diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2022-10-03 10:14:49 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2022-10-03 10:17:14 -0400 |
commit | 11e83a0952468558092f0cec197611b06fd55b9c (patch) | |
tree | db509a0e455f7e5d50ce020196eed8544fbafe52 /vendor | |
parent | ddf36e06490b5112fd8150f8e5090aa85bfa4018 (diff) | |
download | podman-11e83a0952468558092f0cec197611b06fd55b9c.tar.gz podman-11e83a0952468558092f0cec197611b06fd55b9c.tar.bz2 podman-11e83a0952468558092f0cec197611b06fd55b9c.zip |
Update vendor of containers/buildah v1.28.0
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'vendor')
-rw-r--r-- | vendor/github.com/containers/buildah/CHANGELOG.md | 71 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/Makefile | 4 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/changelog.txt | 70 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/config.go | 13 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/copier/copier.go | 4 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/define/types.go | 2 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/imagebuildah/build.go | 19 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/imagebuildah/stage_executor.go | 2 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/info.go | 4 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/internal/util/util.go | 17 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/release.sh | 26 | ||||
-rw-r--r-- | vendor/github.com/containers/buildah/run_linux.go | 40 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
13 files changed, 226 insertions, 48 deletions
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index 667d5f81f..32175538b 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -2,6 +2,77 @@ # Changelog +## v1.28.0 (2022-09-30) + + Update vendor containers/(common,image) + [CI:DOCS] Add quay-description update reminder + vendor: bump c/common to v0.49.2-0.20220929111928-2d1b45ae2423 + build(deps): bump github.com/opencontainers/selinux + Vendor in latest containers/storage + Changing shell list operators from `;` to `&&` + Fix buildahimage container.conf permissions regression + Set sysctls from containers.conf + refactor: stop using Normalize directly from containerd package + config,builder: process variant while populating image spec + Proof of concept: nightly dependency treadmill + Run codespell on code + Check for unset build args after TARGET args + pkg/cli: improve completion test + vendor in latest containers/(common,storage,image) + copier: work around freebsd bug for "mkdir /" + vendor: update c/image + test: run in the host cgroup namespace + vendor: update c/storage + vendor: update c/common + cmd: check for user UID instead of privileges + run,build: conflict --isolation=chroot and --network + Fix broken dns test (from merge collision) + Fix stutters + Fix broken command completion + buildah bud --network=none should have no network + build: support --skip-unused-stages for multi-stage builds + Prevent use of --dns* options with --net=none + buildah: make --cache-ttl=0s equivalent to --no-cache + parse: make processing flags in --mount order agnostic + Minor test fix for podman-remote + build: honor <Containerfile>.containerignore as ignore file + Update install.md: Debian 11 (Bullseye) is stable + build(deps): bump github.com/docker/docker + Use constants from containers/common for finding seccomp.json + Don't call os.Exit(1) from manifest exist + manifest: add support for buildah manifest exists + Buildah should ignore /etc/crio/seccomp.json + chroot: Fix cross build break + chroot: Move isDevNull to run_common.go + chroot: Fix setRlimit build on FreeBSD + chroot: Move parseRLimits and setRlimits to run_common.go + chroot: Fix runUsingChrootExecMain on FreeBSD + chroot: Move runUsingChrootExecMain to run_common.go + chroot: Factor out Linux-specific unshare options from runUsingChroot + chroot: Move runUsingChroot to run_common.go + chroot: Move RunUsingChroot and runUsingChrootMain