aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-08-11 15:00:57 -0400
committerGitHub <noreply@github.com>2020-08-11 15:00:57 -0400
commit1deb4d1d70efb6d62f4fe5e735c94523f930b6d7 (patch)
tree394020b1a48f76cd283e450d6952cf08a4f53dde /pkg
parent9a9ad853cb6781460829cb139cecbf9aff37896d (diff)
parent3f2cab86433859a1facf1996ad68dac23c9899b9 (diff)
downloadpodman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.gz
podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.bz2
podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.zip
Merge pull request #7289 from vrothberg/v2-backports
V2 backports
Diffstat (limited to 'pkg')
-rw-r--r--pkg/api/handlers/compat/images_build.go9
-rw-r--r--pkg/api/handlers/compat/networks.go7
-rw-r--r--pkg/api/handlers/libpod/containers.go1
-rw-r--r--pkg/api/handlers/libpod/networks.go6
-rw-r--r--pkg/api/handlers/utils/errors.go9
-rw-r--r--pkg/api/handlers/utils/images.go20
-rw-r--r--pkg/api/server/register_ping.go9
-rw-r--r--pkg/bindings/containers/containers.go2
-rw-r--r--pkg/domain/infra/abi/generate.go5
-rw-r--r--pkg/domain/infra/abi/images.go65
-rw-r--r--pkg/domain/infra/abi/images_list.go17
-rw-r--r--pkg/domain/infra/tunnel/containers.go14
-rw-r--r--pkg/domain/infra/tunnel/images.go6
-rw-r--r--pkg/network/config.go5
-rw-r--r--pkg/network/files.go3
-rw-r--r--pkg/network/network.go3
-rw-r--r--pkg/rootless/rootless_linux.c2
-rw-r--r--pkg/specgen/generate/namespaces.go8
-rw-r--r--pkg/trust/trust.go4
19 files changed, 105 insertions, 90 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 8ac5b80c1..3d9efe61e 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -20,6 +20,7 @@ import (
"github.com/containers/libpod/v2/pkg/api/handlers/utils"
"github.com/containers/storage/pkg/archive"
"github.com/gorilla/schema"
+ "github.com/sirupsen/logrus"
)
func BuildImage(w http.ResponseWriter, r *http.Request) {
@@ -33,7 +34,13 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
}
if hdr, found := r.Header["Content-Type"]; found && len(hdr) > 0 {
- if hdr[0] != "application/x-tar" {
+ contentType := hdr[0]
+ switch contentType {
+ case "application/tar":
+ logrus.Warnf("tar file content type is %s, should use \"application/x-tar\" content type", contentType)
+ case "application/x-tar":
+ break
+ default:
utils.BadRequest(w, "Content-Type", hdr[0],
fmt.Errorf("Content-Type: %s is not supported. Should be \"application/x-tar\"", hdr[0]))
return
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go
index 2e11c0edb..ad15be270 100644
--- a/pkg/api/handlers/compat/networks.go
+++ b/pkg/api/handlers/compat/networks.go
@@ -10,6 +10,7 @@ import (
"github.com/containernetworking/cni/libcni"
"github.com/containers/libpod/v2/libpod"
+ "github.com/containers/libpod/v2/libpod/define"
"github.com/containers/libpod/v2/pkg/api/handlers/utils"
"github.com/containers/libpod/v2/pkg/domain/entities"
"github.com/containers/libpod/v2/pkg/domain/infra/abi"
@@ -44,9 +45,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) {
name := utils.GetName(r)
_, err = network.InspectNetwork(config, name)
if err != nil {
- // TODO our network package does not distinguish between not finding a
- // specific network vs not being able to read it
- utils.InternalServerError(w, err)
+ utils.NetworkNotFound(w, name, err)
return
}
report, err := getNetworkResourceByName(name, runtime)
@@ -285,7 +284,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) {
return
}
if !exists {
- utils.Error(w, "network not found", http.StatusNotFound, network.ErrNetworkNotFound)
+ utils.Error(w, "network not found", http.StatusNotFound, define.ErrNoSuchNetwork)
return
}
if err := network.RemoveNetwork(config, name); err != nil {
diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go
index 21904e21f..2303ff17a 100644
--- a/pkg/api/handlers/libpod/containers.go
+++ b/pkg/api/handlers/libpod/containers.go
@@ -23,6 +23,7 @@ func ContainerExists(w http.ResponseWriter, r *http.Request) {
if err != nil {
if errors.Cause(err) == define.ErrNoSuchCtr {
utils.ContainerNotFound(w, name, err)
+ return
}
utils.InternalServerError(w, err)
return
diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go
index 12409bf50..0164d5d13 100644
--- a/pkg/api/handlers/libpod/networks.go
+++ b/pkg/api/handlers/libpod/networks.go
@@ -5,10 +5,10 @@ import (
"net/http"
"github.com/containers/libpod/v2/libpod"
+ "github.com/containers/libpod/v2/libpod/define"
"github.com/containers/libpod/v2/pkg/api/handlers/utils"
"github.com/containers/libpod/v2/pkg/domain/entities"
"github.com/containers/libpod/v2/pkg/domain/infra/abi"
- "github.com/containers/libpod/v2/pkg/network"
"github.com/gorilla/schema"
"github.com/pkg/errors"
)
@@ -78,7 +78,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) {
}
if reports[0].Err != nil {
// If the network cannot be found, we return a 404.
