summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
authorMatthew Heon <mheon@redhat.com>2022-08-23 14:46:43 -0400
committerMatthew Heon <mheon@redhat.com>2022-08-23 15:42:00 -0400
commit0f739355635d5bc4d538cf88009d7af533e7c289 (patch)
tree7dca8da84bb550c6b853b8f126b3248b8b6c58e7 /vendor
parent3bcd8047cff076d34887bd3be7ed0e5701a41a02 (diff)
downloadpodman-0f739355635d5bc4d538cf88009d7af533e7c289.tar.gz
podman-0f739355635d5bc4d538cf88009d7af533e7c289.tar.bz2
podman-0f739355635d5bc4d538cf88009d7af533e7c289.zip
Add support for containers.conf volume timeouts
Also, do a general cleanup of all the timeout code. Changes include: - Convert from int to *uint where possible. Timeouts cannot be negative, hence the uint change; and a timeout of 0 is valid, so we need a new way to detect that the user set a timeout (hence, pointer). - Change name in the database to avoid conflicts between new data type and old one. This will cause timeouts set with 4.2.0 to be lost, but considering nobody is using the feature at present (and the lack of validation means we could have invalid, negative timeouts in the DB) this feels safe. - Ensure volume plugin timeouts can only be used with volumes created using a plugin. Timeouts on the local driver are nonsensical. - Remove the existing test, as it did not use a volume plugin. Write a new test that does. The actual plumbing of the containers.conf timeout in is one line in volume_api.go; the remainder are the above-described cleanups. Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go2
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go55
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go4
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go61
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go2
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go2
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go3
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go6
-rw-r--r--vendor/github.com/containers/common/libimage/inspect.go2
-rw-r--r--vendor/github.com/containers/common/libimage/load.go2
-rw-r--r--vendor/github.com/containers/common/libnetwork/cni/network.go14
-rw-r--r--vendor/github.com/containers/common/libnetwork/network/interface.go1
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go67
-rw-r--r--vendor/github.com/containers/common/pkg/config/config_darwin.go2
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf17
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go6
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_darwin.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_freebsd.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_linux.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_windows.go5
-rw-r--r--vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go2
-rw-r--r--vendor/modules.txt6
22 files changed, 207 insertions, 67 deletions
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
index 3d640ac7b..5d6acd69e 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
@@ -57,7 +57,7 @@ func pollIOCP(ctx context.Context, iocpHandle windows.Handle) {
}).Warn("failed to parse job object message")
continue
}
- if err := msq.Write(notification); err == queue.ErrQueueClosed {
+ if err := msq.Enqueue(notification); err == queue.ErrQueueClosed {
// Write will only return an error when the queue is closed.
// The only time a queue would ever be closed is when we call `Close` on
// the job it belongs to which also removes it from the jobMap, so something
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
index 9c2726416..c9fdd921a 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
@@ -68,6 +68,9 @@ type Options struct {
// `UseNTVariant` specifies if we should use the `Nt` variant of Open/CreateJobObject.
// Defaults to false.
UseNTVariant bool
+ // `IOTracking` enables tracking I/O statistics on the job object. More specifically this
+ // calls SetInformationJobObject with the JobObjectIoAttribution class.
+ EnableIOTracking bool
}
// Create creates a job object.
