Allow IPC namespace to be shared between containers or with the host by rhatdan · Pull Request #9074 · moby/moby

rhatdan · 2014-11-10T21:26:51Z

Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.

This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers

If you share IPC between containers, then you need to make sure SELinux labels
match.

Docker-DCO-1.1-Signed-off-by: Dan Walsh dwalsh@redhat.com (github: rhatdan)

rhatdan · 2014-11-10T21:27:38Z

Originally #8211
And @crosbymichael had a version #8835

This takes most of the comments in from Michaels Pull. Only big one is around whether or not we should capitalize IPC or leave it Ipc.

I think there could be some more doc changes.

sirupsen · 2014-11-10T21:34:58Z

Awesome. I'll try to take another look at this later today.

rhatdan · 2014-11-10T22:03:18Z

The build seems to have failed in a totally random place.

sirupsen · 2014-11-11T00:18:17Z

docs/man/docker-run.1.md

This example with a custom C binary and what not feels kind of awkward.

Well the test programs is just reading link to /proc/1/ns/ipc and making sure they are the same, which indicates you are in the same IPC namespace.

sirupsen · 2014-11-11T00:21:52Z

This is starting to look great!

SvenDowideit · 2014-11-11T00:36:35Z

Docs LGTM - @fredlf @jamtur01

SvenDowideit · 2014-11-11T00:37:56Z

@rhatdan

--- FAIL: TestLinksNotStartedParentNotFail (0.64 seconds)
    docker_cli_links_test.go:176:  exit status 1

rhatdan · 2014-11-11T14:00:36Z

Yes I have no idea why? Seems to be not related to patch.

sirupsen · 2014-11-11T14:22:29Z

LGTM

fredlf · 2014-11-11T19:14:39Z

LGTM. I am all for mentioning real-world applications/use-cases in the docs. As long as we are not advocating or discussing blatantly commercial/proprietary products and/or services, real-world examples are more helpful, IMHO, than abstractions.

rhatdan · 2014-11-11T19:40:56Z

Looks like an errant patch.

rhatdan · 2014-11-11T20:12:01Z

Had to add some fixes for SELinux labels.

Some workloads rely on IPC for communications with other processes. We would like to split workloads between two container but still allow them to communicate though shared IPC. This patch mimics the --net code to allow --ipc=host to not split off the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers If you share IPC between containers, then you need to make sure SELinux labels match. Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)

crosbymichael · 2014-11-12T21:50:37Z

LGTM

fredlf · 2014-11-13T20:57:06Z

Oh, forgot to mention that IPC should be capitalized, as per style guide. http://docs.docker.com/contributing/docs_style-guide/#abbreviations-and-acronyms

crosbymichael · 2014-11-14T02:15:45Z

ping @unclejack @jfrazelle

Please review

jessfraz · 2014-11-14T04:32:35Z

LGTM

Allow IPC namespace to be shared between containers or with the host

crosbymichael mentioned this pull request Nov 10, 2014

Allow IPC namespace to be shared between containers or with the host #8835

Closed

sirupsen reviewed Nov 11, 2014
View reviewed changes

SvenDowideit added the /project/doc label Nov 11, 2014

rhatdan force-pushed the shm branch 2 times, most recently from 3317098 to 64b18fc Compare November 11, 2014 14:07

rhatdan force-pushed the shm branch from 64b18fc to 8a82e30 Compare November 11, 2014 19:40

rhatdan force-pushed the shm branch from 8a82e30 to 8539f71 Compare November 11, 2014 20:09

rhatdan force-pushed the shm branch from 8539f71 to 497fc88 Compare November 12, 2014 16:30

crosbymichael added a commit that referenced this pull request Nov 14, 2014

Merge pull request #9074 from rhatdan/shm

07996d8

Allow IPC namespace to be shared between containers or with the host

crosbymichael merged commit 07996d8 into moby:master Nov 14, 2014

Conversation

rhatdan commented Nov 10, 2014

Uh oh!

rhatdan commented Nov 10, 2014

Uh oh!

sirupsen commented Nov 10, 2014

Uh oh!

rhatdan commented Nov 10, 2014

Uh oh!

sirupsen Nov 11, 2014

Choose a reason for hiding this comment

Uh oh!

rhatdan Nov 11, 2014

Choose a reason for hiding this comment

Uh oh!

sirupsen commented Nov 11, 2014

Uh oh!

SvenDowideit commented Nov 11, 2014

Uh oh!

SvenDowideit commented Nov 11, 2014

Uh oh!

rhatdan commented Nov 11, 2014

Uh oh!

sirupsen commented Nov 11, 2014

Uh oh!

fredlf commented Nov 11, 2014

Uh oh!

rhatdan commented Nov 11, 2014

Uh oh!

rhatdan commented Nov 11, 2014

Uh oh!

crosbymichael commented Nov 12, 2014

Uh oh!

fredlf commented Nov 13, 2014

Uh oh!

crosbymichael commented Nov 14, 2014

Uh oh!

jessfraz commented Nov 14, 2014

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants