Merge pull request #11193 from mheon/release_notes_33

Release notes for Podman v3.3.0-RC2

11 files changed, 104 insertions, 219 deletions

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index e7694227a..8ffcccf4c 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -472,20 +472,10 @@ func (c *Container) setupStorage(ctx context.Context) error {
 	c.config.IDMappings.UIDMap = containerInfo.UIDMap
 	c.config.IDMappings.GIDMap = containerInfo.GIDMap
 
-	processLabel := containerInfo.ProcessLabel
-	switch {
-	case c.ociRuntime.SupportsKVM():
-		processLabel, err = selinux.KVMLabel(processLabel)
-		if err != nil {
-			return err
-		}
-	case c.config.Systemd:
-		processLabel, err = selinux.InitLabel(processLabel)
-		if err != nil {
-			return err
-		}
+	processLabel, err := c.processLabel(containerInfo.ProcessLabel)
+	if err != nil {
+		return err
 	}
-
 	c.config.ProcessLabel = processLabel
 	c.config.MountLabel = containerInfo.MountLabel
 	c.config.StaticDir = containerInfo.Dir
@@ -520,6 +510,26 @@ func (c *Container) setupStorage(ctx context.Context) error {
 	return nil
 }
 
+func (c *Container) processLabel(processLabel string) (string, error) {
+	if !c.config.Systemd && !c.ociRuntime.SupportsKVM() {
+		return processLabel, nil
+	}
+	ctrSpec, err := c.specFromState()
+	if err != nil {
+		return "", err
+	}
+	label, ok := ctrSpec.Annotations[define.InspectAnnotationLabel]
+	if !ok || !strings.Contains(label, "type:") {
+		switch {
+		case c.ociRuntime.SupportsKVM():
+			return selinux.KVMLabel(processLabel)
+		case c.config.Systemd:
+			return selinux.InitLabel(processLabel)
+		}
+	}
+	return processLabel, nil
+}
+
 // Tear down a container's storage prior to removal
 func (c *Container) teardownStorage() error {
 	if c.ensureState(define.ContainerStateRunning, define.ContainerStatePaused) {
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index bff64aa95..f30f622ac 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1912,6 +1912,7 @@ func (c *Container) appendHosts(path string, netCtr *Container) (string, error)
 // and returns a string in a format that can be written to the host file
 func (c *Container) getHosts() string {
 	var hosts string
+
 	if len(c.config.HostAdd) > 0 {
 		for _, host := range c.config.HostAdd {
 			// the host format has already been verified at this point
@@ -1922,36 +1923,33 @@ func (c *Container) getHosts() string {
 
 	hosts += c.cniHosts()
 
-	// If not making a network namespace, add our own hostname.
+	// Add hostname for slirp4netns
 	if c.Hostname() != "" {
 		if c.config.NetMode.IsSlirp4netns() {
 			// When using slirp4netns, the interface gets a static IP
 			slirp4netnsIP, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
 			if err != nil {
-				logrus.Warn("failed to determine slirp4netnsIP: ", err.Error())
+				logrus.Warnf("failed to determine slirp4netnsIP: %v", err.Error())
 			} else {
 				hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", slirp4netnsIP.String(), c.Hostname(), c.config.Name)
 			}
-		} else {
-			hasNetNS := false
-			netNone := false
-			for _, ns := range c.config.Spec.Linux.Namespaces {
-				if ns.Type == spec.NetworkNamespace {
-					hasNetNS = true
-					if ns.Path == "" && !c.config.CreateNetNS {
-						netNone = true
-					}
-					break
+		}
+
+		// Do we have a network namespace?
+		netNone := false
+		for _, ns := range c.config.Spec.Linux.Namespaces {
+			if ns.Type == spec.NetworkNamespace {
+				if ns.Path == "" && !c.config.CreateNetNS {
+					netNone = true
 				}
+				break
 			}
-			if !hasNetNS {
-				// 127.0.1.1 and host's hostname to match Docker
-				osHostname, _ := os.Hostname()
-				hosts += fmt.Sprintf("127.0.1.1 %s %s %s\n", osHostname, c.Hostname(), c.config.Name)
-			}
-			if netNone {
-				hosts += fmt.Sprintf("127.0.1.1 %s %s\n", c.Hostname(), c.config.Name)
-			}
+		}
+
+		// If we are net=none (have a network namespace, but not connected to
+		// anything) add the container's name and hostname to localhost.
+		if netNone {
+			hosts += fmt.Sprintf("127.0.0.1 %s %s\n", c.Hostname(), c.config.Name)
 		}
 	}
 