@@ -134,6 +137,12 @@ func Create(ctx context.Context, options *Options) (_ *JobObject, err error) {
job.mq = mq
}
+ if options.EnableIOTracking {
+ if err := enableIOTracking(jobHandle); err != nil {
+ return nil, err
+ }
+ }
+
return job, nil
}
@@ -235,7 +244,7 @@ func (job *JobObject) PollNotification() (interface{}, error) {
if job.mq == nil {
return nil, ErrNotRegistered
}
- return job.mq.ReadOrWait()
+ return job.mq.Dequeue()
}
// UpdateProcThreadAttribute updates the passed in ProcThreadAttributeList to contain what is necessary to
@@ -330,7 +339,7 @@ func (job *JobObject) Pids() ([]uint32, error) {
err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectBasicProcessIdList,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
)
@@ -356,7 +365,7 @@ func (job *JobObject) Pids() ([]uint32, error) {
if err = winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectBasicProcessIdList,
- uintptr(unsafe.Pointer(&buf[0])),
+ unsafe.Pointer(&buf[0]),
uint32(len(buf)),
nil,
); err != nil {
@@ -384,7 +393,7 @@ func (job *JobObject) QueryMemoryStats() (*winapi.JOBOBJECT_MEMORY_USAGE_INFORMA
if err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectMemoryUsageInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -406,7 +415,7 @@ func (job *JobObject) QueryProcessorStats() (*winapi.JOBOBJECT_BASIC_ACCOUNTING_
if err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectBasicAccountingInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -415,7 +424,9 @@ func (job *JobObject) QueryProcessorStats() (*winapi.JOBOBJECT_BASIC_ACCOUNTING_
return &info, nil
}
-// QueryStorageStats gets the storage (I/O) stats for the job object.
+// QueryStorageStats gets the storage (I/O) stats for the job object. This call will error
+// if either `EnableIOTracking` wasn't set to true on creation of the job, or SetIOTracking()
+// hasn't been called since creation of the job.
func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION, error) {
job.handleLock.RLock()
defer job.handleLock.RUnlock()
@@ -430,7 +441,7 @@ func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFO
if err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectIoAttribution,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -476,7 +487,7 @@ func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {
status := winapi.NtQueryInformationProcess(
h,
winapi.ProcessVmCounters,
- uintptr(unsafe.Pointer(&vmCounters)),
+ unsafe.Pointer(&vmCounters),
uint32(unsafe.Sizeof(vmCounters)),
nil,
)
@@ -497,3 +508,31 @@ func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {
return jobWorkingSetSize, nil
}
+
+// SetIOTracking enables IO tracking for processes in the job object.
+// This enables use of the QueryStorageStats method.
+func (job *JobObject) SetIOTracking() error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ return enableIOTracking(job.handle)
+}
+
+func enableIOTracking(job windows.Handle) error {
+ info := winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION{
+ ControlFlags: winapi.JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE,
+ }
+ if _, err := windows.SetInformationJobObject(
+ job,
+ winapi.JobObjectIoAttribution,
+ uintptr(unsafe.Pointer(&info)),
+ uint32(unsafe.Sizeof(info)),
+ ); err != nil {
+ return fmt.Errorf("failed to enable IO tracking on job object: %w", err)
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
index 4be297788..4efde292c 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
@@ -202,7 +202,7 @@ func (job *JobObject) getExtendedInformation() (*windows.JOBOBJECT_EXTENDED_LIMI
if err := winapi.QueryInformationJobObject(
job.handle,
windows.JobObjectExtendedLimitInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -224,7 +224,7 @@ func (job *JobObject) getCPURateControlInformation() (*winapi.JOBOBJECT_CPU_RATE
if err := winapi.QueryInformationJobObject(
job.handle,
windows.JobObjectCpuRateControlInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
index e177c9a62..4eb9bb9f1 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
@@ -5,10 +5,7 @@ import (
"sync"
)
-var (
- ErrQueueClosed = errors.New("the queue is closed for reading and writing")
- ErrQueueEmpty = errors.New("the queue is empty")
-)
+var ErrQueueClosed = errors.New("the queue is closed for reading and writing")
// MessageQueue represents a threadsafe message queue to be used to retrieve or
// write messages to.
@@ -29,8 +26,8 @@ func NewMessageQueue() *MessageQueue {
}
}
-// Write writes `msg` to the queue.
-func (mq *MessageQueue) Write(msg interface{}) error {
+// Enqueue writes `msg` to the queue.