- if errors.Cause(err) == network.ErrNetworkNotFound {
+ if errors.Cause(err) == define.ErrNoSuchNetwork {
utils.Error(w, "Something went wrong", http.StatusNotFound, err)
return
}
@@ -104,7 +104,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) {
reports, err := ic.NetworkInspect(r.Context(), []string{name}, options)
if err != nil {
// If the network cannot be found, we return a 404.
- if errors.Cause(err) == network.ErrNetworkNotFound {
+ if errors.Cause(err) == define.ErrNoSuchNetwork {
utils.Error(w, "Something went wrong", http.StatusNotFound, err)
return
}
diff --git a/pkg/api/handlers/utils/errors.go b/pkg/api/handlers/utils/errors.go
index 00d09ac11..5e77b4049 100644
--- a/pkg/api/handlers/utils/errors.go
+++ b/pkg/api/handlers/utils/errors.go
@@ -39,6 +39,7 @@ func VolumeNotFound(w http.ResponseWriter, name string, err error) {
msg := fmt.Sprintf("No such volume: %s", name)
Error(w, msg, http.StatusNotFound, err)
}
+
func ContainerNotFound(w http.ResponseWriter, name string, err error) {
if errors.Cause(err) != define.ErrNoSuchCtr {
InternalServerError(w, err)
@@ -55,6 +56,14 @@ func ImageNotFound(w http.ResponseWriter, name string, err error) {
Error(w, msg, http.StatusNotFound, err)
}
+func NetworkNotFound(w http.ResponseWriter, name string, err error) {
+ if errors.Cause(err) != define.ErrNoSuchNetwork {
+ InternalServerError(w, err)
+ }
+ msg := fmt.Sprintf("No such network: %s", name)
+ Error(w, msg, http.StatusNotFound, err)
+}
+
func PodNotFound(w http.ResponseWriter, name string, err error) {
if errors.Cause(err) != define.ErrNoSuchPod {
InternalServerError(w, err)
diff --git a/pkg/api/handlers/utils/images.go b/pkg/api/handlers/utils/images.go
index 195e71b75..63b1b566b 100644
--- a/pkg/api/handlers/utils/images.go
+++ b/pkg/api/handlers/utils/images.go
@@ -93,20 +93,14 @@ func GetImages(w http.ResponseWriter, r *http.Request) ([]*image.Image, error) {
if query.All {
return images, nil
}
- returnImages := []*image.Image{}
- for _, img := range images {
- if len(img.Names()) == 0 {
- parent, err := img.IsParent(r.Context())
- if err != nil {
- return nil, err
- }
- if parent {
- continue
- }
- }
- returnImages = append(returnImages, img)
+
+ filter, err := runtime.ImageRuntime().IntermediateFilter(r.Context(), images)
+ if err != nil {
+ return nil, err
}
- return returnImages, nil
+ images = image.FilterImages(images, []image.ResultFilter{filter})
+
+ return images, nil
}
func GetImage(r *http.Request, name string) (*image.Image, error) {
diff --git a/pkg/api/server/register_ping.go b/pkg/api/server/register_ping.go
index 70e88ee00..d4ae78e74 100644
--- a/pkg/api/server/register_ping.go
+++ b/pkg/api/server/register_ping.go
@@ -9,9 +9,8 @@ import (
func (s *APIServer) registerPingHandlers(r *mux.Router) error {
- r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet)
- r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead)
-
+ r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
+ r.Handle(VersionedPath("/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
// swagger:operation GET /libpod/_ping libpod libpodPingGet
// ---
// summary: Ping service
@@ -62,7 +61,7 @@ func (s *APIServer) registerPingHandlers(r *mux.Router) error {
// determine if talking to Podman engine or another engine
// 500:
// $ref: "#/responses/InternalError"
- r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet)
- r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead)
+ r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
+ r.Handle(VersionedPath("/libpod/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
return nil
}
diff --git a/pkg/bindings/containers/containers.go b/pkg/bindings/containers/containers.go
index c690ea125..c479e5dcb 100644
--- a/pkg/bindings/containers/containers.go
+++ b/pkg/bindings/containers/containers.go
@@ -98,7 +98,7 @@ func Remove(ctx context.Context, nameOrID string, force, volumes *bool) error {
params.Set("force", strconv.FormatBool(*force))
