aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authoropenshift-ci[bot] <75433959+openshift-ci[bot]@users.noreply.github.com>2021-08-11 21:03:29 +0000
committerGitHub <noreply@github.com>2021-08-11 21:03:29 +0000
commit63269b60fe7f928c29439357177ab56242723258 (patch)
treed54633e92f854dfe9f5e0e0361e46e35c2dcfe7d /libpod
parent922699f0a1983f3f77946cef2fba934d80afdb6f (diff)
parent7442f0b858e5fe2d7922b3b5714030fda5b2646e (diff)
downloadpodman-63269b60fe7f928c29439357177ab56242723258.tar.gz
podman-63269b60fe7f928c29439357177ab56242723258.tar.bz2
podman-63269b60fe7f928c29439357177ab56242723258.zip
Merge pull request #11193 from mheon/release_notes_33
Release notes for Podman v3.3.0-RC2
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal.go36
-rw-r--r--libpod/container_internal_linux.go38
-rw-r--r--libpod/container_validate.go1
-rw-r--r--libpod/define/pod_inspect.go12
-rw-r--r--libpod/info.go29
-rw-r--r--libpod/options.go42
-rw-r--r--libpod/pod.go108
-rw-r--r--libpod/pod_api.go6
-rw-r--r--libpod/runtime_ctr.go4
-rw-r--r--libpod/runtime_pod_infra_linux.go8
-rw-r--r--libpod/util.go39
11 files changed, 104 insertions, 219 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index e7694227a..8ffcccf4c 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -472,20 +472,10 @@ func (c *Container) setupStorage(ctx context.Context) error {
c.config.IDMappings.UIDMap = containerInfo.UIDMap
c.config.IDMappings.GIDMap = containerInfo.GIDMap
- processLabel := containerInfo.ProcessLabel
- switch {
- case c.ociRuntime.SupportsKVM():
- processLabel, err = selinux.KVMLabel(processLabel)
- if err != nil {
- return err
- }
- case c.config.Systemd:
- processLabel, err = selinux.InitLabel(processLabel)
- if err != nil {
- return err
- }
+ processLabel, err := c.processLabel(containerInfo.ProcessLabel)
+ if err != nil {
+ return err
}
-
c.config.ProcessLabel = processLabel
c.config.MountLabel = containerInfo.MountLabel
c.config.StaticDir = containerInfo.Dir
@@ -520,6 +510,26 @@ func (c *Container) setupStorage(ctx context.Context) error {
return nil
}
+func (c *Container) processLabel(processLabel string) (string, error) {
+ if !c.config.Systemd && !c.ociRuntime.SupportsKVM() {
+ return processLabel, nil
+ }
+ ctrSpec, err := c.specFromState()
+ if err != nil {
+ return "", err
+ }
+ label, ok := ctrSpec.Annotations[define.InspectAnnotationLabel]
+ if !ok || !strings.Contains(label, "type:") {
+ switch {
+ case c.ociRuntime.SupportsKVM():
+ return selinux.KVMLabel(processLabel)
+ case c.config.Systemd:
+ return selinux.InitLabel(processLabel)
+ }
+ }
+ return processLabel, nil
+}
+
// Tear down a container's storage prior to removal
func (c *Container) teardownStorage() error {
if c.ensureState(define.ContainerStateRunning, define.ContainerStatePaused) {
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index bff64aa95..f30f622ac 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1912,6 +1912,7 @@ func (c *Container) appendHosts(path string, netCtr *Container) (string, error)
// and returns a string in a format that can be written to the host file
func (c *Container) getHosts() string {
var hosts string
+
if len(c.config.HostAdd) > 0 {
for _, host := range c.config.HostAdd {
// the host format has already been verified at this point
@@ -1922,36 +1923,33 @@ func (c *Container) getHosts() string {
hosts += c.cniHosts()
- // If not making a network namespace, add our own hostname.
+ // Add hostname for slirp4netns
if c.Hostname() != "" {
if c.config.NetMode.IsSlirp4netns() {
// When using slirp4netns, the interface gets a static IP
slirp4netnsIP, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
if err != nil {
- logrus.Warn("failed to determine slirp4netnsIP: ", err.Error())
+ logrus.Warnf("failed to determine slirp4netnsIP: %v", err.Error())
} else {
hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", slirp4netnsIP.String(), c.Hostname(), c.config.Name)
}
- } else {
- hasNetNS := false
- netNone := false
- for _, ns := range c.config.Spec.Linux.Namespaces {
- if ns.Type == spec.NetworkNamespace {
- hasNetNS = true
- if ns.Path == "" && !c.config.CreateNetNS {
- netNone = true
- }
- break
+ }
+
+ // Do we have a network namespace?
