From 64ad42444f94a17ac824ce91267efe79d87a53b8 Mon Sep 17 00:00:00 2001
From: Arjun Raja Yogidas <arjunry@amazon.com>
Date: Wed, 22 Jan 2025 21:18:56 +0000
Subject: [PATCH] chore: add pidMode to inspect response

Signed-off-by: Arjun Raja Yogidas <arjunry@amazon.com>
---
 .../container/container_inspect_linux_test.go | 36 ++++++++++++++++++
 pkg/inspecttypes/dockercompat/dockercompat.go | 38 +++++++++++++------
 .../dockercompat/dockercompat_test.go         |  4 +-
 3 files changed, 64 insertions(+), 14 deletions(-)

diff --git a/cmd/nerdctl/container/container_inspect_linux_test.go b/cmd/nerdctl/container/container_inspect_linux_test.go
index 6ba468f8052..9528d0553e0 100644
--- a/cmd/nerdctl/container/container_inspect_linux_test.go
+++ b/cmd/nerdctl/container/container_inspect_linux_test.go
@@ -362,3 +362,39 @@ func TestContainerInspectHostConfigDNSDefaults(t *testing.T) {
 	assert.Equal(t, 0, len(inspect.HostConfig.DNSSearch))
 	assert.Equal(t, 0, len(inspect.HostConfig.DNSOptions))
 }
+
+func TestContainerInspectHostConfigPID(t *testing.T) {
+	testContainer1 := testutil.Identifier(t)
+	testContainer2 := testutil.Identifier(t)
+
+	base := testutil.NewBase(t)
+	defer base.Cmd("rm", "-f", testContainer1, testContainer2).Run()
+
+	// Run the first container
+	base.Cmd("run", "-d", "--name", testContainer1, testutil.AlpineImage, "sleep", "infinity").AssertOK()
+
+	// Run a container with PID namespace options
+	base.Cmd("run", "-d", "--name", testContainer2,
+		"--pid", fmt.Sprintf("container:%s", testContainer1),
+		testutil.AlpineImage, "sleep", "infinity").AssertOK()
+
+	inspect := base.InspectContainer(testContainer2)
+
+	assert.Equal(t, fmt.Sprintf("container:%s", testContainer1), inspect.HostConfig.PidMode)
+
+}
+
+func TestContainerInspectHostConfigPIDDefaults(t *testing.T) {
+	testContainer := testutil.Identifier(t)
+
+	base := testutil.NewBase(t)
+	defer base.Cmd("rm", "-f", testContainer).Run()
+
+	// Run a container without specifying PID options
+	base.Cmd("run", "-d", "--name", testContainer, testutil.AlpineImage, "sleep", "infinity").AssertOK()
+
+	inspect := base.InspectContainer(testContainer)
+
+	// Check that PID mode is empty (private) by default
+	assert.Equal(t, "", inspect.HostConfig.PidMode)
+}
diff --git a/pkg/inspecttypes/dockercompat/dockercompat.go b/pkg/inspecttypes/dockercompat/dockercompat.go
index b9051f8b229..d4fea7e667e 100644
--- a/pkg/inspecttypes/dockercompat/dockercompat.go
+++ b/pkg/inspecttypes/dockercompat/dockercompat.go
@@ -163,6 +163,8 @@ type HostConfig struct {
 	Sysctls         map[string]string // List of Namespaced sysctls used for the container
 	Runtime         string            // Runtime to use with this container
 	Devices         []string          // List of devices to map inside the container
+	PidMode         string            // PID namespace to use for the container
+	Tmpfs           []MountPoint      `json:",omitempty"` // List of tmpfs (mounts) used for the container
 }
 
 // From https://github.com/moby/moby/blob/v20.10.1/api/types/types.go#L416-L427
@@ -292,6 +294,7 @@ func ContainerFromNative(n *native.Container) (*Container, error) {
 		// XXX is this always right? what if the container OS is NOT the same as the host OS?
 		Platform: runtime.GOOS, // for Docker compatibility, this Platform string does NOT contain arch like "/amd64"
 	}
+	c.HostConfig = new(HostConfig)
 	if n.Labels[restart.StatusLabel] == string(containerd.Running) {
 		c.RestartCount, _ = strconv.Atoi(n.Labels[restart.CountLabel])
 	}
@@ -332,15 +335,20 @@ func ContainerFromNative(n *native.Container) (*Container, error) {
 		}
 	}
 