diff --git a/libpod/container_validate.go b/libpod/container_validate.go
index 6ff46f1b1..aae96ae85 100644
--- a/libpod/container_validate.go
+++ b/libpod/container_validate.go
@@ -131,5 +131,6 @@ func (c *Container) validate() error {
 	if c.config.User == "" && (c.config.Spec.Process.User.UID != 0 || c.config.Spec.Process.User.GID != 0) {
 		return errors.Wrapf(define.ErrInvalidArg, "please set User explicitly via WithUser() instead of in OCI spec directly")
 	}
+
 	return nil
 }
diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go
index a17304875..7c9ea6f90 100644
--- a/libpod/define/pod_inspect.go
+++ b/libpod/define/pod_inspect.go
@@ -51,12 +51,6 @@ type InspectPodData struct {
 	// Containers gives a brief summary of all containers in the pod and
 	// their current status.
 	Containers []InspectPodContainerInfo `json:"Containers,omitempty"`
-	// CPUPeriod contains the CPU period of the pod
-	CPUPeriod uint64 `json:"cpu_period,omitempty"`
-	// CPUQuota contains the CPU quota of the pod
-	CPUQuota int64 `json:"cpu_quota,omitempty"`
-	// CPUSetCPUs contains linux specific CPU data for the pod
-	CPUSetCPUs string `json:"cpuset_cpus,omitempty"`
 }
 
 // InspectPodInfraConfig contains the configuration of the pod's infra
@@ -97,12 +91,6 @@ type InspectPodInfraConfig struct {
 	Networks []string
 	// NetworkOptions are additional options for each network
 	NetworkOptions map[string][]string
-	// CPUPeriod contains the CPU period of the pod
-	CPUPeriod uint64 `json:"cpu_period,omitempty"`
-	// CPUQuota contains the CPU quota of the pod
-	CPUQuota int64 `json:"cpu_quota,omitempty"`
-	// CPUSetCPUs contains linux specific CPU data for the container
-	CPUSetCPUs string `json:"cpuset_cpus,omitempty"`
 	// Pid is the PID namespace mode of the pod's infra container
 	PidNS string `json:"pid_ns,omitempty"`
 }
diff --git a/libpod/info.go b/libpod/info.go
index cdc73780f..2b48ea590 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -141,19 +141,24 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
 	}
 	info.CGroupsVersion = cgroupVersion
 
-	if rootless.IsRootless() {
-		if path, err := exec.LookPath("slirp4netns"); err == nil {
-			version, err := programVersion(path)
-			if err != nil {
-				logrus.Warnf("Failed to retrieve program version for %s: %v", path, err)
-			}
-			program := define.SlirpInfo{
-				Executable: path,
-				Package:    packageVersion(path),
-				Version:    version,
-			}
-			info.Slirp4NetNS = program
+	slirp4netnsPath := r.config.Engine.NetworkCmdPath
+	if slirp4netnsPath == "" {
+		slirp4netnsPath, _ = exec.LookPath("slirp4netns")
+	}
+	if slirp4netnsPath != "" {
+		version, err := programVersion(slirp4netnsPath)
+		if err != nil {
+			logrus.Warnf("Failed to retrieve program version for %s: %v", slirp4netnsPath, err)
+		}
+		program := define.SlirpInfo{
+			Executable: slirp4netnsPath,
+			Package:    packageVersion(slirp4netnsPath),
+			Version:    version,
 		}
+		info.Slirp4NetNS = program
+	}
+
+	if rootless.IsRootless() {
 		uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map")
 		if err != nil {
 			return nil, errors.Wrapf(err, "error reading uid mappings")
diff --git a/libpod/options.go b/libpod/options.go
index 17a36008d..776f5ddd8 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -21,7 +21,6 @@ import (
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/cri-o/ocicni/pkg/ocicni"
-	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -574,6 +573,7 @@ func WithMaxLogSize(limit int64) CtrCreateOption {
 		if ctr.valid {
 			return define.ErrRuntimeFinalized
 		}
+
 		ctr.config.LogSize = limit
 
 		return nil
@@ -881,6 +881,7 @@ func WithMountNSFrom(nsCtr *Container) CtrCreateOption {
 		if err := checkDependencyContainer(nsCtr, ctr); err != nil {
 			return err
 		}
+
 		ctr.config.MountNsCtr = nsCtr.ID()
 
