summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-01-24 16:26:44 -0500
committerGitHub <noreply@github.com>2022-01-24 16:26:44 -0500
commit6d8507d06bd8f1dbe91a688393e6fbd2b3382f23 (patch)
tree3b21d461a2e65a11981edbc460ec4053c55fa773
parentbe722e59eca6cf4b8f9249825e044930d6534f74 (diff)
parentdbfe79757b33231b3e5dc8537deb85fba8402eef (diff)
downloadpodman-6d8507d06bd8f1dbe91a688393e6fbd2b3382f23.tar.gz
podman-6d8507d06bd8f1dbe91a688393e6fbd2b3382f23.tar.bz2
podman-6d8507d06bd8f1dbe91a688393e6fbd2b3382f23.zip
Merge pull request #12996 from Luap99/buildah-rootless
remote build: set rootless oci isolation correctly
-rw-r--r--cmd/podman/images/build.go6
-rw-r--r--pkg/api/handlers/compat/images_build.go30
2 files changed, 15 insertions, 21 deletions
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go
index f975cd6d5..cde050d5e 100644
--- a/cmd/podman/images/build.go
+++ b/cmd/podman/images/build.go
@@ -183,12 +183,6 @@ func buildFlags(cmd *cobra.Command) {
completion.CompleteCommandFlags(cmd, fromAndBudFlagsCompletions)
flags.SetNormalizeFunc(buildahCLI.AliasFlags)
if registry.IsRemote() {
- flag = flags.Lookup("isolation")
- buildOpts.Isolation = buildahDefine.OCI
- if err := flag.Value.Set(buildahDefine.OCI); err != nil {
- logrus.Errorf("Unable to set --isolation to %v: %v", buildahDefine.OCI, err)
- }
- flag.DefValue = buildahDefine.OCI
_ = flags.MarkHidden("disable-content-trust")
_ = flags.MarkHidden("cache-from")
_ = flags.MarkHidden("sign-by")
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 707551eab..cc9667202 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -22,6 +22,7 @@ import (
api "github.com/containers/podman/v4/pkg/api/types"
"github.com/containers/podman/v4/pkg/auth"
"github.com/containers/podman/v4/pkg/channel"
+ "github.com/containers/podman/v4/pkg/rootless"
"github.com/containers/storage/pkg/archive"
"github.com/docker/docker/pkg/jsonmessage"
"github.com/gorilla/schema"
@@ -300,7 +301,17 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
registry := query.Registry
isolation := buildah.IsolationDefault
if utils.IsLibpodRequest(r) {
- isolation = parseLibPodIsolation(query.Isolation)
+ var err error
+ isolation, err = parseLibPodIsolation(query.Isolation)
+ if err != nil {
+ utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "failed to parse isolation"))
+ return
+ }
+
+ // make sure to force rootless as rootless otherwise buildah runs code which is intended to be run only as root.
+ if isolation == buildah.IsolationOCI && rootless.IsRootless() {
+ isolation = buildah.IsolationOCIRootless
+ }
registry = ""
format = query.OutputFormat
} else {
@@ -698,22 +709,11 @@ func parseNetworkConfigurationPolicy(network string) buildah.NetworkConfiguratio
}
}
-func parseLibPodIsolation(isolation string) buildah.Isolation { // nolint
+func parseLibPodIsolation(isolation string) (buildah.Isolation, error) { // nolint
if val, err := strconv.Atoi(isolation); err == nil {
- return buildah.Isolation(val)
- }
- switch isolation {
- case "IsolationDefault", "default":
- return buildah.IsolationDefault
- case "IsolationOCI":
- return buildah.IsolationOCI
- case "IsolationChroot":
- return buildah.IsolationChroot
- case "IsolationOCIRootless":
- return buildah.IsolationOCIRootless
- default:
- return buildah.IsolationDefault
+ return buildah.Isolation(val), nil
}
+ return parse.IsolationOption(isolation)
}
func extractTarFile(r *http.Request) (string, error) {