Merge pull request #1099 from giuseppe/per-user-conf-files

rootless: allow to override configuration files

5 files changed, 44 insertions, 12 deletions

diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 098864810..3216d288b 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -57,6 +57,11 @@ func GetDefaultStoreOptions() (storage.StoreOptions, error) {
 		if err != nil {
 			return storageOpts, err
 		}
+
+		storageConf := filepath.Join(os.Getenv("HOME"), ".config/containers/storage.conf")
+		if _, err := os.Stat(storageConf); err == nil {
+			storage.ReloadConfigurationFile(storageConf, &storageOpts)
+		}
 	}
 	return storageOpts, nil
 }
diff --git a/docs/podman.1.md b/docs/podman.1.md
index ea7f93afa..5581e0569 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -117,7 +117,7 @@ Print the version
 
 **libpod.conf** (`/etc/containers/libpod.conf`)
 
-libpod.conf is the configuration file for all tools using libpod to manage containers.  This file is ignored when running in rootless mode.
+libpod.conf is the configuration file for all tools using libpod to manage containers.  When Podman runs in rootless mode, then the file `$HOME/.config/containers/libpod.conf` is used.
 
 **storage.conf** (`/etc/containers/storage.conf`)
 
@@ -125,6 +125,8 @@ storage.conf is the storage configuration file for all tools using containers/st
 
 The storage configuration file specifies all of the available container storage options for tools using shared container storage.
 
+When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is also loaded.
+
 **mounts.conf** (`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`)
 
 The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands.  Container processes can then use this content.  The volume mount content does not get committed to the final image if you do a `podman commit`.
@@ -137,6 +139,8 @@ The format of the mounts.conf is the volume format /SRC:/DEST, one mount per lin
 
 Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.
 
+When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used.
+
 **hook JSON** (`/usr/share/containers/oci/hooks.d/*.json`)
 
 Each `*.json` file in `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers.  For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`.
@@ -153,6 +157,8 @@ Hooks are not used when running in rootless mode.
 
 registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
 
+When Podman runs in rootless mode, the file `$HOME/.config/containers/registries.conf` is used.
+
 ## Rootless mode
 Podman can also be used as non-root user.  When podman runs in rootless mode, an user namespace is automatically created.
 
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index a5a398eb1..f12c1ae5f 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"os"
 	"strings"
 
 	cp "github.com/containers/image/copy"
@@ -277,12 +276,7 @@ func (i *Image) createNamesToPull() ([]*pullStruct, error) {
 		pullNames = append(pullNames, &ps)
 
 	} else {
-		registryConfigPath := ""
-		envOverride := os.Getenv("REGISTRIES_CONFIG_PATH")
-		if len(envOverride) > 0 {
-			registryConfigPath = envOverride
-		}
-		searchRegistries, err := sysregistries.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath})
+		searchRegistries, err := registries.GetRegistries()
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 844d2c415..c84bb21f6 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -2,15 +2,27 @@ package registries
 
 import (
 	"os"
+	"path/filepath"
 
 	"github.com/containers/image/pkg/sysregistries"
 	"github.com/containers/image/types"
 	"github.com/pkg/errors"
+	"github.com/projectatomic/libpod/pkg/rootless"
 )
 
+// userRegistriesFile is the path to the per user registry configuration file.
+var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf")
+
 // GetRegistries obtains the list of registries defined in the global registries file.
 func GetRegistries() ([]string, error) {
 	registryConfigPath := ""
+
+	if rootless.IsRootless() {
+		if _, err := os.Stat(userRegistriesFile); err == nil {
+			registryConfigPath = userRegistriesFile
+		}
+	}
+
 	envOverride := os.Getenv("REGISTRIES_CONFIG_PATH")
 	if len(envOverride) > 0 {
 		registryConfigPath = envOverride
@@ -25,6 +37,11 @@ func GetRegistries() ([]string, error) {
 // GetInsecureRegistries obtains the list of insecure registries from the global registration file.
 func GetInsecureRegistries() ([]string, error) {
 	registryConfigPath := ""
+
+	if _, err := os.Stat(userRegistriesFile); err == nil {
+		registryConfigPath = userRegistriesFile
+	}
+
 	envOverride := os.Getenv("REGISTRIES_CONFIG_PATH")
 	if len(envOverride) > 0 {
 		registryConfigPath = envOverride
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go
index ba0f3b925..bc63ece00 100644
--- a/pkg/secrets/secrets.go
+++ b/pkg/secrets/secrets.go
@@ -10,6 +10,7 @@ import (
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
+	"github.com/projectatomic/libpod/pkg/rootless"
 	"github.com/sirupsen/logrus"
 )
 
@@ -20,6 +21,9 @@ var (
 	// OverrideMountsFile holds the default mount paths in the form
 	// "host_path:container_path" overridden by the user
 	OverrideMountsFile = "/etc/containers/mounts.conf"
+	// UserOverrideMountsFile holds the default mount paths in the form
+	// "host_path:container_path" overridden by the rootless user
+	UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf")
 )
 
 // secretData stores the name of the file and the content read from it
@@ -143,15 +147,21 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
 	// Note for testing purposes only
 	if mountFile == "" {
 		mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...)
+		if rootless.IsRootless() {
+			mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...)
+		}
 	} else {
 		mountFiles = append(mountFiles, mountFile)
 	}
 	for _, file := range mountFiles {
-		mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid)
-		if err != nil {
-			logrus.Warnf("error mounting secrets, skipping: %v", err)
+		if _, err := os.Stat(file); err == nil {
+			mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid)
+			if err != nil {
+				logrus.Warnf("error mounting secrets, skipping: %v", err)
+			}
+			secretMounts = mounts
+			break
 		}
-		secretMounts = append(secretMounts, mounts...)
 	}
 
 	// Add FIPS mode secret if /etc/system-fips exists on the host