+func (mq *MessageQueue) Enqueue(msg interface{}) error {
mq.m.Lock()
defer mq.m.Unlock()
@@ -43,55 +40,37 @@ func (mq *MessageQueue) Write(msg interface{}) error {
return nil
}
-// Read will read a value from the queue if available, otherwise return an error.
-func (mq *MessageQueue) Read() (interface{}, error) {
+// Dequeue will read a value from the queue and remove it. If the queue
+// is empty, this will block until the queue is closed or a value gets enqueued.
+func (mq *MessageQueue) Dequeue() (interface{}, error) {
mq.m.Lock()
defer mq.m.Unlock()
- if mq.closed {
- return nil, ErrQueueClosed
- }
- if mq.isEmpty() {
- return nil, ErrQueueEmpty
+
+ for !mq.closed && mq.size() == 0 {
+ mq.c.Wait()
}
- val := mq.messages[0]
- mq.messages[0] = nil
- mq.messages = mq.messages[1:]
- return val, nil
-}
-// ReadOrWait will read a value from the queue if available, else it will wait for a
-// value to become available. This will block forever if nothing gets written or until
-// the queue gets closed.
-func (mq *MessageQueue) ReadOrWait() (interface{}, error) {
- mq.m.Lock()
+ // We got woken up, check if it's because the queue got closed.
if mq.closed {
- mq.m.Unlock()
return nil, ErrQueueClosed
}
- if mq.isEmpty() {
- for !mq.closed && mq.isEmpty() {
- mq.c.Wait()
- }
- mq.m.Unlock()
- return mq.Read()
- }
+
val := mq.messages[0]
mq.messages[0] = nil
mq.messages = mq.messages[1:]
- mq.m.Unlock()
return val, nil
}
-// IsEmpty returns if the queue is empty
-func (mq *MessageQueue) IsEmpty() bool {
+// Size returns the size of the queue.
+func (mq *MessageQueue) Size() int {
mq.m.RLock()
defer mq.m.RUnlock()
- return len(mq.messages) == 0
+ return mq.size()
}
-// Nonexported empty check that doesn't lock so we can call this in Read and Write.
-func (mq *MessageQueue) isEmpty() bool {
- return len(mq.messages) == 0
+// Nonexported size check to check if the queue is empty inside already locked functions.
+func (mq *MessageQueue) size() int {
+ return len(mq.messages)
}
// Close closes the queue for future writes or reads. Any attempts to read or write from the
@@ -99,13 +78,15 @@ func (mq *MessageQueue) isEmpty() bool {
func (mq *MessageQueue) Close() {
mq.m.Lock()
defer mq.m.Unlock()
- // Already closed
+
+ // Already closed, noop
if mq.closed {
return
}
+
mq.messages = nil
mq.closed = true
- // If there's anybody currently waiting on a value from ReadOrWait, we need to
+ // If there's anybody currently waiting on a value from Dequeue, we need to
// broadcast so the read(s) can return ErrQueueClosed.
