summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-04-16 11:56:16 -0700
committerGitHub <noreply@github.com>2020-04-16 11:56:16 -0700
commit57f3897289e886bbc775584f430f65a8765e4301 (patch)
tree48d126d08e768d91b8c0a9f20e68b8bd98b8f36e /pkg
parent8b178f12ce34b1ac2b14c1e56cb6e5b3937f7122 (diff)
parent1d93d212541616135da23bcf01ca49180f113e62 (diff)
downloadpodman-57f3897289e886bbc775584f430f65a8765e4301.tar.gz
podman-57f3897289e886bbc775584f430f65a8765e4301.tar.bz2
podman-57f3897289e886bbc775584f430f65a8765e4301.zip
Merge pull request #5848 from jwhonce/wip/options
V2 Enable rootless
Diffstat (limited to 'pkg')
-rw-r--r--pkg/domain/entities/engine.go219
-rw-r--r--pkg/domain/entities/engine_container.go4
-rw-r--r--pkg/domain/entities/engine_image.go2
-rw-r--r--pkg/domain/infra/abi/containers.go4
-rw-r--r--pkg/domain/infra/abi/system.go39
-rw-r--r--pkg/domain/infra/tunnel/system.go5
-rw-r--r--pkg/specgen/namespaces.go4
7 files changed, 17 insertions, 260 deletions
diff --git a/pkg/domain/entities/engine.go b/pkg/domain/entities/engine.go
index 3b971a1e8..f45218d14 100644
--- a/pkg/domain/entities/engine.go
+++ b/pkg/domain/entities/engine.go
@@ -2,17 +2,9 @@ package entities
import (
"context"
- "fmt"
"io"
- "os"
- "github.com/containers/buildah/pkg/parse"
"github.com/containers/common/pkg/config"
- "github.com/containers/common/pkg/sysinfo"
- "github.com/containers/libpod/pkg/apparmor"
- "github.com/containers/libpod/pkg/cgroups"
- "github.com/containers/libpod/pkg/rootless"
- "github.com/opencontainers/selinux/go-selinux"
"github.com/opentracing/opentracing-go"
"github.com/spf13/pflag"
)
@@ -54,214 +46,3 @@ type PodmanConfig struct {
StorageDriver string
StorageOpts []string
}
-
-// DefaultSecurityOptions: getter for security options from configuration
-func (c PodmanConfig) DefaultSecurityOptions() []string {
- securityOpts := []string{}
- if c.Containers.SeccompProfile != "" && c.Containers.SeccompProfile != parse.SeccompDefaultPath {
- securityOpts = append(securityOpts, fmt.Sprintf("seccomp=%s", c.Containers.SeccompProfile))
- }
- if apparmor.IsEnabled() && c.Containers.ApparmorProfile != "" {
- securityOpts = append(securityOpts, fmt.Sprintf("apparmor=%s", c.Containers.ApparmorProfile))
- }
- if selinux.GetEnabled() && !c.Containers.EnableLabeling {
- securityOpts = append(securityOpts, fmt.Sprintf("label=%s", selinux.DisableSecOpt()[0]))
- }
- return securityOpts
-}
-
-// DefaultSysctls
-func (c PodmanConfig) DefaultSysctls() []string {
- return c.Containers.DefaultSysctls
-}
-
-func (c PodmanConfig) DefaultVolumes() []string {
- return c.Containers.Volumes
-}
-
-func (c PodmanConfig) DefaultDevices() []string {
- return c.Containers.Devices
-}
-
-func (c PodmanConfig) DefaultDNSServers() []string {
- return c.Containers.DNSServers
-}
-
-func (c PodmanConfig) DefaultDNSSearches() []string {
- return c.Containers.DNSSearches
-}
-
-func (c PodmanConfig) DefaultDNSOptions() []string {
- return c.Containers.DNSOptions
-}
-
-func (c PodmanConfig) DefaultEnv() []string {
- return c.Containers.Env
-}
-
-func (c PodmanConfig) DefaultInitPath() string {
- return c.Containers.InitPath
-}
-
-func (c PodmanConfig) DefaultIPCNS() string {
- return c.Containers.IPCNS
-}
-
-func (c PodmanConfig) DefaultPidNS() string {
- return c.Containers.PidNS
-}
-
-func (c PodmanConfig) DefaultNetNS() string {
- if c.Containers.NetNS == "private" && rootless.IsRootless() {
- return "slirp4netns"
- }
- return c.Containers.NetNS
-}
-
-func (c PodmanConfig) DefaultCgroupNS() string {
- return c.Containers.CgroupNS
-}
-
-func (c PodmanConfig) DefaultUTSNS() string {
- return c.Containers.UTSNS
-}
-
-func (c PodmanConfig) DefaultShmSize() string {
- return c.Containers.ShmSize
-}
-
-func (c PodmanConfig) DefaultUlimits() []string {
- return c.Containers.DefaultUlimits
-}
-
-func (c PodmanConfig) DefaultUserNS() string {
- if v, found := os.LookupEnv("PODMAN_USERNS"); found {
- return v
- }
- return c.Containers.UserNS
-}
-