 		return nil
@@ -2386,45 +2387,6 @@ func WithVolatile() CtrCreateOption {
 	}
 }
 
-// WithPodCPUPAQ takes the given cpu period and quota and inserts them in the proper place.
-func WithPodCPUPAQ(period uint64, quota int64) PodCreateOption {
-	return func(pod *Pod) error {
-		if pod.valid {
-			return define.ErrPodFinalized
-		}
-		if pod.CPUPeriod() != 0 && pod.CPUQuota() != 0 {
-			pod.config.InfraContainer.ResourceLimits.CPU = &specs.LinuxCPU{
-				Period: &period,
-				Quota:  &quota,
-			}
-		} else {
-			pod.config.InfraContainer.ResourceLimits = &specs.LinuxResources{}
-			pod.config.InfraContainer.ResourceLimits.CPU = &specs.LinuxCPU{
-				Period: &period,
-				Quota:  &quota,
-			}
-		}
-		return nil
-	}
-}
-
-// WithPodCPUSetCPUS computes and sets the Cpus linux resource string which determines the amount of cores, from those available,  we are allowed to execute on
-func WithPodCPUSetCPUs(inp string) PodCreateOption {
-	return func(pod *Pod) error {
-		if pod.valid {
-			return define.ErrPodFinalized
-		}
-		if pod.ResourceLim().CPU.Period != nil {
-			pod.config.InfraContainer.ResourceLimits.CPU.Cpus = inp
-		} else {
-			pod.config.InfraContainer.ResourceLimits = &specs.LinuxResources{}
-			pod.config.InfraContainer.ResourceLimits.CPU = &specs.LinuxCPU{}
-			pod.config.InfraContainer.ResourceLimits.CPU.Cpus = inp
-		}
-		return nil
-	}
-}
-
 func WithPodPidNS(inp specgen.Namespace) PodCreateOption {
 	return func(p *Pod) error {
 		if p.valid {
diff --git a/libpod/pod.go b/libpod/pod.go
index 62f5c9e5b..0fbf61550 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -1,7 +1,6 @@
 package libpod
 
 import (
-	"context"
 	"net"
 	"time"
 
@@ -9,7 +8,6 @@ import (
 	"github.com/containers/podman/v3/libpod/lock"
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/cri-o/ocicni/pkg/ocicni"
-	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 
@@ -94,28 +92,27 @@ type podState struct {
 // Generally speaking, aside from those two exceptions, these options will set
 // the equivalent field in the container's configuration.
 type InfraContainerConfig struct {
-	ConmonPidFile      string                `json:"conmonPidFile"`
-	HasInfraContainer  bool                  `json:"makeInfraContainer"`
-	NoNetwork          bool                  `json:"noNetwork,omitempty"`
-	HostNetwork        bool                  `json:"infraHostNetwork,omitempty"`
-	PidNS              specgen.Namespace     `json:"infraPid,omitempty"`
-	PortBindings       []ocicni.PortMapping  `json:"infraPortBindings"`
-	StaticIP           net.IP                `json:"staticIP,omitempty"`
-	StaticMAC          net.HardwareAddr      `json:"staticMAC,omitempty"`
-	UseImageResolvConf bool                  `json:"useImageResolvConf,omitempty"`
-	DNSServer          []string              `json:"dnsServer,omitempty"`
-	DNSSearch          []string              `json:"dnsSearch,omitempty"`
-	DNSOption          []string              `json:"dnsOption,omitempty"`
-	UseImageHosts      bool                  `json:"useImageHosts,omitempty"`
-	HostAdd            []string              `json:"hostsAdd,omitempty"`
-	Networks           []string              `json:"networks,omitempty"`
-	ExitCommand        []string              `json:"exitCommand,omitempty"`
-	InfraImage         string                `json:"infraImage,omitempty"`
-	InfraCommand       []string              `json:"infraCommand,omitempty"`
-	InfraName          string                `json:"infraName,omitempty"`
-	Slirp4netns        bool                  `json:"slirp4netns,omitempty"`
-	NetworkOptions     map[string][]string   `json:"network_options,omitempty"`
-	ResourceLimits     *specs.LinuxResources `json:"resource_limits,omitempty"`
+	ConmonPidFile      string               `json:"conmonPidFile"`
+	HasInfraContainer  bool                 `json:"makeInfraContainer"`
+	NoNetwork          bool                 `json:"noNetwork,omitempty"`
+	HostNetwork        bool                 `json:"infraHostNetwork,omitempty"`
+	PidNS              specgen.Namespace    `json:"infraPid,omitempty"`
+	PortBindings       []ocicni.PortMapping `json:"infraPortBindings"`
+	StaticIP           net.IP               `json:"staticIP,omitempty"`
+	StaticMAC          net.HardwareAddr     `json:"staticMAC,omitempty"`
+	UseImageResolvConf bool                 `json:"useImageResolvConf,omitempty"`
+	DNSServer          []string             `json:"dnsServer,omitempty"`
+	DNSSearch          []string             `json:"dnsSearch,omitempty"`
+	DNSOption          []string             `json:"dnsOption,omitempty"`
+	UseImageHosts      bool                 `json:"useImageHosts,omitempty"`
+	HostAdd            []string             `json:"hostsAdd,omitempty"`
+	Networks           []string             `json:"networks,omitempty"`
+	ExitCommand        []string             `json:"exitCommand,omitempty"`
+	InfraImage         string               `json:"infraImage,omitempty"`
+	InfraCommand       []string             `json:"infraCommand,omitempty"`
+	InfraName          string               `json:"infraName,omitempty"`
+	Slirp4netns        bool                 `json:"slirp4netns,omitempty"`
+	NetworkOptions     map[string][]string  `json:"network_options,omitempty"`
 }
 