+	var tmpfsMounts []MountPoint
+
 	if nerdctlMounts := n.Labels[labels.Mounts]; nerdctlMounts != "" {
 		mounts, err := parseMounts(nerdctlMounts)
 		if err != nil {
 			return nil, err
 		}
 		c.Mounts = mounts
+		if len(mounts) > 0 {
+			tmpfsMounts = filterTmpfsMounts(mounts)
+		}
 	}
+	c.HostConfig.Tmpfs = tmpfsMounts
 
-	c.HostConfig = new(HostConfig)
 	if nedctlExtraHosts := n.Labels[labels.ExtraHosts]; nedctlExtraHosts != "" {
 		c.HostConfig.ExtraHosts = parseExtraHosts(nedctlExtraHosts)
 	}
@@ -366,7 +374,7 @@ func ContainerFromNative(n *native.Container) (*Container, error) {
 	}
 
 	// var hostConfigLabel HostConfigLabel
-	hostConfigLabel, err := getHostConfigLabelFromNative(n.Labels)
+	hostConfigLabel, _ := getHostConfigLabelFromNative(n.Labels)
 
 	c.HostConfig.BlkioWeight = hostConfigLabel.BlkioWeight
 	c.HostConfig.ContainerIDFile = hostConfigLabel.CidFile
@@ -480,6 +488,11 @@ func ContainerFromNative(n *native.Container) (*Container, error) {
 
 	c.HostConfig.Devices = hostConfigLabel.DeviceMapping
 
+	var pidMode string
+	if n.Labels[labels.PIDContainer] != "" {
+		pidMode = n.Labels[labels.PIDContainer]
+	}
+	c.HostConfig.PidMode = pidMode
 	return c, nil
 }
 
@@ -550,6 +563,18 @@ func mountsFromNative(spMounts []specs.Mount) []MountPoint {
 	return mountpoints
 }
 
+// filterTmpfsMounts filters the tmpfs mounts
+func filterTmpfsMounts(spMounts []MountPoint) []MountPoint {
+	mountpoints := make([]MountPoint, 0, len(spMounts))
+	for _, m := range spMounts {
+		if m.Type == "tmpfs" {
+			mountpoints = append(mountpoints, m)
+		}
+	}
+
+	return mountpoints
+}
+
 func statusFromNative(x containerd.Status, labels map[string]string) string {
 	switch s := x.Status; s {
 	case containerd.Stopped:
@@ -799,15 +824,6 @@ func getSysctlFromNative(sp *specs.Spec) (map[string]string, error) {
 	return res, nil
 }
 
-func parseDeviceMapping(deviceMappingJSON string) ([]string, error) {
-	var devices []string
-	err := json.Unmarshal([]byte(deviceMappingJSON), &devices)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse device mapping: %v", err)
-	}
-	return devices, nil
-}
-
 type IPAMConfig struct {
 	Subnet  string `json:"Subnet,omitempty"`
 	Gateway string `json:"Gateway,omitempty"`
diff --git a/pkg/inspecttypes/dockercompat/dockercompat_test.go b/pkg/inspecttypes/dockercompat/dockercompat_test.go
index 4043b4cb9f0..ff84a5bd891 100644
--- a/pkg/inspecttypes/dockercompat/dockercompat_test.go
+++ b/pkg/inspecttypes/dockercompat/dockercompat_test.go
@@ -83,7 +83,7 @@ func TestContainerFromNative(t *testing.T) {
 						Opts:   map[string]string{},
 					},
 					UTSMode: "host",
-					Devices: []string{},
+					Tmpfs:   []MountPoint{},
 				},
 				Mounts: []MountPoint{
 					{
@@ -168,7 +168,6 @@ func TestContainerFromNative(t *testing.T) {
 						Opts:   map[string]string{},
 					},
 					UTSMode: "host",
-					Devices: []string{},
 				},
 				Mounts: []MountPoint{
 					{
@@ -250,7 +249,6 @@ func TestContainerFromNative(t *testing.T) {
 						Opts:   map[string]string{},
 					},
 					UTSMode: "host",
-					Devices: []string{},
 				},
 				Mounts: []MountPoint{
 					{