mq.c.Broadcast()
}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
index 479649db3..7eb13f8f0 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
@@ -175,7 +175,7 @@ type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct {
// LPDWORD lpReturnLength
// );
//
-//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
+//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
// HANDLE OpenJobObjectW(
// DWORD dwDesiredAccess,
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
index 5f9e03fd2..222529f43 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
@@ -18,7 +18,7 @@ const ProcessVmCounters = 3
// [out, optional] PULONG ReturnLength
// );
//
-//sys NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo uintptr, processInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQueryInformationProcess
+//sys NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQueryInformationProcess
// typedef struct _VM_COUNTERS_EX
// {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
index 327f57d7c..78fe01a4b 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
@@ -12,7 +12,8 @@ const STATUS_INFO_LENGTH_MISMATCH = 0xC0000004
// ULONG SystemInformationLength,
// PULONG ReturnLength
// );
-//sys NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
+//
+//sys NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
type SYSTEM_PROCESS_INFORMATION struct {
NextEntryOffset uint32 // ULONG
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
index 39fb3e1ad..1f16cf0b8 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
@@ -100,7 +100,7 @@ func resizePseudoConsole(hPc windows.Handle, size uint32) (hr error) {
return
}
-func NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) {
+func NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) {
r0, _, _ := syscall.Syscall6(procNtQuerySystemInformation.Addr(), 4, uintptr(systemInfoClass), uintptr(systemInformation), uintptr(systemInfoLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
status = uint32(r0)
return
@@ -152,7 +152,7 @@ func IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result
return
}
-func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
+func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(jobHandle), uintptr(infoClass), uintptr(jobObjectInfo), uintptr(jobObjectInformationLength), uintptr(unsafe.Pointer(lpReturnLength)), 0)
if r1 == 0 {
if e1 != 0 {
@@ -244,7 +244,7 @@ func LocalFree(ptr uintptr) {
return
}
-func NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo uintptr, processInfoLength uint32, returnLength *uint32) (status uint32) {
+func NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) {
r0, _, _ := syscall.Syscall6(procNtQueryInformationProcess.Addr(), 5, uintptr(processHandle), uintptr(processInfoClass), uintptr(processInfo), uintptr(processInfoLength), uintptr(unsafe.Pointer(returnLength)), 0)
status = uint32(r0)
return
diff --git a/vendor/github.com/containers/common/libimage/inspect.go b/vendor/github.com/containers/common/libimage/inspect.go
index 5da8df1bf..c6632d9a2 100644
--- a/vendor/github.com/containers/common/libimage/inspect.go
+++ b/vendor/github.com/containers/common/libimage/inspect.go
@@ -190,7 +190,7 @@ func (i *Image) Inspect(ctx context.Context, options *InspectOptions) (*ImageDat
// NOTE: Health checks may be listed in the container config or
// the config.
data.HealthCheck = dockerManifest.ContainerConfig.Healthcheck
- if data.HealthCheck == nil {
+ if data.HealthCheck == nil && dockerManifest.Config != nil {
data.HealthCheck = dockerManifest.Config.Healthcheck
}
}
diff --git a/vendor/github.com/containers/common/libimage/load.go b/vendor/github.com/containers/common/libimage/load.go
index 89faa4635..593eef04b 100644
--- a/vendor/github.com/containers/common/libimage/load.go
+++ b/vendor/github.com/containers/common/libimage/load.go
@@ -99,7 +99,7 @@ func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) (
}
// loadMultiImageDockerArchive loads the docker archive specified by ref. In
-// case the path@reference notation was used, only the specifiec image will be
+// case the path@reference notation was used, only the specified image will be
// loaded. Otherwise, all images will be loaded.
func (r *Runtime) loadMultiImageDockerArchive(ctx context.Context, ref types.ImageReference, options *CopyOptions) ([]string, error) {
// If we cannot stat the path, it either does not exist OR the correct
diff --git a/vendor/github.com/containers/common/libnetwork/cni/network.go b/vendor/github.com/containers/common/libnetwork/cni/network.go
index fce8f0066..11f1bbe14 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/network.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/network.go
@@ -19,6 +19,7 @@ import (
"github.com/containers/common/pkg/config"
"github.com/containers/storage/pkg/lockfile"
"github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
type cniNetwork struct {
@@ -62,6 +63,8 @@ type InitConfig struct {
CNIConfigDir string
// CNIPluginDirs is a list of directories where cni should look for the plugins.
CNIPluginDirs []string
+ // RunDir is a directory where temporary files can be stored.
+ RunDir string
// DefaultNetwork is the name for the default network.
DefaultNetwork string
@@ -81,7 +84,16 @@ func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
// TODO: consider using a shared memory lock
lock, err := lockfile.GetLockfile(filepath.Join(conf.CNIConfigDir, "cni.lock"))
if err != nil {
- return nil, err
+ // If we're on a read-only filesystem, there is no risk of
+ // contention. Fall back to a local lockfile.
