aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml21
-rw-r--r--README.md2
-rw-r--r--cmd/podman/common/createparse.go2
-rw-r--r--cmd/podman/common/specgen.go2
-rw-r--r--cmd/podman/containers/diff.go9
-rw-r--r--cmd/podman/images/list.go74
-rw-r--r--cmd/podman/parse/json.go3
-rw-r--r--cmd/podman/parse/json_test.go25
-rw-r--r--cmd/podman/report/format.go68
-rw-r--r--cmd/podman/report/format_test.go35
-rw-r--r--completions/bash/podman2
-rwxr-xr-xcontrib/cirrus/logformatter105
-rwxr-xr-xcontrib/cirrus/logformatter.t10
-rw-r--r--contrib/imgprune/Dockerfile7
-rw-r--r--contrib/imgprune/README.md11
-rwxr-xr-xcontrib/imgprune/entrypoint.sh106
-rw-r--r--contrib/imgts/Dockerfile20
-rw-r--r--contrib/imgts/README.md11
-rwxr-xr-xcontrib/imgts/entrypoint.sh23
-rw-r--r--contrib/imgts/google-cloud-sdk.repo8
-rw-r--r--contrib/imgts/lib_entrypoint.sh49
-rw-r--r--contrib/upldrel/Dockerfile9
-rw-r--r--contrib/upldrel/README.md9
-rwxr-xr-xcontrib/upldrel/entrypoint.sh27
-rw-r--r--docs/source/markdown/podman-create.1.md4
-rw-r--r--docs/source/markdown/podman-run.1.md4
-rw-r--r--go.mod4
-rw-r--r--go.sum8
-rw-r--r--libpod/container_internal_linux.go40
-rw-r--r--libpod/container_log_linux.go2
-rw-r--r--libpod/image/prune.go50
-rw-r--r--libpod/util_linux.go12
-rw-r--r--libpod/util_linux_test.go39
-rw-r--r--pkg/api/handlers/compat/images.go21
-rw-r--r--pkg/domain/infra/abi/images.go6
-rw-r--r--pkg/domain/infra/tunnel/helpers.go92
-rw-r--r--pkg/rootless/rootless.go25
-rw-r--r--pkg/specgen/generate/config_linux.go7
-rw-r--r--pkg/specgen/generate/oci.go15
-rw-r--r--test/apiv2/10-images.at6
-rw-r--r--test/e2e/info_test.go10
-rw-r--r--test/e2e/logs_test.go1
-rw-r--r--test/e2e/run_test.go24
-rw-r--r--test/e2e/version_test.go11
-rw-r--r--test/system/035-logs.bats11
-rw-r--r--test/system/500-networking.bats2
-rw-r--r--vendor/github.com/containers/buildah/.golangci.yml40
-rw-r--r--vendor/github.com/containers/buildah/CHANGELOG.md11
-rw-r--r--vendor/github.com/containers/buildah/add.go26
-rw-r--r--vendor/github.com/containers/buildah/buildah.go2
-rw-r--r--vendor/github.com/containers/buildah/changelog.txt11
-rw-r--r--vendor/github.com/containers/buildah/chroot/run.go12
-rw-r--r--vendor/github.com/containers/buildah/chroot/seccomp.go26
-rw-r--r--vendor/github.com/containers/buildah/copier/copier.go48
-rw-r--r--vendor/github.com/containers/common/pkg/completion/completion.go69
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/modules.txt4
57 files changed, 781 insertions, 502 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index d2a8cb660..6f8cd0a30 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -34,16 +34,16 @@ env:
####
#### Cache-image names to test with (double-quotes around names are critical)
###
- FEDORA_NAME: "fedora"
- PRIOR_FEDORA_NAME: "prior-fedora"
- UBUNTU_NAME: "ubuntu"
- PRIOR_UBUNTU_NAME: "prior-ubuntu"
+ FEDORA_NAME: "fedora-32"
+ PRIOR_FEDORA_NAME: "fedora-31"
+ UBUNTU_NAME: "ubuntu-20"
+ PRIOR_UBUNTU_NAME: "ubuntu-19"
- _BUILT_IMAGE_SUFFIX: "c6110627968057344"
- FEDORA_CACHE_IMAGE_NAME: "${FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}"
- PRIOR_FEDORA_CACHE_IMAGE_NAME: "${PRIOR_FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}"
- UBUNTU_CACHE_IMAGE_NAME: "${UBUNTU_NAME}-${_BUILT_IMAGE_SUFFIX}"
- PRIOR_UBUNTU_CACHE_IMAGE_NAME: "${PRIOR_UBUNTU_NAME}-${_BUILT_IMAGE_SUFFIX}"