}
if volumes != nil {
- params.Set("vols", strconv.FormatBool(*volumes))
+ params.Set("v", strconv.FormatBool(*volumes))
}
response, err := conn.DoRequest(nil, http.MethodDelete, "/containers/%s", params, nil, nameOrID)
if err != nil {
diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go
index 560be988b..cff09bf2d 100644
--- a/pkg/domain/infra/abi/generate.go
+++ b/pkg/domain/infra/abi/generate.go
@@ -20,9 +20,10 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string,
if ctrErr == nil {
// Generate the unit for the container.
s, err := generate.ContainerUnit(ctr, options)
- if err == nil {
- return &entities.GenerateSystemdReport{Output: s}, nil
+ if err != nil {
+ return nil, err
}
+ return &entities.GenerateSystemdReport{Output: s}, nil
}
// If it's not a container, we either have a pod or garbage.
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 9f594d728..5f19f416a 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -7,6 +7,7 @@ import (
"io/ioutil"
"net/url"
"os"
+ "path"
"path/filepath"
"strconv"
"strings"
@@ -564,10 +565,6 @@ func (ir *ImageEngine) Shutdown(_ context.Context) {
}
func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entities.SignOptions) (*entities.SignReport, error) {
- dockerRegistryOptions := image.DockerRegistryOptions{
- DockerCertPath: options.CertDir,
- }
-
mech, err := signature.NewGPGSigningMechanism()
if err != nil {
return nil, errors.Wrap(err, "error initializing GPG")
@@ -586,7 +583,6 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
}
for _, signimage := range names {
- var sigStoreDir string
srcRef, err := alltransports.ParseImageName(signimage)
if err != nil {
return nil, errors.Wrapf(err, "error parsing image name")
@@ -607,40 +603,38 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
if dockerReference == nil {
return nil, errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference()))
}
-
- // create the signstore file
- rtc, err := ir.Libpod.GetConfig()
- if err != nil {
- return nil, err
- }
- newImage, err := ir.Libpod.ImageRuntime().New(ctx, signimage, rtc.Engine.SignaturePolicyPath, "", os.Stderr, &dockerRegistryOptions, image.SigningOptions{SignBy: options.SignBy}, nil, util.PullImageMissing)
- if err != nil {
- return nil, errors.Wrapf(err, "error pulling image %s", signimage)
+ var sigStoreDir string
+ if options.Directory != "" {
+ sigStoreDir = options.Directory
}
if sigStoreDir == "" {
if rootless.IsRootless() {
sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
} else {
+ var sigStoreURI string
registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
if registryInfo != nil {
- if sigStoreDir = registryInfo.SigStoreStaging; sigStoreDir == "" {
- sigStoreDir = registryInfo.SigStore
-
+ if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" {
+ sigStoreURI = registryInfo.SigStore
}
}
+ if sigStoreURI == "" {
+ return nil, errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String())
+
+ }
+ sigStoreDir, err = localPathFromURI(sigStoreURI)
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreURI)
+ }
}
}
- sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
+ manifestDigest, err := manifest.Digest(getManifest)
if err != nil {
- return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
- }
- repos, err := newImage.RepoDigests()
- if err != nil {
- return nil, errors.Wrapf(err, "error calculating repo digests for %s", signimage)
+ return nil, err
}
- if len(repos) == 0 {
- logrus.Errorf("no repodigests associated with the image %s", signimage)
- continue
+ repo := reference.Path(dockerReference)
+ if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
+ return nil, errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
}
// create signature
@@ -648,22 +642,21 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
if err != nil {
return nil, errors.Wrapf(err, "error creating new signature")
}
-
- trimmedDigest := strings.TrimPrefix(repos[0], strings.Split(repos[0], "/")[0])