+ netNone := false
+ for _, ns := range c.config.Spec.Linux.Namespaces {
+ if ns.Type == spec.NetworkNamespace {
+ if ns.Path == "" && !c.config.CreateNetNS {
+ netNone = true
}
+ break
}
- if !hasNetNS {
- // 127.0.1.1 and host's hostname to match Docker
- osHostname, _ := os.Hostname()
- hosts += fmt.Sprintf("127.0.1.1 %s %s %s\n", osHostname, c.Hostname(), c.config.Name)
- }
- if netNone {
- hosts += fmt.Sprintf("127.0.1.1 %s %s\n", c.Hostname(), c.config.Name)
- }
+ }
+
+ // If we are net=none (have a network namespace, but not connected to
+ // anything) add the container's name and hostname to localhost.
+ if netNone {
+ hosts += fmt.Sprintf("127.0.0.1 %s %s\n", c.Hostname(), c.config.Name)
}
}
diff --git a/libpod/container_validate.go b/libpod/container_validate.go
index 6ff46f1b1..aae96ae85 100644
--- a/libpod/container_validate.go
+++ b/libpod/container_validate.go
@@ -131,5 +131,6 @@ func (c *Container) validate() error {
if c.config.User == "" && (c.config.Spec.Process.User.UID != 0 || c.config.Spec.Process.User.GID != 0) {
return errors.Wrapf(define.ErrInvalidArg, "please set User explicitly via WithUser() instead of in OCI spec directly")
}
+
return nil
}
diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go
index a17304875..7c9ea6f90 100644
--- a/libpod/define/pod_inspect.go
+++ b/libpod/define/pod_inspect.go
@@ -51,12 +51,6 @@ type InspectPodData struct {
// Containers gives a brief summary of all containers in the pod and
// their current status.
Containers []InspectPodContainerInfo `json:"Containers,omitempty"`
- // CPUPeriod contains the CPU period of the pod
- CPUPeriod uint64 `json:"cpu_period,omitempty"`
- // CPUQuota contains the CPU quota of the pod
- CPUQuota int64 `json:"cpu_quota,omitempty"`
- // CPUSetCPUs contains linux specific CPU data for the pod
- CPUSetCPUs string `json:"cpuset_cpus,omitempty"`
}
// InspectPodInfraConfig contains the configuration of the pod's infra
@@ -97,12 +91,6 @@ type InspectPodInfraConfig struct {
Networks []string
// NetworkOptions are additional options for each network
NetworkOptions map[string][]string
- // CPUPeriod contains the CPU period of the pod
- CPUPeriod uint64 `json:"cpu_period,omitempty"`
- // CPUQuota contains the CPU quota of the pod
- CPUQuota int64 `json:"cpu_quota,omitempty"`
- // CPUSetCPUs contains linux specific CPU data for the container
- CPUSetCPUs string `json:"cpuset_cpus,omitempty"`
// Pid is the PID namespace mode of the pod's infra container
PidNS string `json:"pid_ns,omitempty"`
}
diff --git a/libpod/info.go b/libpod/info.go
index cdc73780f..2b48ea590 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -141,19 +141,24 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
}
info.CGroupsVersion = cgroupVersion
- if rootless.IsRootless() {
- if path, err := exec.LookPath("slirp4netns"); err == nil {
- version, err := programVersion(path)
- if err != nil {
- logrus.Warnf("Failed to retrieve program version for %s: %v", path, err)
- }
- program := define.SlirpInfo{
- Executable: path,
- Package: packageVersion(path),
- Version: version,
- }
- info.Slirp4NetNS = program
+ slirp4netnsPath := r.config.Engine.NetworkCmdPath
+ if slirp4netnsPath == "" {
+ slirp4netnsPath, _ = exec.LookPath("slirp4netns")
+ }
+ if slirp4netnsPath != "" {
+ version, err := programVersion(slirp4netnsPath)
+ if err != nil {
+ logrus.Warnf("Failed to retrieve program version for %s: %v", slirp4netnsPath, err)
+ }
+ program := define.SlirpInfo{
+ Executable: slirp4netnsPath,
+ Package: packageVersion(slirp4netnsPath),
+ Version: version,
}
+ info.Slirp4NetNS = program
+ }
+
+ if rootless.IsRootless() {
uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map")
if err != nil {
return nil, errors.Wrapf(err, "error reading uid mappings")
diff --git a/libpod/options.go b/libpod/options.go
index 17a36008d..776f5ddd8 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -21,7 +21,6 @@ import (
"github.com/containers/storage"
"github.com/containers/storage/pkg/idtools"
"github.com/cri-o/ocicni/pkg/ocicni"
- "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -574,6 +573,7 @@ func WithMaxLogSize(limit int64) CtrCreateOption {
if ctr.valid {
return define.ErrRuntimeFinalized
}
+
ctr.config.LogSize = limit
return nil
@@ -881,6 +881,7 @@ func WithMountNSFrom(nsCtr *Container) CtrCreateOption {
if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return err
}
+
ctr.config.MountNsCtr = nsCtr.ID()
return nil
@@ -2386,45 +2387,6 @@ func WithVolatile() CtrCreateOption {
}
}
-// WithPodCPUPAQ takes the given cpu period and quota and inserts them in the proper place.