 // ID retrieves the pod's ID
@@ -134,45 +131,6 @@ func (p *Pod) Namespace() string {
 	return p.config.Namespace
 }
 
-// ResourceLim returns the cpuset resource limits for the pod
-func (p *Pod) ResourceLim() *specs.LinuxResources {
-	resCopy := &specs.LinuxResources{}
-	if err := JSONDeepCopy(p.config.InfraContainer.ResourceLimits, resCopy); err != nil {
-		return nil
-	}
-	if resCopy != nil && resCopy.CPU != nil {
-		return resCopy
-	}
-	empty := &specs.LinuxResources{
-		CPU: &specs.LinuxCPU{},
-	}
-	return empty
-}
-
-// CPUPeriod returns the pod CPU period
-func (p *Pod) CPUPeriod() uint64 {
-	resCopy := &specs.LinuxResources{}
-	if err := JSONDeepCopy(p.config.InfraContainer.ResourceLimits, resCopy); err != nil {
-		return 0
-	}
-	if resCopy != nil && resCopy.CPU != nil && resCopy.CPU.Period != nil {
-		return *resCopy.CPU.Period
-	}
-	return 0
-}
-
-// CPUQuota returns the pod CPU quota
-func (p *Pod) CPUQuota() int64 {
-	resCopy := &specs.LinuxResources{}
-	if err := JSONDeepCopy(p.config.InfraContainer.ResourceLimits, resCopy); err != nil {
-		return 0
-	}
-	if resCopy != nil && resCopy.CPU != nil && resCopy.CPU.Quota != nil {
-		return *resCopy.CPU.Quota
-	}
-	return 0
-}
-
 // PidMode returns the PID mode given by the user ex: pod, private...
 func (p *Pod) PidMode() string {
 	return string(p.config.InfraContainer.PidNS.NSMode)
@@ -258,31 +216,7 @@ func (p *Pod) CgroupPath() (string, error) {
 	if err := p.updatePod(); err != nil {
 		return "", err
 	}
-	if p.state.CgroupPath != "" {
-		return p.state.CgroupPath, nil
-	}
-	if !p.HasInfraContainer() {
-		return "", errors.Wrap(define.ErrNoSuchCtr, "pod has no infra container")
-	}
-
-	id := p.state.InfraContainerID
 
-	if id != "" {
-		ctr, err := p.runtime.state.Container(id)
-		if err != nil {
-			return "", errors.Wrapf(err, "could not get infra")
-		}
-		if ctr != nil {
-			ctr.Start(context.Background(), false)
-			cgroupPath, err := ctr.CGroupPath()
-			if err != nil {
-				return "", errors.Wrapf(err, "could not get container cgroup")
-			}
-			p.state.CgroupPath = cgroupPath
-			p.save()
-			return cgroupPath, nil
-		}
-	}
 	return p.state.CgroupPath, nil
 }
 