+ _BUILT_IMAGE_SUFFIX: "c4948709391728640"
+ FEDORA_CACHE_IMAGE_NAME: "fedora-${_BUILT_IMAGE_SUFFIX}"
+ PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${_BUILT_IMAGE_SUFFIX}"
+ UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${_BUILT_IMAGE_SUFFIX}"
+ PRIOR_UBUNTU_CACHE_IMAGE_NAME: "prior-ubuntu-${_BUILT_IMAGE_SUFFIX}"
####
#### Default to NOT operating in any special-case testing mode
@@ -290,7 +290,7 @@ build_without_cgo_task:
meta_task:
container:
- image: "quay.io/libpod/imgts:master" # see contrib/imgts
+ image: "quay.io/libpod/imgts:${_BUILT_IMAGE_SUFFIX}"
cpu: 1
memory: 1
@@ -301,7 +301,6 @@ meta_task:
${PRIOR_FEDORA_CACHE_IMAGE_NAME}
${UBUNTU_CACHE_IMAGE_NAME}
${PRIOR_UBUNTU_CACHE_IMAGE_NAME}
- ${IMAGE_BUILDER_CACHE_IMAGE_NAME}
BUILDID: "${CIRRUS_BUILD_ID}"
REPOREF: "${CIRRUS_CHANGE_IN_REPO}"
GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4]
diff --git a/README.md b/README.md
index 8c2631b81..5192d877f 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of containers.
Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes.
-* [Latest Version: 2.1.0](https://github.com/containers/podman/releases/latest)
+* [Latest Version: 2.1.1](https://github.com/containers/podman/releases/latest)
* Latest Remote client for Windows
* Latest Remote client for MacOs
* Latest Static Remote client for Linux
diff --git a/cmd/podman/common/createparse.go b/cmd/podman/common/createparse.go
index 059f9050f..09ee5aa0c 100644
--- a/cmd/podman/common/createparse.go
+++ b/cmd/podman/common/createparse.go
@@ -10,7 +10,7 @@ import (
func (c *ContainerCLIOpts) validate() error {
var ()
if c.Rm && c.Restart != "" && c.Restart != "no" {
- return errors.Errorf("the --rm option conflicts with --restart")
+ return errors.Errorf(`the --rm option conflicts with --restart, when the restartPolicy is not "" and "no"`)
}
if _, err := util.ValidatePullType(c.Pull); err != nil {
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index e7b88eb3f..84ae70b6a 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -233,7 +233,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
// validate flags as needed
if err := c.validate(); err != nil {
- return nil
+ return err
}
s.User = c.User
diff --git a/cmd/podman/containers/diff.go b/cmd/podman/containers/diff.go
index 227c13f4c..a3ca6edf9 100644
--- a/cmd/podman/containers/diff.go
+++ b/cmd/podman/containers/diff.go
@@ -1,6 +1,7 @@
package containers
import (
+ "github.com/containers/podman/v2/cmd/podman/parse"
"github.com/containers/podman/v2/cmd/podman/registry"
"github.com/containers/podman/v2/cmd/podman/report"
"github.com/containers/podman/v2/cmd/podman/validate"
@@ -52,11 +53,11 @@ func diff(cmd *cobra.Command, args []string) error {
return err
}
- switch diffOpts.Format {
- case "":
- return report.ChangesToTable(results)
- case "json":
+ switch {
+ case parse.MatchesJSONFormat(diffOpts.Format):
return report.ChangesToJSON(results)
+ case diffOpts.Format == "":
+ return report.ChangesToTable(results)
default:
return errors.New("only supported value for '--format' is 'json'")
}
diff --git a/cmd/podman/images/list.go b/cmd/podman/images/list.go
index ffb341fc4..239da9d28 100644
--- a/cmd/podman/images/list.go
+++ b/cmd/podman/images/list.go
@@ -11,7 +11,9 @@ import (
"unicode"
"github.com/containers/image/v5/docker/reference"
+ "github.com/containers/podman/v2/cmd/podman/parse"