to run_common.go + chroot: Factor out /dev/ptmx pty implementation + chroot: Add FreeBSD support for run with chroot isolation + build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 + Replace k8s.gcr.io/pause in tests with registry.k8s.io/pause + build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.1 + Cirrus: use image with fewer downloaded dependencies + build(deps): bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 + run: add container gid to additional groups + buildah: support for --retry and --retry-delay for push/pull failures + Makefile: always call $(GO) instead of `go` + build(deps): bump github.com/fsouza/go-dockerclient from 1.8.2 to 1.8.3 + test: use `T.TempDir` to create temporary test directory + mount,cache: enable SElinux shared content label option by default + commit: use race-free RemoveNames instead of SetNames + Drop util/util.Cause() + cmd/buildah: add "manifest create --amend" + build(deps): bump github.com/fsouza/go-dockerclient from 1.8.1 to 1.8.2 + docs: specify git protocol is not supported for github hosted repo + Scrub user and group names from layer diffs + build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8 + version: bump to 1.28.0-dev + ## v1.27.0 (2022-08-01) build: support filtering cache by duration using `--cache-ttl`. diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile index 7c7bf1596..8b6bb8f44 100644 --- a/vendor/github.com/containers/buildah/Makefile +++ b/vendor/github.com/containers/buildah/Makefile @@ -113,7 +113,7 @@ gopath: test $(shell pwd) = $(shell cd ../../../../src/github.com/containers/buildah ; pwd) codespell: - codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L uint,iff,od,ERRO -w + codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L uint,iff,od,erro -w .PHONY: validate validate: install.tools @@ -187,7 +187,7 @@ vendor-in-container: .PHONY: vendor vendor: - GO111MODULE=on $(GO) mod tidy + GO111MODULE=on $(GO) mod tidy -compat=1.17 GO111MODULE=on $(GO) mod vendor GO111MODULE=on $(GO) mod verify diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index a6fa96acf..1d066f068 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,3 +1,73 @@ +- Changelog for v1.28.0 (2022-09-30) + * Update vendor containers/(common,image) + * [CI:DOCS] Add quay-description update reminder + * vendor: bump c/common to v0.49.2-0.20220929111928-2d1b45ae2423 + * build(deps): bump github.com/opencontainers/selinux + * Vendor in latest containers/storage + * Changing shell list operators from `;` to `&&` + * Fix buildahimage container.conf permissions regression + * Set sysctls from containers.conf + * refactor: stop using Normalize directly from containerd package + * config,builder: process variant while populating image spec + * Proof of concept: nightly dependency treadmill + * Run codespell on code + * Check for unset build args after TARGET args + * pkg/cli: improve completion test + * vendor in latest containers/(common,storage,image) + * copier: work around freebsd bug for "mkdir /" + * vendor: update c/image + * test: run in the host cgroup namespace + * vendor: update c/storage + * vendor: update c/common + * cmd: check for user UID instead of privileges + * run,build: conflict --isolation=chroot and --network + * Fix broken dns test (from merge collision) + * Fix stutters + * Fix broken command completion + * buildah bud --network=none should have no network + * build: support --skip-unused-stages for multi-stage builds + * Prevent use of --dns* options with --net=none + * buildah: make --cache-ttl=0s equivalent to --no-cache + * parse: make processing flags in --mount order agnostic + * Minor test fix for podman-remote + * build: honor <Containerfile>.containerignore as ignore file + * Update install.md: Debian 11 (Bullseye) is stable + * build(deps): bump github.com/docker/docker + * Use constants from containers/common for finding seccomp.json + * Don't call os.Exit(1) from manifest exist + * manifest: add support for buildah manifest exists + * Buildah should ignore /etc/crio/seccomp.json + * chroot: Fix cross build break + * chroot: Move isDevNull to run_common.go + * chroot: Fix setRlimit build on FreeBSD + * chroot: Move parseRLimits and setRlimits to run_common.go + * chroot: Fix runUsingChrootExecMain on FreeBSD + * chroot: Move runUsingChrootExecMain to run_common.go + * chroot: Factor out Linux-specific unshare options from runUsingChroot + * chroot: Move runUsingChroot to run_common.go + * chroot: Move RunUsingChroot and runUsingChrootMain to run_common.go + * chroot: Factor out /dev/ptmx pty implementation + * chroot: Add FreeBSD support for run with chroot isolation + * build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 + * Replace k8s.gcr.io/pause in tests with registry.k8s.io/pause + * build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.1 + * Cirrus: use image with fewer downloaded dependencies + * build(deps): bump github.com/opencontainers/runc from 1.1.3 to 1.1.4 + * run: add container gid to additional groups + * buildah: support for --retry and --retry-delay for push/pull failures + * Makefile: always call $(GO) instead of `go` + * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.2 to 1.8.3 + * test: use `T.TempDir` to create temporary test directory + * mount,cache: enable SElinux shared content label option by default + * commit: use race-free RemoveNames instead of SetNames + * Drop util/util.Cause() + * cmd/buildah: add "manifest create --amend" + * build(deps): bump github.com/fsouza/go-dockerclient from 1.8.1 to 1.8.2 + * docs: specify git protocol is not supported for github hosted repo + * Scrub user and group names from layer diffs + * build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8 + * version: bump to 1.28.0-dev + - Changelog for v1.27.0 (2022-08-01) * build: support filtering cache by duration using `--cache-ttl`. * build: support building from commit when using git repo as build context. diff --git a/vendor/github.com/containers/buildah/config.go b/vendor/github.com/containers/buildah/config.go index a9883a595..fde35529a 100644 --- a/vendor/github.com/containers/buildah/config.go +++ b/vendor/github.com/containers/buildah/config.go @@ -9,9 +9,9 @@ import ( "strings" "time" - "github.com/containerd/containerd/platforms" "github.com/containers/buildah/define" "github.com/containers/buildah/docker" + internalUtil "github.com/containers/buildah/internal/util" "github.com/containers/common/pkg/util" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/pkg/compression" @@ -136,7 +136,16 @@ func (b *Builder) fixupConfig(sys *types.SystemContext) { b.SetArchitecture(runtime.GOARCH) } // in case the arch string we started with was shorthand for a known arch+variant pair, normalize it - ps := platforms.Normalize(ociv1.Platform{OS: b.OS(), Architecture: b.Architecture(), Variant: b.Variant()}) + ps := internalUtil.NormalizePlatform(ociv1.Platform{OS: b.OS(), Architecture: b.Architecture(), Variant: b.Variant()}) + b.SetArchitecture(ps.Architecture) + b.SetVariant(ps.Variant) + } + if b.Variant() == "" { + if sys != nil && sys.VariantChoice != "" { + b.SetVariant(sys.VariantChoice) + } + // in case the arch string we started with was shorthand for a known arch+variant pair, normalize it + ps := internalUtil.NormalizePlatform(ociv1.Platform{OS: b.OS(), Architecture: b.Architecture(), Variant: b.Variant()}) b.SetArchitecture(ps.Architecture) b.SetVariant(ps.Variant) } diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go index fd4c6b394..6d4c81c67 100644 --- a/vendor/github.com/containers/buildah/copier/copier.go +++ b/vendor/github.com/containers/buildah/copier/copier.go @@ -1794,7 +1794,9 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM } } case tar.TypeDir: - if err = os.Mkdir(path, 0700); err != nil && errors.Is(err, os.ErrExist) { + // FreeBSD can return EISDIR for "mkdir /": + // https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=59739. + if err = os.Mkdir(path, 0700); err != nil && (errors.Is(err, os.ErrExist) || errors.Is(err, syscall.EISDIR)) { if st, stErr := os.Lstat(path); stErr == nil && !st.IsDir() { if req.PutOptions.NoOverwriteNonDirDir { break diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go index fb4735baa..ae088a43d 100644 --- a/vendor/github.com/containers/buildah/define/types.go +++ b/vendor/github.com/containers/buildah/define/types.go @@ -30,7 +30,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.28.0-dev" + Version = "1.28.0" // DefaultRuntime if containers.conf fails. DefaultRuntime = "runc" diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index 293e5bc96..09267f966 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -17,6 +17,7 @@ import ( "github.com/containerd/containerd/platforms" "github.com/containers/buildah/define" + internalUtil "github.com/containers/buildah/internal/util" "github.com/containers/buildah/util" "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" @@ -216,12 +217,12 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B systemContext := options.SystemContext for _, platform := range options.Platforms { platformContext := *systemContext - platformSpec := platforms.Normalize(v1.Platform{ + platformSpec := internalUtil.NormalizePlatform(v1.Platform{ OS: platform.OS, Architecture: platform.Arch, Variant: platform.Variant, }) - // platforms.Normalize converts an empty os value to GOOS + // internalUtil.NormalizePlatform converts an empty os value to GOOS // so we have to check the original value here to not overwrite the default for no reason if platform.OS != "" { platformContext.OSChoice = platformSpec.OS @@ -248,7 +249,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B loggerPerPlatform := logger if platformOptions.LogFile != "" && platformOptions.LogSplitByPlatform { logFile := platformOptions.LogFile + "_" + platformOptions.OS + "_" + platformOptions.Architecture - f, err := os.OpenFile(logFile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600) + f, err := os.OpenFile(logFile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600) if err != nil { return fmt.Errorf("opening logfile: %q: %w", logFile, err) } @@ -285,7 +286,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B return "", nil, merr.ErrorOrNil() } - // Reasons for this id, ref assigment w.r.t to use-case: + // Reasons for this id, ref assignment w.r.t to use-case: // // * Single-platform build: On single platform build we only // have one built instance i.e on indice 0 of built instances, @@ -294,7 +295,7 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options define.B // * Multi-platform build with manifestList: If this is a build for // multiple platforms ( more than one platform ) and --manifest // option then this assignment is insignificant since it will be - // overriden anyways with the id and ref of manifest list later in + // overridden anyways with the id and ref of manifest list later in // in this code. // // * Multi-platform build without manifest list: If this is a build for @@ -377,8 +378,6 @@ func buildDockerfilesOnce(ctx context.Context, store storage.Store, logger *logr return "", nil, fmt.Errorf("parsing main Dockerfile: %s: %w", containerFiles[0], err) } - warnOnUnsetBuildArgs(logger, mainNode, options.Args) - // --platform was explicitly selected for this build // so set correct TARGETPLATFORM in args if it is not // already selected by the user. @@ -413,6 +412,8 @@ func buildDockerfilesOnce(ctx context.Context, store storage.Store, logger *logr } } + warnOnUnsetBuildArgs(logger, mainNode, options.Args) + for i, d := range dockerfilecontents[1:] { additionalNode, err := imagebuilder.ParseDockerfile(bytes.NewReader(d)) if err != nil { @@ -622,7 +623,7 @@ func platformsForBaseImages(ctx context.Context, logger *logrus.Logger, dockerfi if instance.Platform == nil { continue } - platform := platforms.Normalize(*instance.Platform) + platform := internalUtil.NormalizePlatform(*instance.Platform) targetPlatforms[platforms.Format(platform)] = struct{}{} logger.Debugf("image %q supports %q", baseImage, platforms.Format(platform)) } @@ -633,7 +634,7 @@ func platformsForBaseImages(ctx context.Context, logger *logrus.Logger, dockerfi if instance.Platform == nil { continue } - platform := platforms.Normalize(*instance.Platform) + platform := internalUtil.NormalizePlatform(*instance.Platform) imagePlatforms[platforms.Format(platform)] = struct{}{} logger.Debugf("image %q supports %q", baseImage, platforms.Format(platform)) } diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go index de0e16bcc..8c858ea91 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go @@ -1677,7 +1677,7 @@ func (s *StageExecutor) tagExistingImage(ctx context.Context, cacheID, output st // generateCacheKey returns a computed digest for the current STEP // running its history and diff against a hash algorithm and this // generated CacheKey is further used by buildah to lock and decide -// tag for the intermeidate image which can be pushed and pulled to/from +// tag for the intermediate image which can be pushed and pulled to/from // the remote repository. func (s *StageExecutor) generateCacheKey(ctx context.Context, currNode *parser.Node, addedContentDigest string, buildAddsLayer bool) (string, error) { hash := sha256.New() diff --git a/vendor/github.com/containers/buildah/info.go b/vendor/github.com/containers/buildah/info.go index 9155bb318..85e570ce7 100644 --- a/vendor/github.com/containers/buildah/info.go +++ b/vendor/github.com/containers/buildah/info.go @@ -9,7 +9,7 @@ import ( "strconv" "strings" - "github.com/containerd/containerd/platforms" + internalUtil "github.com/containers/buildah/internal/util" putil "github.com/containers/buildah/pkg/util" "github.com/containers/buildah/util" "github.com/containers/storage" @@ -43,7 +43,7 @@ func Info(store storage.Store) ([]InfoData, error) { func hostInfo() map[string]interface{} { info := map[string]interface{}{} - ps := platforms.Normalize(v1.Platform{OS: runtime.GOOS, Architecture: runtime.GOARCH}) + ps := internalUtil.NormalizePlatform(v1.Platform{OS: runtime.GOOS, Architecture: runtime.GOARCH}) info["os"] = ps.OS info["arch"] = ps.Architecture info["variant"] = ps.Variant diff --git a/vendor/github.com/containers/buildah/internal/util/util.go b/vendor/github.com/containers/buildah/internal/util/util.go index 7d824ccf2..36fc4daba 100644 --- a/vendor/github.com/containers/buildah/internal/util/util.go +++ b/vendor/github.com/containers/buildah/internal/util/util.go @@ -15,6 +15,7 @@ import ( "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" "github.com/containers/storage/pkg/unshare" + v1 "github.com/opencontainers/image-spec/specs-go/v1" ) // LookupImage returns *Image to corresponding imagename or id @@ -34,6 +35,22 @@ func LookupImage(ctx *types.SystemContext, store storage.Store, image string) (* return localImage, nil } +// NormalizePlatform validates and translate the platform to the canonical value. +// +// For example, if "Aarch64" is encountered, we change it to "arm64" or if +// "x86_64" is encountered, it becomes "amd64". +// +// Wrapper around libimage.NormalizePlatform to return and consume +// v1.Platform instead of independent os, arch and variant. +func NormalizePlatform(platform v1.Platform) v1.Platform { + os, arch, variant := libimage.NormalizePlatform(platform.OS, platform.Architecture, platform.Variant) + return v1.Platform{ + OS: os, + Architecture: arch, + Variant: variant, + } +} + // GetTempDir returns base for a temporary directory on host. func GetTempDir() string { if tmpdir, ok := os.LookupEnv("TMPDIR"); ok { diff --git a/vendor/github.com/containers/buildah/release.sh b/vendor/github.com/containers/buildah/release.sh index 007f238d8..508ae90d5 100644 --- a/vendor/github.com/containers/buildah/release.sh +++ b/vendor/github.com/containers/buildah/release.sh @@ -21,28 +21,6 @@ write_go_version() sed -i "s/^\(.*Version = \"\).*/\1${LOCAL_VERSION}\"/" define/types.go } -write_spec_version() -{ - LOCAL_VERSION="$1" - sed -i "s/^\(Version: *\).