- sigStoreDir = filepath.Join(sigStoreDir, strings.Replace(trimmedDigest, ":", "=", 1))
- if err := os.MkdirAll(sigStoreDir, 0751); err != nil {
+ // create the signstore file
+ signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex())
+ if err := os.MkdirAll(signatureDir, 0751); err != nil {
// The directory is allowed to exist
if !os.IsExist(err) {
- logrus.Errorf("error creating directory %s: %s", sigStoreDir, err)
+ logrus.Errorf("error creating directory %s: %s", signatureDir, err)
continue
}
}
- sigFilename, err := getSigFilename(sigStoreDir)
+ sigFilename, err := getSigFilename(signatureDir)
if err != nil {
logrus.Errorf("error creating sigstore file: %v", err)
continue
}
- err = ioutil.WriteFile(filepath.Join(sigStoreDir, sigFilename), newSig, 0644)
+ err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
if err != nil {
logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
continue
@@ -691,14 +684,12 @@ func getSigFilename(sigStoreDirPath string) (string, error) {
}
}
-func isValidSigStoreDir(sigStoreDir string) (string, error) {
- writeURIs := map[string]bool{"file": true}
+func localPathFromURI(sigStoreDir string) (string, error) {
url, err := url.Parse(sigStoreDir)
if err != nil {
return sigStoreDir, errors.Wrapf(err, "invalid directory %s", sigStoreDir)
}
- _, exists := writeURIs[url.Scheme]
- if !exists {
+ if url.Scheme != "file" {
return sigStoreDir, errors.Errorf("writing to %s is not supported. Use a supported scheme", sigStoreDir)
}
sigStoreDir = url.Path
diff --git a/pkg/domain/infra/abi/images_list.go b/pkg/domain/infra/abi/images_list.go
index 06ef673c7..bb5775db5 100644
--- a/pkg/domain/infra/abi/images_list.go
+++ b/pkg/domain/infra/abi/images_list.go
@@ -13,6 +13,14 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
return nil, err
}
+ if !opts.All {
+ filter, err := ir.Libpod.ImageRuntime().IntermediateFilter(ctx, images)
+ if err != nil {
+ return nil, err
+ }
+ images = libpodImage.FilterImages(images, []libpodImage.ResultFilter{filter})
+ }
+
summaries := []*entities.ImageSummary{}
for _, img := range images {
var repoTags []string
@@ -32,15 +40,6 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
if err != nil {
return nil, err
}
- if len(img.Names()) == 0 {
- parent, err := img.IsParent(ctx)
- if err != nil {
- return nil, err
- }
- if parent {
- continue
- }
- }
}
digests := make([]string, len(img.Digests()))
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 4ee709e37..8835248ca 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -500,9 +500,6 @@ func (ic *ContainerEngine) ContainerList(ctx context.Context, options entities.C
}
func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.ContainerRunOptions) (*entities.ContainerRunReport, error) {
- if opts.Rm {
- logrus.Info("the remote client does not support --rm yet")
- }
con, err := containers.CreateWithSpec(ic.ClientCxt, opts.Spec)
if err != nil {
return nil, err
@@ -526,6 +523,17 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
if err != nil {
report.ExitCode = define.ExitCode(err)
}
+ if opts.Rm {
+ if err := containers.Remove(ic.ClientCxt, con.ID, bindings.PFalse, bindings.PTrue); err != nil {
+ if errors.Cause(err) == define.ErrNoSuchCtr ||
+ errors.Cause(err) == define.ErrCtrRemoved {
+ logrus.Warnf("Container %s does not exist: %v", con.ID, err)
+ } else {
+ logrus.Errorf("Error removing container %s: %v", con.ID, err)
+ }
+ }
+ }
+
return &report, err
}
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index bfe5fbec3..2e30621c5 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -188,7 +188,11 @@ func (ir *ImageEngine) Load(ctx context.Context, opts entities.ImageLoadOptions)
return nil, err
}
defer f.Close()
- return images.Load(ir.ClientCxt, f, &opts.Name)
+ ref := opts.Name
+ if len(opts.Tag) > 0 {
+ ref += ":" + opts.Tag
+ }
+ return images.Load(ir.ClientCxt, f, &ref)
}
func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOptions) (*entities.ImageImportReport, error) {
