aboutsummaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-02-18 19:27:30 -0500
committerGitHub <noreply@github.com>2021-02-18 19:27:30 -0500
commit7e286bc430ea50b72e972e48626298ac2e1f258a (patch)
tree18520dac08ce1401bd183b976f5b01141810e3ae /pkg/specgen
parent797f1ea8cd0b7f4f85df4cf069bcd64c37a8ed1d (diff)
parent24cc53cb5fa756a27a24b063b9372b8f8fd4348b (diff)
downloadpodman-7e286bc430ea50b72e972e48626298ac2e1f258a.tar.gz
podman-7e286bc430ea50b72e972e48626298ac2e1f258a.tar.bz2
podman-7e286bc430ea50b72e972e48626298ac2e1f258a.zip
Merge pull request #9427 from mheon/bump_301
Bump to v3.0.1
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/container_validate.go1
-rw-r--r--pkg/specgen/generate/config_linux.go1
-rw-r--r--pkg/specgen/generate/kube/kube.go1
-rw-r--r--pkg/specgen/generate/kube/seccomp.go1
-rw-r--r--pkg/specgen/generate/kube/volume.go2
-rw-r--r--pkg/specgen/generate/oci.go6
-rw-r--r--pkg/specgen/generate/security.go14
-rw-r--r--pkg/specgen/pod_validate.go1
8 files changed, 12 insertions, 15 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 81cb8b78d..042e20e02 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -29,7 +29,6 @@ func exclusiveOptions(opt1, opt2 string) error {
// Validate verifies that the given SpecGenerator is valid and satisfies required
// input for creating a container.
func (s *SpecGenerator) Validate() error {
-
if rootless.IsRootless() && len(s.CNINetworks) == 0 {
if s.StaticIP != nil || s.StaticIPv6 != nil {
return ErrNoStaticIPRootless
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go
index 1290a8eb6..b9f024814 100644
--- a/pkg/specgen/generate/config_linux.go
+++ b/pkg/specgen/generate/config_linux.go
@@ -113,7 +113,6 @@ func DevicesFromPath(g *generate.Generator, devicePath string) error {
// mount the internal devices recursively
if err := filepath.Walk(resolvedDevicePath, func(dpath string, f os.FileInfo, e error) error {
-
if f.Mode()&os.ModeDevice == os.ModeDevice {
found = true
device := fmt.Sprintf("%s:%s", dpath, filepath.Join(dest, strings.TrimPrefix(dpath, src)))
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 98ab82259..e04ced3d3 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -384,7 +384,6 @@ func getPodPorts(containers []v1.Container) []specgen.PortMapping {
if p.HostPort != 0 {
infraPorts = append(infraPorts, portBinding)
}
-
}
}
return infraPorts
diff --git a/pkg/specgen/generate/kube/seccomp.go b/pkg/specgen/generate/kube/seccomp.go
index 4cbdf6e2e..353f9cbf2 100644
--- a/pkg/specgen/generate/kube/seccomp.go
+++ b/pkg/specgen/generate/kube/seccomp.go
@@ -11,6 +11,7 @@ import (
// KubeSeccompPaths holds information about a pod YAML's seccomp configuration
// it holds both container and pod seccomp paths
+// nolint:golint
type KubeSeccompPaths struct {
containerPaths map[string]string
podPath string
diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go
index f5687f60d..c3241a49e 100644
--- a/pkg/specgen/generate/kube/volume.go
+++ b/pkg/specgen/generate/kube/volume.go
@@ -17,6 +17,7 @@ const (
kubeFilePermission = 0644
)
+// nolint:golint
type KubeVolumeType int
const (
@@ -24,6 +25,7 @@ const (
KubeVolumeTypeNamed KubeVolumeType = iota
)
+// nolint:golint
type KubeVolume struct {
// Type of volume to create
Type KubeVolumeType
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index e62131244..eefe45dfe 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -105,7 +105,10 @@ func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image
entrypoint = newEntry
}
- finalCommand = append(finalCommand, entrypoint...)
+ // Don't append the entrypoint if it is [""]
+ if len(entrypoint) != 1 || entrypoint[0] != "" {
+ finalCommand = append(finalCommand, entrypoint...)
+ }
// Only use image command if the user did not manually set an
// entrypoint.
@@ -219,7 +222,6 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
if !mappingFound {
gid5Available = false
}
-
}
if !gid5Available {
// If we have no GID mappings, the gid=5 default option would fail, so drop it.
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index 390b19beb..fb45d87db 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -109,17 +109,15 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
}
}
if !s.Privileged && len(capsRequiredRequested) > 0 {
-
// Pass capRequiredRequested in CapAdd field to normalize capabilities names
capsRequired, err := capabilities.MergeCapabilities(nil, capsRequiredRequested, nil)
if err != nil {
return errors.Wrapf(err, "capabilities requested by user or image are not valid: %q", strings.Join(capsRequired, ","))
- } else {
- // Verify all capRequired are in the capList
- for _, cap := range capsRequired {
- if !util.StringInSlice(cap, caplist) {
- privCapsRequired = append(privCapsRequired, cap)
- }
+ }
+ // Verify all capRequired are in the capList
+ for _, cap := range capsRequired {
+ if !util.StringInSlice(cap, caplist) {
+ privCapsRequired = append(privCapsRequired, cap)
}
}
if len(privCapsRequired) == 0 {
@@ -189,7 +187,6 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
return err
}
for sysctlKey, sysctlVal := range defaultSysctls {
-
// Ignore mqueue sysctls if --ipc=host
if noUseIPC && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
logrus.Infof("Sysctl %s=%s ignored in containers.conf, since IPC Namespace set to host", sysctlKey, sysctlVal)
@@ -213,7 +210,6 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
}
for sysctlKey, sysctlVal := range s.Sysctl {
-
if s.IpcNS.IsHost() && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
return errors.Wrapf(define.ErrInvalidArg, "sysctl %s=%s can't be set since IPC Namespace set to host", sysctlKey, sysctlVal)
}
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index 518adb32f..c9bcdf623 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -19,7 +19,6 @@ func exclusivePodOptions(opt1, opt2 string) error {
// Validate verifies the input is valid
func (p *PodSpecGenerator) Validate() error {
-
if rootless.IsRootless() && len(p.CNINetworks) == 0 {
if p.StaticIP != nil {
return ErrNoStaticIPRootless