-func (c PodmanConfig) DefaultPidsLimit() int64 {
- if rootless.IsRootless() {
- cgroup2, _ := cgroups.IsCgroup2UnifiedMode()
- if cgroup2 {
- return c.Containers.PidsLimit
- }
- }
- return sysinfo.GetDefaultPidsLimit()
-}
-
-func (c PodmanConfig) DefaultPidsDescription() string {
- return "Tune container pids limit (set 0 for unlimited)"
-}
-
-func (c PodmanConfig) DefaultDetachKeys() string {
- return c.Engine.DetachKeys
-}
-
-// TODO: Remove in rootless support PR
-// // EngineOptions holds the environment for running the engines
-// type EngineOptions struct {
-// // Introduced with V2
-// Uri string
-// Identities []string
-// FlagSet *pflag.FlagSet
-// EngineMode EngineMode
-// CGroupUsage string
-//
-// // Introduced with V1
-// CGroupManager string // config.EngineConfig
-// CniConfigDir string // config.NetworkConfig.NetworkConfigDir
-// ConmonPath string // config.EngineConfig
-// DefaultMountsFile string // config.ContainersConfig
-// EventsBackend string // config.EngineConfig.EventsLogger
-// HooksDir []string // config.EngineConfig
-// MaxWorks int
-// Namespace string // config.EngineConfig
-// Root string //
-// Runroot string // config.EngineConfig.StorageConfigRunRootSet??
-// Runtime string // config.EngineConfig.OCIRuntime
-// StorageDriver string // config.EngineConfig.StorageConfigGraphDriverNameSet??
-// StorageOpts []string
-// Syslog bool
-// Trace bool
-// NetworkCmdPath string // config.EngineConfig
-//
-// Config string
-// CpuProfile string
-// LogLevel string
-// TmpDir string // config.EngineConfig
-//
-// RemoteUserName string // deprecated
-// RemoteHost string // deprecated
-// VarlinkAddress string // deprecated
-// ConnectionName string
-// RemoteConfigFilePath string
-// Port int // deprecated
-// IdentityFile string // deprecated
-// IgnoreHosts bool
-// }
-//
-// func NewEngineOptions(opts EngineOptions) (EngineOptions, error) {
-// ctnrCfg, err := config.Default()
-// if err != nil {
-// logrus.Error(err)
-// os.Exit(1)
-// }
-//
-// cgroupManager := ctnrCfg.Engine.CgroupManager
-// cgroupUsage := `Cgroup manager to use ("cgroupfs"|"systemd")`
-// cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
-// cniPluginDir := ctnrCfg.Network.CNIPluginDirs[0]
-//
-// cfg, err := config.NewConfig("")
-// if err != nil {
-// logrus.Errorf("Error loading container config %v\n", err)
-// os.Exit(1)
-// }
-// cfg.CheckCgroupsAndAdjustConfig()
-//
-// if rootless.IsRootless() {
-// if !cgroupv2 {
-// cgroupManager = ""
-// cgroupUsage = "Cgroup manager is not supported in rootless mode"
-// }
-// cniPluginDir = ""
-// }
-//
-// return EngineOptions{
-// CGroupManager: cgroupManager,
-// CGroupUsage: cgroupUsage,
-// CniConfigDir: cniPluginDir,
-// Config: opts.Config, // TODO: deprecate
-// ConmonPath: opts.ConmonPath,
-// ConnectionName: opts.ConnectionName,
-// CpuProfile: opts.CpuProfile,
-// DefaultMountsFile: ctnrCfg.Containers.DefaultMountsFile,
-// EngineMode: opts.EngineMode,
-// EventsBackend: ctnrCfg.Engine.EventsLogger,
-// FlagSet: opts.FlagSet, // TODO: deprecate
-// HooksDir: append(ctnrCfg.Engine.HooksDir[:0:0], ctnrCfg.Engine.HooksDir...),
-// Identities: append(opts.Identities[:0:0], opts.Identities...),
-// IdentityFile: opts.IdentityFile, // TODO: deprecate
-// IgnoreHosts: opts.IgnoreHosts,
-// LogLevel: opts.LogLevel,
-// MaxWorks: opts.MaxWorks,
-// Namespace: ctnrCfg.Engine.Namespace,
-// NetworkCmdPath: ctnrCfg.Engine.NetworkCmdPath,
-// Port: opts.Port,
-// RemoteConfigFilePath: opts.RemoteConfigFilePath,
-// RemoteHost: opts.RemoteHost, // TODO: deprecate
-// RemoteUserName: opts.RemoteUserName, // TODO: deprecate
-// Root: opts.Root,
-// Runroot: opts.Runroot,
-// Runtime: opts.Runtime,
-// StorageDriver: opts.StorageDriver,
-// StorageOpts: append(opts.StorageOpts[:0:0], opts.StorageOpts...),
-// Syslog: opts.Syslog,
-// TmpDir: opts.TmpDir,
-// Trace: opts.Trace,
-// Uri: opts.Uri,
-// VarlinkAddress: opts.VarlinkAddress,
-// }, nil
-// }
