summaryrefslogtreecommitdiff
path: root/vendor/github.com/projectatomic/buildah/chroot
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2018-09-06 16:10:06 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-09-07 12:57:09 +0000
commitd92650a922fa82852d6f3310eff24e6b8a93fb03 (patch)
treea4430220fe8529b7cfd29685c36472616b48db54 /vendor/github.com/projectatomic/buildah/chroot
parent782caea8015679e5d67d15b9562488da06cdfcd5 (diff)
downloadpodman-d92650a922fa82852d6f3310eff24e6b8a93fb03.tar.gz
podman-d92650a922fa82852d6f3310eff24e6b8a93fb03.tar.bz2
podman-d92650a922fa82852d6f3310eff24e6b8a93fb03.zip
use layer cache when building images
to more closely mimic docker default behavior, the --layers cli option is set to true by default for podman. the buildah environment variable of BUILDAH_LAYERS is still honored and will override the command line input. this should be considered in place of PR #1383. Many thanks for Scott McCarty for inspiring this welcome change. Signed-off-by: baude <bbaude@redhat.com> Closes: #1422 Approved by: rhatdan
Diffstat (limited to 'vendor/github.com/projectatomic/buildah/chroot')
-rw-r--r--vendor/github.com/projectatomic/buildah/chroot/run.go70
-rw-r--r--vendor/github.com/projectatomic/buildah/chroot/seccomp.go2
2 files changed, 61 insertions, 11 deletions
diff --git a/vendor/github.com/projectatomic/buildah/chroot/run.go b/vendor/github.com/projectatomic/buildah/chroot/run.go
index 2cae5b9da..9a70e0f51 100644
--- a/vendor/github.com/projectatomic/buildah/chroot/run.go
+++ b/vendor/github.com/projectatomic/buildah/chroot/run.go
@@ -98,6 +98,7 @@ func RunUsingChroot(spec *specs.Spec, bundlePath string, stdin io.Reader, stdout
if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, "config.json"), specbytes, 0600); err != nil {
return errors.Wrapf(err, "error storing runtime configuration")
}
+ logrus.Debugf("config = %v", string(specbytes))
// Run the grandparent subprocess in a user namespace that reuses the mappings that we have.
uidmap, gidmap, err := util.GetHostIDMappings("")
@@ -381,11 +382,15 @@ func runUsingChrootMain() {
logrus.Error(what)
return false
}
- for readFd := range relays {
+ for readFd, writeFd := range relays {
if err := unix.SetNonblock(readFd, true); err != nil {
logrus.Errorf("error setting descriptor %d (%s) non-blocking: %v", readFd, fdDesc[readFd], err)
return
}
+ if err := unix.SetNonblock(writeFd, false); err != nil {
+ logrus.Errorf("error setting descriptor %d (%s) blocking: %v", relays[writeFd], fdDesc[writeFd], err)
+ return
+ }
}
go func() {
buffers := make(map[int]*bytes.Buffer)
@@ -429,6 +434,26 @@ func runUsingChrootMain() {
continue
}
}
+ // If this is the last of the data we'll be able to read
+ // from this descriptor, read as much as there is to read.
+ for rfd.Revents&unix.POLLHUP == unix.POLLHUP {
+ nr, err := unix.Read(int(rfd.Fd), b)
+ logIfNotRetryable(err, fmt.Sprintf("read %s: %v", fdDesc[int(rfd.Fd)], err))
+ if nr <= 0 {
+ break
+ }
+ if wfd, ok := relays[int(rfd.Fd)]; ok {
+ nwritten, err := buffers[wfd].Write(b[:nr])
+ if err != nil {
+ logrus.Debugf("buffer: %v", err)
+ break
+ }
+ if nwritten != nr {
+ logrus.Debugf("buffer: expected to buffer %d bytes, wrote %d", nr, nwritten)
+ break
+ }
+ }
+ }
}
if nread == 0 {
removeFds[int(rfd.Fd)] = struct{}{}
@@ -592,8 +617,7 @@ func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io
// main() for parent subprocess. Its main job is to try to make our
// environment look like the one described by the runtime configuration blob,
-// and then launch the intended command as a child, since we can't exec()
-// directly.