-func WithPodCPUPAQ(period uint64, quota int64) PodCreateOption {
- return func(pod *Pod) error {
- if pod.valid {
- return define.ErrPodFinalized
- }
- if pod.CPUPeriod() != 0 && pod.CPUQuota() != 0 {
- pod.config.InfraContainer.ResourceLimits.CPU = &specs.LinuxCPU{
- Period: &period,
- Quota: &quota,
- }
- } else {
- pod.config.InfraContainer.ResourceLimits = &specs.LinuxResources{}
- pod.config.InfraContainer.ResourceLimits.CPU = &specs.LinuxCPU{
- Period: &period,
- Quota: &quota,
- }
- }
- return nil
- }
-}
-
-// WithPodCPUSetCPUS computes and sets the Cpus linux resource string which determines the amount of cores, from those available, we are allowed to execute on
-func WithPodCPUSetCPUs(inp string) PodCreateOption {
- return func(pod *Pod) error {
- if pod.valid {
- return define.ErrPodFinalized
- }
- if pod.ResourceLim().CPU.Period != nil {
- pod.config.InfraContainer.ResourceLimits.CPU.Cpus = inp
- } else {
- pod.config.InfraContainer.ResourceLimits = &specs.LinuxResources{}
- pod.config.InfraContainer.ResourceLimits.CPU = &specs.LinuxCPU{}
- pod.config.InfraContainer.ResourceLimits.CPU.Cpus = inp
- }
- return nil
- }
-}
-
func WithPodPidNS(inp specgen.Namespace) PodCreateOption {
return func(p *Pod) error {
if p.valid {
diff --git a/libpod/pod.go b/libpod/pod.go
index 62f5c9e5b..0fbf61550 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -1,7 +1,6 @@
package libpod
import (
- "context"
"net"
"time"
@@ -9,7 +8,6 @@ import (
"github.com/containers/podman/v3/libpod/lock"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/cri-o/ocicni/pkg/ocicni"
- "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
)
@@ -94,28 +92,27 @@ type podState struct {
// Generally speaking, aside from those two exceptions, these options will set
// the equivalent field in the container's configuration.