diff --git a/pkg/network/config.go b/pkg/network/config.go
index a504e0ad0..0115433e1 100644
--- a/pkg/network/config.go
+++ b/pkg/network/config.go
@@ -2,7 +2,6 @@ package network
import (
"encoding/json"
- "errors"
"net"
)
@@ -20,10 +19,6 @@ const (
DefaultPodmanDomainName = "dns.podman"
)
-var (
- ErrNetworkNotFound = errors.New("network not found")
-)
-
// GetDefaultPodmanNetwork outputs the default network for podman
func GetDefaultPodmanNetwork() (*net.IPNet, error) {
_, n, err := net.ParseCIDR("10.88.1.0/24")
diff --git a/pkg/network/files.go b/pkg/network/files.go
index beb3289f3..f174a762c 100644
--- a/pkg/network/files.go
+++ b/pkg/network/files.go
@@ -10,6 +10,7 @@ import (
"github.com/containernetworking/cni/libcni"
"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
"github.com/containers/common/pkg/config"
+ "github.com/containers/libpod/v2/libpod/define"
"github.com/pkg/errors"
)
@@ -55,7 +56,7 @@ func GetCNIConfigPathByName(config *config.Config, name string) (string, error)
return confFile, nil
}
}
- return "", errors.Wrap(ErrNetworkNotFound, fmt.Sprintf("unable to find network configuration for %s", name))
+ return "", errors.Wrap(define.ErrNoSuchNetwork, fmt.Sprintf("unable to find network configuration for %s", name))
}
// ReadRawCNIConfByName reads the raw CNI configuration for a CNI
diff --git a/pkg/network/network.go b/pkg/network/network.go
index cbebb0be8..37f3f721a 100644
--- a/pkg/network/network.go
+++ b/pkg/network/network.go
@@ -8,6 +8,7 @@ import (
"github.com/containernetworking/cni/pkg/types"
"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
"github.com/containers/common/pkg/config"
+ "github.com/containers/libpod/v2/libpod/define"
"github.com/containers/libpod/v2/pkg/util"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -200,7 +201,7 @@ func InspectNetwork(config *config.Config, name string) (map[string]interface{},
func Exists(config *config.Config, name string) (bool, error) {
_, err := ReadRawCNIConfByName(config, name)
if err != nil {
- if errors.Cause(err) == ErrNetworkNotFound {
+ if errors.Cause(err) == define.ErrNoSuchNetwork {
return false, nil
}
return false, err
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 716db81dc..2c6f7ae38 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -205,7 +205,7 @@ can_use_shortcut ()
if (strcmp (argv[argc], "mount") == 0
|| strcmp (argv[argc], "search") == 0
- || strcmp (argv[argc], "system") == 0)
+ || (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0))
{
ret = false;
break;
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 566830cd8..22670ca61 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -153,7 +153,9 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
// User
switch s.UserNS.NSMode {
case specgen.KeepID:
- if !rootless.IsRootless() {
+ if rootless.IsRootless() {
+ toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+ } else {
// keep-id as root doesn't need a user namespace
s.UserNS.NSMode = specgen.Host
}
@@ -452,6 +454,10 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) {
var options []libpod.PodCreateOption
var erroredOptions []libpod.PodCreateOption
+ if ns == nil {
+ //set the default namespaces
+ ns = strings.Split(specgen.DefaultKernelNamespaces, ",")
+ }
for _, toShare := range ns {
switch toShare {
case "cgroup":
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 60de099fa..2348bc410 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -12,9 +12,9 @@ import (
"strings"
"github.com/containers/image/v5/types"
+ "github.com/ghodss/yaml"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- "gopkg.in/yaml.v2"
)
// PolicyContent struct for policy.json file
@@ -157,7 +157,7 @@ func HaveMatchRegistry(key string, registryConfigs *RegistryConfiguration) *Regi
searchKey = searchKey[:strings.LastIndex(searchKey, "/")]
}
}
- return nil
+ return registryConfigs.DefaultDocker
}
// CreateTmpFile creates a temp file under dir and writes the content into it