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index c3092a98a..02938413a 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -6,6 +6,7 @@ import (
"github.com/containers/common/pkg/config"
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/specgen"
+ "github.com/spf13/cobra"
)
type ContainerEngine interface {
@@ -24,9 +25,9 @@ type ContainerEngine interface {
ContainerInspect(ctx context.Context, namesOrIds []string, options InspectOptions) ([]*ContainerInspectReport, error)
ContainerKill(ctx context.Context, namesOrIds []string, options KillOptions) ([]*KillReport, error)
ContainerList(ctx context.Context, options ContainerListOptions) ([]ListContainer, error)
+ ContainerLogs(ctx context.Context, containers []string, options ContainerLogsOptions) error
ContainerMount(ctx context.Context, nameOrIds []string, options ContainerMountOptions) ([]*ContainerMountReport, error)
ContainerPause(ctx context.Context, namesOrIds []string, options PauseUnPauseOptions) ([]*PauseUnpauseReport, error)
- ContainerLogs(ctx context.Context, containers []string, options ContainerLogsOptions) error
ContainerRestart(ctx context.Context, namesOrIds []string, options RestartOptions) ([]*RestartReport, error)
ContainerRestore(ctx context.Context, namesOrIds []string, options RestoreOptions) ([]*RestoreReport, error)
ContainerRm(ctx context.Context, namesOrIds []string, options RmOptions) ([]*RmReport, error)
@@ -53,6 +54,7 @@ type ContainerEngine interface {
PodTop(ctx context.Context, options PodTopOptions) (*StringSliceReport, error)
PodUnpause(ctx context.Context, namesOrIds []string, options PodunpauseOptions) ([]*PodUnpauseReport, error)
RestService(ctx context.Context, opts ServiceOptions) error
+ SetupRootless(ctx context.Context, cmd *cobra.Command) error
VarlinkService(ctx context.Context, opts ServiceOptions) error
VolumeCreate(ctx context.Context, opts VolumeCreateOptions) (*IdOrNameResponse, error)
VolumeInspect(ctx context.Context, namesOrIds []string, opts VolumeInspectOptions) ([]*VolumeInspectReport, error)
diff --git a/pkg/domain/entities/engine_image.go b/pkg/domain/entities/engine_image.go
index 3a051ab9b..e3b606550 100644
--- a/pkg/domain/entities/engine_image.go
+++ b/pkg/domain/entities/engine_image.go
@@ -20,7 +20,7 @@ type ImageEngine interface {
Pull(ctx context.Context, rawImage string, opts ImagePullOptions) (*ImagePullReport, error)
Push(ctx context.Context, source string, destination string, opts ImagePushOptions) error
Save(ctx context.Context, nameOrId string, tags []string, options ImageSaveOptions) error
+ Search(ctx context.Context, term string, opts ImageSearchOptions) ([]ImageSearchReport, error)
Tag(ctx context.Context, nameOrId string, tags []string, options ImageTagOptions) error
Untag(ctx context.Context, nameOrId string, tags []string, options ImageUntagOptions) error
- Search(ctx context.Context, term string, opts ImageSearchOptions) ([]ImageSearchReport, error)
}
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 4279fb756..c9df72f2d 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -668,9 +668,6 @@ func (ic *ContainerEngine) ContainerDiff(ctx context.Context, nameOrId string, o
}
func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.ContainerRunOptions) (*entities.ContainerRunReport, error) {
- var (
- joinPod bool
- )
if err := generate.CompleteSpec(ctx, ic.Libpod, opts.Spec); err != nil {
return nil, err
}
@@ -679,6 +676,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
return nil, err
}
+ var joinPod bool
if len(ctr.PodID()) > 0 {
joinPod = true
}
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index 10872144b..67593b2dd 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -100,7 +100,7 @@ func (ic *ContainerEngine) VarlinkService(_ context.Context, opts entities.Servi
return nil
}
-func (ic *ContainerEngine) SetupRootless(cmd *cobra.Command) error {
+func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) error {
// do it only after podman has already re-execed and running with uid==0.