+ if errors.Is(err, unix.EROFS) {
+ lock, err = lockfile.GetLockfile(filepath.Join(conf.RunDir, "cni.lock"))
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ return nil, err
+ }
}
defaultNetworkName := conf.DefaultNetwork
diff --git a/vendor/github.com/containers/common/libnetwork/network/interface.go b/vendor/github.com/containers/common/libnetwork/network/interface.go
index 639ff4e45..545655fd3 100644
--- a/vendor/github.com/containers/common/libnetwork/network/interface.go
+++ b/vendor/github.com/containers/common/libnetwork/network/interface.go
@@ -169,6 +169,7 @@ func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
return cni.NewCNINetworkInterface(&cni.InitConfig{
CNIConfigDir: confDir,
CNIPluginDirs: conf.Network.CNIPluginDirs,
+ RunDir: conf.Engine.TmpDir,
DefaultNetwork: conf.Network.DefaultNetwork,
DefaultSubnet: conf.Network.DefaultSubnet,
DefaultsubnetPools: conf.Network.DefaultSubnetPools,
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index de1d91ae3..858f961b6 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -7,6 +7,7 @@ import (
"os"
"os/exec"
"path/filepath"
+ "runtime"
"sort"
"strings"
"sync"
@@ -27,6 +28,8 @@ const (
_configPath = "containers/containers.conf"
// UserOverrideContainersConfig holds the containers config path overridden by the rootless user
UserOverrideContainersConfig = ".config/" + _configPath
+ // Token prefix for looking for helper binary under $BINDIR
+ bindirPrefix = "$BINDIR"
)
// RuntimeStateStore is a constant indicating which state store implementation
@@ -454,6 +457,13 @@ type EngineConfig struct {
// may not be by other drivers.
VolumePath string `toml:"volume_path,omitempty"`
+ // VolumePluginTimeout sets the default timeout, in seconds, for
+ // operations that must contact a volume plugin. Plugins are external
+ // programs accessed via REST API; this sets a timeout for requests to
+ // that API.
+ // A value of 0 is treated as no timeout.
+ VolumePluginTimeout uint `toml:"volume_plugin_timeout,omitempty,omitzero"`
+
// VolumePlugins is a set of plugins that can be used as the backend for
// Podman named volumes. Each volume is specified as a name (what Podman
// will refer to the plugin as) mapped to a path, which must point to a
@@ -815,6 +825,18 @@ func (c *Config) Validate() error {
return nil
}
+// URI returns the URI Path to the machine image
+func (m *MachineConfig) URI() string {
+ uri := m.Image
+ for _, val := range []string{"$ARCH", "$arch"} {
+ uri = strings.Replace(uri, val, runtime.GOARCH, 1)
+ }
+ for _, val := range []string{"$OS", "$os"} {
+ uri = strings.Replace(uri, val, runtime.GOOS, 1)
+ }
+ return uri
+}
+
func (c *EngineConfig) findRuntime() string {
// Search for crun first followed by runc, kata, runsc
for _, name := range []string{"crun", "runc", "runj", "kata", "runsc"} {
@@ -1241,10 +1263,37 @@ func (c *Config) ActiveDestination() (uri, identity string, err error) {
return "", "", errors.New("no service destination configured")
}
+var (
+ bindirFailed = false
+ bindirCached = ""
+)
+
+func findBindir() string {
+ if bindirCached != "" || bindirFailed {
+ return bindirCached
+ }
+ execPath, err := os.Executable()
+ if err == nil {
+ // Resolve symbolic links to find the actual binary file path.
+ execPath, err = filepath.EvalSymlinks(execPath)
+ }
+ if err != nil {
+ // If failed to find executable (unlikely to happen), warn about it.