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index 1ab012a8b..6b6e94f81 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -538,9 +538,6 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
 		infraConfig.StaticMAC = p.config.InfraContainer.StaticMAC.String()
 		infraConfig.NoManageResolvConf = p.config.InfraContainer.UseImageResolvConf
 		infraConfig.NoManageHosts = p.config.InfraContainer.UseImageHosts
-		infraConfig.CPUPeriod = p.CPUPeriod()
-		infraConfig.CPUQuota = p.CPUQuota()
-		infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus
 		infraConfig.PidNS = p.PidMode()
 
 		if len(p.config.InfraContainer.DNSServer) > 0 {
@@ -585,9 +582,6 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
 		SharedNamespaces: sharesNS,
 		NumContainers:    uint(len(containers)),
 		Containers:       ctrs,
-		CPUSetCPUs:       p.ResourceLim().CPU.Cpus,
-		CPUPeriod:        p.CPUPeriod(),
-		CPUQuota:         p.CPUQuota(),
 	}
 
 	return &inspectData, nil
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 31e2d09ce..059f56798 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -353,6 +353,10 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		}
 	}
 
+	if ctr.config.Timezone == "" {
+		ctr.config.Timezone = r.config.Containers.TZ
+	}
+
 	if ctr.restoreFromCheckpoint {
 		// Remove information about bind mount
 		// for new container from imported checkpoint
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index d4f861118..46a34e2de 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -158,6 +158,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 			g.Config.Linux.Namespaces = newNS
 		}
 	}
+
 	g.SetRootReadonly(true)
 	g.SetProcessArgs(infraCtrCommand)
 
@@ -184,6 +185,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 		// Ignore mqueue sysctls if not sharing IPC
 		if !p.config.UsePodIPC && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
 			logrus.Infof("Sysctl %s=%s ignored in containers.conf, since IPC Namespace for pod is unused", sysctlKey, sysctlVal)
+
 			continue
 		}
 
@@ -198,6 +200,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 			logrus.Infof("Sysctl %s=%s ignored in containers.conf, since UTS Namespace for pod is unused", sysctlKey, sysctlVal)
 			continue
 		}
+
 		g.AddLinuxSysctl(sysctlKey, sysctlVal)
 	}
 
@@ -213,11 +216,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 	if len(p.config.InfraContainer.ConmonPidFile) > 0 {
 		options = append(options, WithConmonPidFile(p.config.InfraContainer.ConmonPidFile))
 	}
-	newRes := new(spec.LinuxResources)
-	newRes.CPU = new(spec.LinuxCPU)
-	newRes.CPU = p.ResourceLim().CPU
 
-	g.Config.Linux.Resources.CPU = newRes.CPU
 	return r.newContainer(ctx, g.Config, options...)
 }
 
@@ -228,6 +227,7 @@ func (r *Runtime) createInfraContainer(ctx context.Context, p *Pod) (*Container,
 	if !r.valid {
 		return nil, define.ErrRuntimeStopped
 	}
+
 	imageName := p.config.InfraContainer.InfraImage
 	if imageName == "" {
 		imageName = r.config.Engine.InfraImage
diff --git a/libpod/util.go b/libpod/util.go
index 7f4a01f28..3b32fb264 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -153,33 +153,22 @@ func queryPackageVersion(cmdArg ...string) string {
 	return strings.Trim(output, "\n")
 }
 
-func equeryVersion(path string) string {
-	return queryPackageVersion("/usr/bin/equery", "b", path)
-}
-
-func pacmanVersion(path string) string {
-	return queryPackageVersion("/usr/bin/pacman", "-Qo", path)
-}
-
-func dpkgVersion(path string) string {
-	return queryPackageVersion("/usr/bin/dpkg", "-S", path)
-}
-
-func rpmVersion(path string) string {
-	return queryPackageVersion("/usr/bin/rpm", "-q", "-f", path)
-}
-
-func packageVersion(program string) string {
-	if out := rpmVersion(program); out != unknownPackage {
-		return out
-	}
-	if out := dpkgVersion(program); out != unknownPackage {
-		return out
+func packageVersion(program string) string { // program is full path
+	packagers := [][]string{
+		{"/usr/bin/rpm", "-q", "-f"},
+		{"/usr/bin/dpkg", "-S"},    // Debian, Ubuntu
+		{"/usr/bin/pacman", "-Qo"}, // Arch
+		{"/usr/bin/qfile", "-qv"},  // Gentoo (quick)
+		{"/usr/bin/equery", "b"},   // Gentoo (slow)
 	}
-	if out := pacmanVersion(program); out != unknownPackage {
-		return out
+
+	for _, cmd := range packagers {
+		cmd = append(cmd, program)
+		if out := queryPackageVersion(cmd...); out != unknownPackage {
+			return out
+		}
 	}
-	return equeryVersion(program)
+	return unknownPackage
 }
 
 func programVersion(mountProgram string) (string, error) {