diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-01-24 16:26:44 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-24 16:26:44 -0500 |
commit | 6d8507d06bd8f1dbe91a688393e6fbd2b3382f23 (patch) | |
tree | 3b21d461a2e65a11981edbc460ec4053c55fa773 | |
parent | be722e59eca6cf4b8f9249825e044930d6534f74 (diff) | |
parent | dbfe79757b33231b3e5dc8537deb85fba8402eef (diff) | |
download | podman-6d8507d06bd8f1dbe91a688393e6fbd2b3382f23.tar.gz podman-6d8507d06bd8f1dbe91a688393e6fbd2b3382f23.tar.bz2 podman-6d8507d06bd8f1dbe91a688393e6fbd2b3382f23.zip |
Merge pull request #12996 from Luap99/buildah-rootless
remote build: set rootless oci isolation correctly
-rw-r--r-- | cmd/podman/images/build.go | 6 | ||||
-rw-r--r-- | pkg/api/handlers/compat/images_build.go | 30 |
2 files changed, 15 insertions, 21 deletions
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index f975cd6d5..cde050d5e 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -183,12 +183,6 @@ func buildFlags(cmd *cobra.Command) { completion.CompleteCommandFlags(cmd, fromAndBudFlagsCompletions) flags.SetNormalizeFunc(buildahCLI.AliasFlags) if registry.IsRemote() { - flag = flags.Lookup("isolation") - buildOpts.Isolation = buildahDefine.OCI - if err := flag.Value.Set(buildahDefine.OCI); err != nil { - logrus.Errorf("Unable to set --isolation to %v: %v", buildahDefine.OCI, err) - } - flag.DefValue = buildahDefine.OCI _ = flags.MarkHidden("disable-content-trust") _ = flags.MarkHidden("cache-from") _ = flags.MarkHidden("sign-by") diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 707551eab..cc9667202 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -22,6 +22,7 @@ import ( api "github.com/containers/podman/v4/pkg/api/types" "github.com/containers/podman/v4/pkg/auth" "github.com/containers/podman/v4/pkg/channel" + "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/storage/pkg/archive" "github.com/docker/docker/pkg/jsonmessage" "github.com/gorilla/schema" @@ -300,7 +301,17 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { registry := query.Registry isolation := buildah.IsolationDefault if utils.IsLibpodRequest(r) { - isolation = parseLibPodIsolation(query.Isolation) + var err error + isolation, err = parseLibPodIsolation(query.Isolation) + if err != nil { + utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "failed to parse isolation")) + return + } + + // make sure to force rootless as rootless otherwise buildah runs code which is intended to be run only as root. + if isolation == buildah.IsolationOCI && rootless.IsRootless() { + isolation = buildah.IsolationOCIRootless + } registry = "" format = query.OutputFormat } else { @@ -698,22 +709,11 @@ func parseNetworkConfigurationPolicy(network string) buildah.NetworkConfiguratio } } -func parseLibPodIsolation(isolation string) buildah.Isolation { // nolint +func parseLibPodIsolation(isolation string) (buildah.Isolation, error) { // nolint if val, err := strconv.Atoi(isolation); err == nil { - return buildah.Isolation(val) - } - switch isolation { - case "IsolationDefault", "default": - return buildah.IsolationDefault - case "IsolationOCI": - return buildah.IsolationOCI - case "IsolationChroot": - return buildah.IsolationChroot - case "IsolationOCIRootless": - return buildah.IsolationOCIRootless - default: - return buildah.IsolationDefault + return buildah.Isolation(val), nil } + return parse.IsolationOption(isolation) } func extractTarFile(r *http.Request) (string, error) { |