
Copy link
Contributor
jonboulle commented Jan 9, 2017
edited by lucab
Loading

Per OOB discussion with @lucab, we're going to backport the relevant systemd patch to coreos/systemd so we can get this into rkt without being blocked on 232.

@jonboulle jonboulle added this to the v1.24.0 milestone Jan 9, 2017
@lucab lucab mentioned this issue Jan 13, 2017
Merged
@squeed squeed modified the milestones: v1.25.0, v1.24.0 Feb 2, 2017
@lucab lucab modified the milestones: v1+, v1.25.0 Feb 10, 2017
@bcg62
Copy link
bcg62 commented May 9, 2017

Is this still blocked or has the patch been added?

@euank
Copy link
Member
euank commented May 10, 2017

The current Container Linux releases all contain systemd v233, so this should be unblocked.

This was referenced Sep 6, 2017
Merged
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
depends-on/systemd kind/enhancement required-by/rktnetes
Projects
None yet
Milestone
v1+
Development

Successfully merging a pull request may close this issue.

stage1: enable host IPC namespace kinvolk/rkt
6 participants
@lucab @squeed @euank @jonboulle @ethernetdan @bcg62
0