+// and then launch the intended command as a child.
func runUsingChrootExecMain() {
args := os.Args[1:]
var options runUsingChrootExecSubprocOptions
@@ -630,6 +654,31 @@ func runUsingChrootExecMain() {
}
}
+ // Try to chroot into the root. Do this before we potentially block the syscall via the
+ // seccomp profile.
+ var oldst, newst unix.Stat_t
+ if err := unix.Stat(options.Spec.Root.Path, &oldst); err != nil {
+ fmt.Fprintf(os.Stderr, "error stat()ing intended root directory %q: %v\n", options.Spec.Root.Path, err)
+ os.Exit(1)
+ }
+ if err := unix.Chdir(options.Spec.Root.Path); err != nil {
+ fmt.Fprintf(os.Stderr, "error chdir()ing to intended root directory %q: %v\n", options.Spec.Root.Path, err)
+ os.Exit(1)
+ }
+ if err := unix.Chroot(options.Spec.Root.Path); err != nil {
+ fmt.Fprintf(os.Stderr, "error chroot()ing into directory %q: %v\n", options.Spec.Root.Path, err)
+ os.Exit(1)
+ }
+ if err := unix.Stat("/", &newst); err != nil {
+ fmt.Fprintf(os.Stderr, "error stat()ing current root directory: %v\n", err)
+ os.Exit(1)
+ }
+ if oldst.Dev != newst.Dev || oldst.Ino != newst.Ino {
+ fmt.Fprintf(os.Stderr, "unknown error chroot()ing into directory %q: %v\n", options.Spec.Root.Path, err)
+ os.Exit(1)
+ }
+ logrus.Debugf("chrooted into %q", options.Spec.Root.Path)
+
// not doing because it's still shared: creating devices
// not doing because it's not applicable: setting annotations
// not doing because it's still shared: setting sysctl settings
@@ -663,20 +712,21 @@ func runUsingChrootExecMain() {
os.Exit(1)
}
- // Try to chroot into the root.
- if err := unix.Chroot(options.Spec.Root.Path); err != nil {
- fmt.Fprintf(os.Stderr, "error chroot()ing into directory %q: %v\n", options.Spec.Root.Path, err)
- os.Exit(1)
- }
+ // Try to change to the directory.
cwd := options.Spec.Process.Cwd
if !filepath.IsAbs(cwd) {
cwd = "/" + cwd
}
+ cwd = filepath.Clean(cwd)
+ if err := unix.Chdir("/"); err != nil {
+ fmt.Fprintf(os.Stderr, "error chdir()ing into new root directory %q: %v\n", options.Spec.Root.Path, err)
+ os.Exit(1)
+ }
if err := unix.Chdir(cwd); err != nil {
- fmt.Fprintf(os.Stderr, "error chdir()ing into directory %q: %v\n", cwd, err)
+ fmt.Fprintf(os.Stderr, "error chdir()ing into directory %q under root %q: %v\n", cwd, options.Spec.Root.Path, err)
os.Exit(1)
}
- logrus.Debugf("chrooted into %q, changed working directory to %q", options.Spec.Root.Path, cwd)
+ logrus.Debugf("changed working directory to %q", cwd)
// Drop privileges.
user := options.Spec.Process.User
diff --git a/vendor/github.com/projectatomic/buildah/chroot/seccomp.go b/vendor/github.com/projectatomic/buildah/chroot/seccomp.go
index d5c5842d4..f2c55017f 100644
--- a/vendor/github.com/projectatomic/buildah/chroot/seccomp.go
+++ b/vendor/github.com/projectatomic/buildah/chroot/seccomp.go
@@ -105,7 +105,7 @@ func setSeccomp(spec *specs.Spec) error {
for _, name := range rule.Names {
scnum, err := libseccomp.GetSyscallFromName(name)
if err != nil {
- logrus.Debugf("error mapping syscall %q to a syscall, ignoring %q rule for %q", name, rule.Action)
+ logrus.Debugf("error mapping syscall %q to a syscall, ignoring %q rule for %q", name, rule.Action, name)
continue
}
scnames[scnum] = name