+ // The bindirFailed flag will track this, so we only warn once.
+ logrus.Warnf("Failed to find $BINDIR: %v", err)
+ bindirFailed = true
+ return ""
+ }
+ bindirCached = filepath.Dir(execPath)
+ return bindirCached
+}
+
// FindHelperBinary will search the given binary name in the configured directories.
// If searchPATH is set to true it will also search in $PATH.
func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) {
dirList := c.Engine.HelperBinariesDir
+ bindirPath := ""
+ bindirSearched := false
// If set, search this directory first. This is used in testing.
if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found {
@@ -1252,6 +1301,24 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error)
}
for _, path := range dirList {
+ if path == bindirPrefix || strings.HasPrefix(path, bindirPrefix+string(filepath.Separator)) {
+ // Calculate the path to the executable first time we encounter a $BINDIR prefix.
+ if !bindirSearched {
+ bindirSearched = true
+ bindirPath = findBindir()
+ }
+ // If there's an error, don't stop the search for the helper binary.
+ // findBindir() will have warned once during the first failure.
+ if bindirPath == "" {
+ continue
+ }
+ // Replace the $BINDIR prefix with the path to the directory of the current binary.
+ if path == bindirPrefix {
+ path = bindirPath
+ } else {
+ path = filepath.Join(bindirPath, strings.TrimPrefix(path, bindirPrefix+string(filepath.Separator)))
+ }
+ }
fullpath := filepath.Join(path, name)
if fi, err := os.Stat(fullpath); err == nil && fi.Mode().IsRegular() {
return fullpath, nil
diff --git a/vendor/github.com/containers/common/pkg/config/config_darwin.go b/vendor/github.com/containers/common/pkg/config/config_darwin.go
index 0ab9e0294..5283665e1 100644
--- a/vendor/github.com/containers/common/pkg/config/config_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/config_darwin.go
@@ -35,4 +35,6 @@ var defaultHelperBinariesDir = []string{
"/usr/local/lib/podman",
"/usr/libexec/podman",
"/usr/lib/podman",
+ // Relative to the binary directory
+ "$BINDIR/../libexec/podman",
}
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index d1ac7c0e8..5b5aaa00a 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -605,6 +605,12 @@ default_sysctls = [
#
#volume_path = "/var/lib/containers/storage/volumes"
+# Default timeout (in seconds) for volume plugin operations.
+# Plugins are external programs accessed via a REST API; this sets a timeout
+# for requests to that API.
+# A value of 0 is treated as no timeout.
+#volume_plugin_timeout = 5
+
# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc)
[engine.runtimes]
#crun = [
@@ -665,9 +671,16 @@ default_sysctls = [
#
#disk_size=10
-# The image used when creating a podman-machine VM.
+# Default image URI when creating a new VM using `podman machine init`.
+# Options: On Linux/Mac, `testing`, `stable`, `next`. On Windows, the major
+# version of the OS (e.g `36`) for Fedora 36. For all platforms you can
+# alternatively specify a custom download URL to an image. Container engines
+# translate URIs $OS and $ARCH to the native OS and ARCH. URI
+# "https://example.com/$OS/$ARCH/foobar.ami" becomes
+# "https://example.com/linux/amd64/foobar.ami" on a Linux AMD machine.
+# The default value is `testing`.
#
-#image = "testing"
+# image = "testing"
# Memory in MB a machine is created with.
#
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 6bca7312a..b0d62779b 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -168,6 +168,8 @@ const (
SeccompOverridePath = _etcDir + "/containers/seccomp.json"
// SeccompDefaultPath defines the default seccomp path.
SeccompDefaultPath = _installPrefix + "/share/containers/seccomp.json"
+ // DefaultVolumePluginTimeout is the default volume plugin timeout, in seconds
+ DefaultVolumePluginTimeout = 5
)
// DefaultConfig defines the default values from containers.conf.