type InfraContainerConfig struct {
- ConmonPidFile string `json:"conmonPidFile"`
- HasInfraContainer bool `json:"makeInfraContainer"`
- NoNetwork bool `json:"noNetwork,omitempty"`
- HostNetwork bool `json:"infraHostNetwork,omitempty"`
- PidNS specgen.Namespace `json:"infraPid,omitempty"`
- PortBindings []ocicni.PortMapping `json:"infraPortBindings"`
- StaticIP net.IP `json:"staticIP,omitempty"`
- StaticMAC net.HardwareAddr `json:"staticMAC,omitempty"`
- UseImageResolvConf bool `json:"useImageResolvConf,omitempty"`
- DNSServer []string `json:"dnsServer,omitempty"`
- DNSSearch []string `json:"dnsSearch,omitempty"`
- DNSOption []string `json:"dnsOption,omitempty"`
- UseImageHosts bool `json:"useImageHosts,omitempty"`
- HostAdd []string `json:"hostsAdd,omitempty"`
- Networks []string `json:"networks,omitempty"`
- ExitCommand []string `json:"exitCommand,omitempty"`
- InfraImage string `json:"infraImage,omitempty"`
- InfraCommand []string `json:"infraCommand,omitempty"`
- InfraName string `json:"infraName,omitempty"`
- Slirp4netns bool `json:"slirp4netns,omitempty"`
- NetworkOptions map[string][]string `json:"network_options,omitempty"`
- ResourceLimits *specs.LinuxResources `json:"resource_limits,omitempty"`
+ ConmonPidFile string `json:"conmonPidFile"`
+ HasInfraContainer bool `json:"makeInfraContainer"`
+ NoNetwork bool `json:"noNetwork,omitempty"`
+ HostNetwork bool `json:"infraHostNetwork,omitempty"`
+ PidNS specgen.Namespace `json:"infraPid,omitempty"`
+ PortBindings []ocicni.PortMapping `json:"infraPortBindings"`
+ StaticIP net.IP `json:"staticIP,omitempty"`
+ StaticMAC net.HardwareAddr `json:"staticMAC,omitempty"`
+ UseImageResolvConf bool `json:"useImageResolvConf,omitempty"`
+ DNSServer []string `json:"dnsServer,omitempty"`
+ DNSSearch []string `json:"dnsSearch,omitempty"`
+ DNSOption []string `json:"dnsOption,omitempty"`
+ UseImageHosts bool `json:"useImageHosts,omitempty"`
+ HostAdd []string `json:"hostsAdd,omitempty"`
+ Networks []string `json:"networks,omitempty"`
+ ExitCommand []string `json:"exitCommand,omitempty"`
+ InfraImage string `json:"infraImage,omitempty"`
+ InfraCommand []string `json:"infraCommand,omitempty"`
+ InfraName string `json:"infraName,omitempty"`
+ Slirp4netns bool `json:"slirp4netns,omitempty"`
+ NetworkOptions map[string][]string `json:"network_options,omitempty"`
}
// ID retrieves the pod's ID
@@ -134,45 +131,6 @@ func (p *Pod) Namespace() string {
return p.config.Namespace
}
-// ResourceLim returns the cpuset resource limits for the pod
-func (p *Pod) ResourceLim() *specs.LinuxResources {
- resCopy := &specs.LinuxResources{}
- if err := JSONDeepCopy(p.config.InfraContainer.ResourceLimits, resCopy); err != nil {
- return nil
- }
- if resCopy != nil && resCopy.CPU != nil {
- return resCopy
- }
- empty := &specs.LinuxResources{
- CPU: &specs.LinuxCPU{},
- }
- return empty
-}
-
-// CPUPeriod returns the pod CPU period
-func (p *Pod) CPUPeriod() uint64 {
- resCopy := &specs.LinuxResources{}
- if err := JSONDeepCopy(p.config.InfraContainer.ResourceLimits, resCopy); err != nil {
- return 0
- }
- if resCopy != nil && resCopy.CPU != nil && resCopy.CPU.Period != nil {
- return *resCopy.CPU.Period
- }
- return 0
-}
-
-// CPUQuota returns the pod CPU quota
-func (p *Pod) CPUQuota() int64 {
- resCopy := &specs.LinuxResources{}
- if err := JSONDeepCopy(p.config.InfraContainer.ResourceLimits, resCopy); err != nil {
- return 0
- }
- if resCopy != nil && resCopy.CPU != nil && resCopy.CPU.Quota != nil {
- return *resCopy.CPU.Quota
- }
- return 0
-}
-
// PidMode returns the PID mode given by the user ex: pod, private...
