summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorcdoern <cbdoer23@g.holycross.edu>2022-03-21 22:52:50 -0400
committercdoern <cbdoer23@g.holycross.edu>2022-03-29 11:10:46 -0400
commit7a5342804944472246ed0b977e9088e0b01be87b (patch)
treebc6c8a54ef32c97ad3ae9da6f7df90e36f48d8e2 /pkg
parent0eff4b70d0429c0dd1d95bc0a15f679cef351cb5 (diff)
downloadpodman-7a5342804944472246ed0b977e9088e0b01be87b.tar.gz
podman-7a5342804944472246ed0b977e9088e0b01be87b.tar.bz2
podman-7a5342804944472246ed0b977e9088e0b01be87b.zip
fix pod volume passing and alter infra inheritance
the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/domain/infra/abi/containers.go2
-rw-r--r--pkg/specgen/generate/container.go43
-rw-r--r--pkg/specgen/generate/container_create.go33
-rw-r--r--pkg/specgen/generate/oci.go4
-rw-r--r--pkg/specgenutil/volumes.go6
5 files changed, 53 insertions, 35 deletions
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index f45bdeba5..a2933a267 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -1491,7 +1491,7 @@ func (ic *ContainerEngine) ContainerRename(ctx context.Context, nameOrID string,
func (ic *ContainerEngine) ContainerClone(ctx context.Context, ctrCloneOpts entities.ContainerCloneOptions) (*entities.ContainerCreateReport, error) {
spec := specgen.NewSpecGenerator(ctrCloneOpts.Image, ctrCloneOpts.CreateOpts.RootFS)
var c *libpod.Container
- c, err := generate.ConfigToSpec(ic.Libpod, spec, ctrCloneOpts.ID)
+ c, _, err := generate.ConfigToSpec(ic.Libpod, spec, ctrCloneOpts.ID)
if err != nil {
return nil, err
}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 118d80e2c..b38b0e695 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -337,11 +337,11 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error {
return nil
}
-// ConfigToSpec takes a completed container config and converts it back into a specgenerator for purposes of cloning an existing container
-func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, containerID string) (*libpod.Container, error) {
- c, err := rt.LookupContainer(containerID)
+// ConfigToSpec takes a completed container config and converts it back into a specgenerator for purposes of cloning an exisiting container
+func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID string) (*libpod.Container, *libpod.InfraInherit, error) {
+ c, err := rt.LookupContainer(contaierID)
if err != nil {
- return nil, err
+ return nil, nil, err
}
conf := c.Config()
@@ -351,17 +351,22 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, containerID
conf.Systemd = nil
conf.Mounts = []string{}
+ if specg == nil {
+ specg = &specgen.SpecGenerator{}
+ }
+
specg.Pod = conf.Pod
matching, err := json.Marshal(conf)
if err != nil {
- return nil, err
+ return nil, nil, err
}
err = json.Unmarshal(matching, specg)
if err != nil {
- return nil, err
+ return nil, nil, err
}
+
conf.Systemd = tmpSystemd
conf.Mounts = tmpMounts
@@ -481,7 +486,29 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, containerID
}
}
specg.OverlayVolumes = overlay
- specg.Mounts = conf.Spec.Mounts
+ _, mounts := c.SortUserVolumes(c.Spec())
+ specg.Mounts = mounts
specg.HostDeviceList = conf.DeviceHostSrc
- return c, nil
+ mapSecurityConfig(conf, specg)
+
+ if c.IsInfra() { // if we are creating this spec for a pod's infra ctr, map the compatible options
+ spec, err := json.Marshal(specg)
+ if err != nil {
+ return nil, nil, err
+ }
+ infraInherit := &libpod.InfraInherit{}
+ err = json.Unmarshal(spec, infraInherit)
+ return c, infraInherit, err
+ }
+ // else just return the container
+ return c, nil, nil
+}
+
+// mapSecurityConfig takes a libpod.ContainerSecurityConfig and converts it to a specgen.ContinerSecurityConfig
+func mapSecurityConfig(c *libpod.ContainerConfig, s *specgen.SpecGenerator) {
+ s.Privileged = c.Privileged
+ s.SelinuxOpts = append(s.SelinuxOpts, c.LabelOpts...)