@@ -264,7 +266,7 @@ func defaultMachineConfig() MachineConfig {
Image: getDefaultMachineImage(),
Memory: 2048,
User: getDefaultMachineUser(),
- Volumes: []string{"$HOME:$HOME"},
+ Volumes: getDefaultMachineVolumes(),
}
}
@@ -304,6 +306,8 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
c.StaticDir = filepath.Join(storeOpts.GraphRoot, "libpod")
c.VolumePath = filepath.Join(storeOpts.GraphRoot, "volumes")
+ c.VolumePluginTimeout = DefaultVolumePluginTimeout
+
c.HelperBinariesDir = defaultHelperBinariesDir
if additionalHelperBinariesDir != "" {
c.HelperBinariesDir = append(c.HelperBinariesDir, additionalHelperBinariesDir)
diff --git a/vendor/github.com/containers/common/pkg/config/default_darwin.go b/vendor/github.com/containers/common/pkg/config/default_darwin.go
index c502ea55e..5d857df4f 100644
--- a/vendor/github.com/containers/common/pkg/config/default_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/default_darwin.go
@@ -11,3 +11,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_freebsd.go b/vendor/github.com/containers/common/pkg/config/default_freebsd.go
index 8b10ac1f7..9c827dbfe 100644
--- a/vendor/github.com/containers/common/pkg/config/default_freebsd.go
+++ b/vendor/github.com/containers/common/pkg/config/default_freebsd.go
@@ -18,3 +18,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/var/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_linux.go b/vendor/github.com/containers/common/pkg/config/default_linux.go
index 86873beb1..15052c10e 100644
--- a/vendor/github.com/containers/common/pkg/config/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/config/default_linux.go
@@ -70,3 +70,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_windows.go b/vendor/github.com/containers/common/pkg/config/default_windows.go
index 1ff88fc42..08a0bf223 100644
--- a/vendor/github.com/containers/common/pkg/config/default_windows.go
+++ b/vendor/github.com/containers/common/pkg/config/default_windows.go
@@ -44,3 +44,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{}
+}
diff --git a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
index ff82b5a39..02b6dfb09 100644
--- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
+++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
@@ -372,7 +372,7 @@ func mountExists(mounts []rspec.Mount, dest string) bool {
return false
}
-// resolveSymbolicLink resolves a possbile symlink path. If the path is a symlink, returns resolved
+// resolveSymbolicLink resolves symlink paths. If the path is a symlink, returns resolved
// path; if not, returns the original path.
func resolveSymbolicLink(path string) (string, error) {
info, err := os.Lstat(path)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index eb9c7a34d..170f8fb98 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -11,7 +11,7 @@ github.com/Microsoft/go-winio/backuptar
github.com/Microsoft/go-winio/pkg/guid
github.com/Microsoft/go-winio/pkg/security
github.com/Microsoft/go-winio/vhd
-# github.com/Microsoft/hcsshim v0.9.3
+# github.com/Microsoft/hcsshim v0.9.4
github.com/Microsoft/hcsshim
github.com/Microsoft/hcsshim/computestorage
github.com/Microsoft/hcsshim/internal/cow
@@ -67,7 +67,7 @@ github.com/container-orchestrated-devices/container-device-interface/pkg/cdi
github.com/container-orchestrated-devices/container-device-interface/specs-go
# github.com/containerd/cgroups v1.0.3
github.com/containerd/cgroups/stats/v1
-# github.com/containerd/containerd v1.6.6
+# github.com/containerd/containerd v1.6.8
github.com/containerd/containerd/errdefs
github.com/containerd/containerd/log
github.com/containerd/containerd/pkg/userns
@@ -114,7 +114,7 @@ github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/util
-# github.com/containers/common v0.49.2-0.20220817132854-f6679f170eca
+# github.com/containers/common v0.49.2-0.20220823130605-72a7da3358ac
## explicit
github.com/containers/common/libimage
github.com/containers/common/libimage/define