func (p *Pod) PidMode() string {
return string(p.config.InfraContainer.PidNS.NSMode)
@@ -258,31 +216,7 @@ func (p *Pod) CgroupPath() (string, error) {
if err := p.updatePod(); err != nil {
return "", err
}
- if p.state.CgroupPath != "" {
- return p.state.CgroupPath, nil
- }
- if !p.HasInfraContainer() {
- return "", errors.Wrap(define.ErrNoSuchCtr, "pod has no infra container")
- }
-
- id := p.state.InfraContainerID
- if id != "" {
- ctr, err := p.runtime.state.Container(id)
- if err != nil {
- return "", errors.Wrapf(err, "could not get infra")
- }
- if ctr != nil {
- ctr.Start(context.Background(), false)
- cgroupPath, err := ctr.CGroupPath()
- if err != nil {
- return "", errors.Wrapf(err, "could not get container cgroup")
- }
- p.state.CgroupPath = cgroupPath
- p.save()
- return cgroupPath, nil
- }
- }
return p.state.CgroupPath, nil
}
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index 1ab012a8b..6b6e94f81 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -538,9 +538,6 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
infraConfig.StaticMAC = p.config.InfraContainer.StaticMAC.String()
infraConfig.NoManageResolvConf = p.config.InfraContainer.UseImageResolvConf
infraConfig.NoManageHosts = p.config.InfraContainer.UseImageHosts
- infraConfig.CPUPeriod = p.CPUPeriod()
- infraConfig.CPUQuota = p.CPUQuota()
- infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus
infraConfig.PidNS = p.PidMode()
if len(p.config.InfraContainer.DNSServer) > 0 {
@@ -585,9 +582,6 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
SharedNamespaces: sharesNS,
NumContainers: uint(len(containers)),
Containers: ctrs,
- CPUSetCPUs: p.ResourceLim().CPU.Cpus,
- CPUPeriod: p.CPUPeriod(),
- CPUQuota: p.CPUQuota(),
}
return &inspectData, nil
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 31e2d09ce..059f56798 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -353,6 +353,10 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
}
}
+ if ctr.config.Timezone == "" {
+ ctr.config.Timezone = r.config.Containers.TZ
+ }
+
if ctr.restoreFromCheckpoint {
// Remove information about bind mount
// for new container from imported checkpoint
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index d4f861118..46a34e2de 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -158,6 +158,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
g.Config.Linux.Namespaces = newNS
}
}
+
g.SetRootReadonly(true)
g.SetProcessArgs(infraCtrCommand)
@@ -184,6 +185,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
// Ignore mqueue sysctls if not sharing IPC
if !p.config.UsePodIPC && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
logrus.Infof("Sysctl %s=%s ignored in containers.conf, since IPC Namespace for pod is unused", sysctlKey, sysctlVal)
+
continue
}
@@ -198,6 +200,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
logrus.Infof("Sysctl %s=%s ignored in containers.conf, since UTS Namespace for pod is unused", sysctlKey, sysctlVal)
continue
}
+
g.AddLinuxSysctl(sysctlKey, sysctlVal)
}
@@ -213,11 +216,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
if len(p.config.InfraContainer.ConmonPidFile) > 0 {
options = append(options, WithConmonPidFile(p.config.InfraContainer.ConmonPidFile))
}
- newRes := new(spec.LinuxResources)
- newRes.CPU = new(spec.LinuxCPU)
- newRes.CPU = p.ResourceLim().CPU
- g.Config.Linux.Resources.CPU = newRes.CPU
return r.newContainer(ctx, g.Config, options...)
}
@@ -228,6 +227,7 @@ func (r *Runtime) createInfraContainer(ctx context.Context, p *Pod) (*Container,
if !r.valid {
return nil, define.ErrRuntimeStopped
}
+
imageName := p.config.InfraContainer.InfraImage
if imageName == "" {
imageName = r.config.Engine.InfraImage
diff --git a/libpod/util.go b/libpod/util.go
index 7f4a01f28..3b32fb264 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -153,33 +153,22 @@ func queryPackageVersion(cmdArg ...string) string {
return strings.Trim(output, "\n")
}
-func equeryVersion(path string) string {
- return queryPackageVersion("/usr/bin/equery", "b", path)
-}
-
-func pacmanVersion(path string) string {
- return queryPackageVersion("/usr/bin/pacman", "-Qo", path)
-}
-
-func dpkgVersion(path string) string {
- return queryPackageVersion("/usr/bin/dpkg", "-S", path)
-}
-
-func rpmVersion(path string) string {
- return queryPackageVersion("/usr/bin/rpm", "-q", "-f", path)
-}
-
-func packageVersion(program string) string {
- if out := rpmVersion(program); out != unknownPackage {
- return out
- }
- if out := dpkgVersion(program); out != unknownPackage {
- return out
+func packageVersion(program string) string { // program is full path
+ packagers := [][]string{
+ {"/usr/bin/rpm", "-q", "-f"},
+ {"/usr/bin/dpkg", "-S"}, // Debian, Ubuntu
+ {"/usr/bin/pacman", "-Qo"}, // Arch
+ {"/usr/bin/qfile", "-qv"}, // Gentoo (quick)
+ {"/usr/bin/equery", "b"}, // Gentoo (slow)
}
- if out := pacmanVersion(program); out != unknownPackage {
- return out
+
+ for _, cmd := range packagers {
+ cmd = append(cmd, program)
+ if out := queryPackageVersion(cmd...); out != unknownPackage {
+ return out
+ }
}
- return equeryVersion(program)
+ return unknownPackage
}
func programVersion(mountProgram string) (string, error) {