*/\1${LOCAL_VERSION}/" contrib/rpm/buildah.spec -} - -write_spec_changelog() -{ - sed '/\*.*-dev-1/d' -i ./contrib/rpm/buildah.spec - VERSION=$1 - date=$(date "+%a %b %d, %Y") - name=$(getent passwd $USERNAME | cut -d ':' -f 5) - echo "* ${date} ${name} <${USER}@redhat.com> ${VERSION}-1" >.changelog.txt - if [[ "${VERSION}" != *-dev ]]; then - git log --no-merges --format='- %s' "${LAST_TAG}..HEAD" >>.changelog.txt - else - echo "" >>.changelog.txt - fi - sed '/^%changelog.*/r .changelog.txt' -i ./contrib/rpm/buildah.spec - rm -f .changelog.txt -} - write_makefile_epoch() { LOCAL_EPOCH="$1" @@ -68,8 +46,6 @@ write_changelog() release_commit() { write_go_version "${VERSION}" && - write_spec_version "${VERSION}" && - write_spec_changelog "${VERSION}" && write_changelog && git commit -asm "Bump to v${VERSION} @@ -80,8 +56,6 @@ release_commit() dev_version_commit() { write_go_version "${NEXT_VERSION}-dev" && - write_spec_version "${NEXT_VERSION}-dev" && - write_spec_changelog "${NEXT_VERSION}-dev" && git commit -asm "Bump to v${NEXT_VERSION}-dev [NO TESTS NEEDED] diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index d4707e39a..09a3cd066 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -605,11 +605,37 @@ func runMakeStdioPipe(uid, gid int) ([][]int, error) { } func setupNamespaces(logger *logrus.Logger, g *generate.Generator, namespaceOptions define.NamespaceOptions, idmapOptions define.IDMappingOptions, policy define.NetworkConfigurationPolicy) (configureNetwork bool, configureNetworks []string, configureUTS bool, err error) { + defaultContainerConfig, err := config.Default() + if err != nil { + return false, nil, false, fmt.Errorf("failed to get container config: %w", err) + } + + addSysctl := func(prefixes []string) error { + for _, sysctl := range defaultContainerConfig.Sysctls() { + splitn := strings.SplitN(sysctl, "=", 2) + if len(splitn) > 2 { + return fmt.Errorf("sysctl %q defined in containers.conf must be formatted name=value", sysctl) + } + for _, prefix := range prefixes { + if strings.HasPrefix(splitn[0], prefix) { + g.AddLinuxSysctl(splitn[0], splitn[1]) + } + } + } + return nil + } + // Set namespace options in the container configuration. configureUserns := false specifiedNetwork := false for _, namespaceOption := range namespaceOptions { switch namespaceOption.Name { + case string(specs.IPCNamespace): + if !namespaceOption.Host { + if err := addSysctl([]string{"fs.mqueue"}); err != nil { + return false, nil, false, err + } + } case string(specs.UserNamespace): configureUserns = false if !namespaceOption.Host && namespaceOption.Path == "" { @@ -627,8 +653,13 @@ func setupNamespaces(logger *logrus.Logger, g *generate.Generator, namespaceOpti } case string(specs.UTSNamespace): configureUTS = false - if !namespaceOption.Host && namespaceOption.Path == "" { - configureUTS = true + if !namespaceOption.Host { + if namespaceOption.Path == "" { + configureUTS = true + } + if err := addSysctl([]string{"kernel.hostname", "kernel.domainame"}); err != nil { + return false, nil, false, err + } } } if namespaceOption.Host { @@ -684,7 +715,10 @@ func setupNamespaces(logger *logrus.Logger, g *generate.Generator, namespaceOpti } } } - if configureNetwork && !unshare.IsRootless() { + if configureNetwork { + if err := addSysctl([]string{"net"}); err != nil { + return false, nil, false, err + } for name, val := range define.DefaultNetworkSysctl { // Check that the sysctl we are adding is actually supported // by the kernel diff --git a/vendor/modules.txt b/vendor/modules.txt index 714e6fbfa..d2de96573 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -97,7 +97,7 @@ github.com/containernetworking/cni/pkg/version # github.com/containernetworking/plugins v1.1.1 ## explicit; go 1.17 github.com/containernetworking/plugins/pkg/ns -# github.com/containers/buildah v1.27.1-0.20220921131114-d3064796af36 +# github.com/containers/buildah v1.28.0 ## explicit; go 1.17 github.com/containers/buildah github.com/containers/buildah/bind |