+ s.User = c.User
+ s.Groups = c.Groups
+ s.HostUsers = c.HostUsers
}
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index a014f5047..6a611e854 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -49,7 +49,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
compatibleOptions := &libpod.InfraInherit{}
var infraSpec *spec.Spec
if infra != nil {
- options, infraSpec, compatibleOptions, err = Inherit(*infra)
+ options, infraSpec, compatibleOptions, err = Inherit(*infra, s, rt)
if err != nil {
return nil, nil, nil, err
}
@@ -152,8 +152,8 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
return nil, nil, nil, err
}
- infraVolumes := (len(compatibleOptions.InfraVolumes) > 0 || len(compatibleOptions.InfraUserVolumes) > 0 || len(compatibleOptions.InfraImageVolumes) > 0)
- opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, finalOverlays, imageData, command, infraVolumes, *compatibleOptions)
+ infraVol := (len(compatibleOptions.Mounts) > 0 || len(compatibleOptions.Volumes) > 0 || len(compatibleOptions.ImageVolumes) > 0 || len(compatibleOptions.OverlayVolumes) > 0)
+ opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, finalOverlays, imageData, command, infraVol, *compatibleOptions)
if err != nil {
return nil, nil, nil, err
}
@@ -446,7 +446,7 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
if len(s.SelinuxOpts) > 0 {
options = append(options, libpod.WithSecLabels(s.SelinuxOpts))
} else {
- if pod != nil && len(compatibleOptions.InfraLabels) == 0 {
+ if pod != nil && len(compatibleOptions.SelinuxOpts) == 0 {
// duplicate the security options from the pod
processLabel, err := pod.ProcessLabel()
if err != nil {
@@ -544,32 +544,23 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
return options, nil
}
-func Inherit(infra libpod.Container) (opts []libpod.CtrCreateOption, infraS *spec.Spec, compat *libpod.InfraInherit, err error) {
+func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtime) (opts []libpod.CtrCreateOption, infraS *spec.Spec, compat *libpod.InfraInherit, err error) {
+ inheritSpec := &specgen.SpecGenerator{}
+ _, compatibleOptions, err := ConfigToSpec(rt, inheritSpec, infra.ID())
+ if err != nil {
+ return nil, nil, nil, err
+ }
options := []libpod.CtrCreateOption{}
- compatibleOptions := &libpod.InfraInherit{}
infraConf := infra.Config()
infraSpec := infraConf.Spec
- config, err := json.Marshal(infraConf)
+ compatByte, err := json.Marshal(compatibleOptions)
if err != nil {
return nil, nil, nil, err
}
- err = json.Unmarshal(config, compatibleOptions)
+ err = json.Unmarshal(compatByte, s)
if err != nil {
return nil, nil, nil, err
}
- if infraSpec.Linux != nil && infraSpec.Linux.Resources != nil {
- resources, err := json.Marshal(infraSpec.Linux.Resources)
- if err != nil {
- return nil, nil, nil, err
- }
- err = json.Unmarshal(resources, &compatibleOptions.InfraResources)
- if err != nil {
- return nil, nil, nil, err
- }
- }
- if compatibleOptions != nil {
- options = append(options, libpod.WithInfraConfig(*compatibleOptions))
- }
return options, infraSpec, compatibleOptions, nil
}
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 1cc3a463f..961cea933 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -352,8 +352,8 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
return nil, err
}
}
- if len(compatibleOptions.InfraDevices) > 0 && len(s.Devices) == 0 {
- userDevices = compatibleOptions.InfraDevices
+ if len(compatibleOptions.HostDeviceList) > 0 && len(s.Devices) == 0 {
+ userDevices = compatibleOptions.HostDeviceList
} else {
userDevices = s.Devices
}
diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go
index 2bd79b186..dd7eed2fd 100644
--- a/pkg/specgenutil/volumes.go
+++ b/pkg/specgenutil/volumes.go
@@ -28,7 +28,7 @@ var (
// TODO: handle options parsing/processing via containers/storage/pkg/mount
func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bool) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, []*specgen.ImageVolume, error) {
// Get mounts from the --mounts flag.
- unifiedMounts, unifiedVolumes, unifiedImageVolumes, err := getMounts(mountFlag)
+ unifiedMounts, unifiedVolumes, unifiedImageVolumes, err := Mounts(mountFlag)
if err != nil {
return nil, nil, nil, nil, err
}
@@ -167,12 +167,12 @@ func findMountType(input string) (mountType string, tokens []string, err error)
return
}
-// getMounts takes user-provided input from the --mount flag and creates OCI
+// Mounts takes user-provided input from the --mount flag and creates OCI
// spec mounts and Libpod named volumes.
// podman run --mount type=bind,src=/etc/resolv.conf,target=/etc/resolv.conf ...
// podman run --mount type=tmpfs,target=/dev/shm ...
// podman run --mount type=volume,source=test-volume, ...
-func getMounts(mountFlag []string) (map[string]spec.Mount, map[string]*specgen.NamedVolume, map[string]*specgen.ImageVolume, error) {
+func Mounts(mountFlag []string) (map[string]spec.Mount, map[string]*specgen.NamedVolume, map[string]*specgen.ImageVolume, error) {
finalMounts := make(map[string]spec.Mount)
finalNamedVolumes := make(map[string]*specgen.NamedVolume)
finalImageVolumes := make(map[string]*specgen.ImageVolume)