if os.Geteuid() == 0 {
ownsCgroup, err := cgroups.UserOwnsCurrentSystemdCgroup()
@@ -123,10 +123,6 @@ func (ic *ContainerEngine) SetupRootless(cmd *cobra.Command) error {
}
}
- if !executeCommandInUserNS(cmd) {
- return nil
- }
-
pausePidPath, err := util.GetRootlessPauseProcessPidPath()
if err != nil {
return errors.Wrapf(err, "could not get pause process pid file path")
@@ -143,7 +139,8 @@ func (ic *ContainerEngine) SetupRootless(cmd *cobra.Command) error {
// if there is no pid file, try to join existing containers, and create a pause process.
ctrs, err := ic.Libpod.GetRunningContainers()
if err != nil {
- logrus.WithError(err).Fatal("")
+ logrus.Error(err.Error())
+ os.Exit(1)
}
paths := []string{}
@@ -164,7 +161,8 @@ func (ic *ContainerEngine) SetupRootless(cmd *cobra.Command) error {
}
}
if err != nil {
- logrus.WithError(err).Fatal("")
+ logrus.Error(err)
+ os.Exit(1)
}
if became {
os.Exit(ret)
@@ -172,25 +170,6 @@ func (ic *ContainerEngine) SetupRootless(cmd *cobra.Command) error {
return nil
}
-// Most podman commands when run in rootless mode, need to be executed in the
-// users usernamespace. This function is updated with a list of commands that
-// should NOT be run within the user namespace.
-func executeCommandInUserNS(cmd *cobra.Command) bool {
- return os.Geteuid() == 0
- // if os.Geteuid() == 0 {
- // return false
- // }
- // switch cmd {
- // case _migrateCommand,
- // _mountCommand,
- // _renumberCommand,
- // _searchCommand,
- // _versionCommand:
- // return false
- // }
- // return true
-}
-
func movePauseProcessToScope() error {
pausePidPath, err := util.GetRootlessPauseProcessPidPath()
if err != nil {
@@ -234,11 +213,3 @@ func setUMask() { // nolint:deadcode,unused
func checkInput() error { // nolint:deadcode,unused
return nil
}
-
-// func getCNIPluginsDir() string {
-// if rootless.IsRootless() {
-// return ""
-// }
-//
-// return registry.PodmanOptions.Network.CNIPluginDirs[0]
-// }
diff --git a/pkg/domain/infra/tunnel/system.go b/pkg/domain/infra/tunnel/system.go
index 7c7a55c05..f373525c5 100644
--- a/pkg/domain/infra/tunnel/system.go
+++ b/pkg/domain/infra/tunnel/system.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/bindings/system"
"github.com/containers/libpod/pkg/domain/entities"
+ "github.com/spf13/cobra"
)
func (ic *ContainerEngine) Info(ctx context.Context) (*define.Info, error) {
@@ -20,3 +21,7 @@ func (ic *ContainerEngine) RestService(_ context.Context, _ entities.ServiceOpti
func (ic *ContainerEngine) VarlinkService(_ context.Context, _ entities.ServiceOptions) error {
panic(errors.New("varlink service is not supported when tunneling"))
}
+
+func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) error {
+ panic(errors.New("rootless engine mode is not supported when tunneling"))
+}
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index 2ef5bc229..2e7f80fe8 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -28,9 +28,9 @@ const (
// Bridge indicates that a CNI network stack
// should be used
Bridge NamespaceMode = "bridge"
- // Slirp indicates that a slirp4ns network stack should
+ // Slirp indicates that a slirp4netns network stack should
// be used
- Slirp NamespaceMode = "slirp4ns"
+ Slirp NamespaceMode = "slirp4netns"
)
// Namespace describes the namespace