"github.com/containers/podman/v2/cmd/podman/registry"
+ "github.com/containers/podman/v2/cmd/podman/report"
"github.com/containers/podman/v2/pkg/domain/entities"
"github.com/docker/go-units"
"github.com/pkg/errors"
@@ -106,9 +108,12 @@ func images(cmd *cobra.Command, args []string) error {
switch {
case listFlag.quiet:
return writeID(imgs)
- case cmd.Flag("format").Changed && listFlag.format == "json":
+ case parse.MatchesJSONFormat(listFlag.format):
return writeJSON(imgs)
default:
+ if cmd.Flag("format").Changed {
+ listFlag.noHeading = true // V1 compatibility
+ }
return writeTemplate(imgs)
}
}
@@ -156,25 +161,29 @@ func writeJSON(images []imageReporter) error {
}
func writeTemplate(imgs []imageReporter) error {
- var (
- hdr, row string
- )
- if len(listFlag.format) < 1 {
- hdr, row = imageListFormat(listFlag)
+ hdrs := report.Headers(imageReporter{}, map[string]string{
+ "ID": "IMAGE ID",
+ "ReadOnly": "R/O",
+ })
+
+ var row string
+ if listFlag.format == "" {
+ row = lsFormatFromFlags(listFlag)
} else {
- row = listFlag.format
- if !strings.HasSuffix(row, "\n") {
- row += "\n"
- }
+ row = report.NormalizeFormat(listFlag.format)
}
- format := hdr + "{{range . }}" + row + "{{end}}"
- tmpl, err := template.New("list").Parse(format)
- if err != nil {
- return err
- }
- tmpl = template.Must(tmpl, nil)
+
+ format := "{{range . }}" + row + "{{end}}"
+ tmpl := template.Must(template.New("list").Parse(format))
w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0)
defer w.Flush()
+
+ if !listFlag.noHeading {
+ if err := tmpl.Execute(w, hdrs); err != nil {
+ return err
+ }
+ }
+
return tmpl.Execute(w, imgs)
}
@@ -276,40 +285,27 @@ func sortFunc(key string, data []imageReporter) func(i, j int) bool {
}
}
-func imageListFormat(flags listFlagType) (string, string) {
- // Defaults
- hdr := "REPOSITORY\tTAG"
- row := "{{.Repository}}\t{{if .Tag}}{{.Tag}}{{else}}<none>{{end}}"
+func lsFormatFromFlags(flags listFlagType) string {
+ row := []string{
+ "{{if .Repository}}{{.Repository}}{{else}}<none>{{end}}",
+ "{{if .Tag}}{{.Tag}}{{else}}<none>{{end}}",
+ }
if flags.digests {
- hdr += "\tDIGEST"
- row += "\t{{.Digest}}"
+ row = append(row, "{{.Digest}}")
}
- hdr += "\tIMAGE ID"
- row += "\t{{.ID}}"
-
- hdr += "\tCREATED\tSIZE"
- row += "\t{{.Created}}\t{{.Size}}"
+ row = append(row, "{{.ID}}", "{{.Created}}", "{{.Size}}")
if flags.history {
- hdr += "\tHISTORY"
- row += "\t{{if .History}}{{.History}}{{else}}<none>{{end}}"
+ row = append(row, "{{if .History}}{{.History}}{{else}}<none>{{end}}")
}
if flags.readOnly {
- hdr += "\tReadOnly"
- row += "\t{{.ReadOnly}}"
- }
-
- if flags.noHeading {
- hdr = ""
- } else {
- hdr += "\n"
+ row = append(row, "{{.ReadOnly}}")
}
- row += "\n"
- return hdr, row
+ return strings.Join(row, "\t") + "\n"
}
type imageReporter struct {
diff --git a/cmd/podman/parse/json.go b/cmd/podman/parse/json.go
index 95a6633b8..40ac415db 100644
--- a/cmd/podman/parse/json.go
+++ b/cmd/podman/parse/json.go
@@ -2,8 +2,9 @@ package parse
import "regexp"
-var jsonFormatRegex = regexp.MustCompile(`^(\s*json\s*|\s*{{\s*json\s*\.\s*}}\s*)$`)
+var jsonFormatRegex = regexp.MustCompile(`^\s*(json|{{\s*json\s*( \.)?\s*}})\s*$`)
+// MatchesJSONFormat test CLI --format string to be a JSON request
func MatchesJSONFormat(s string) bool {
return jsonFormatRegex.Match([]byte(s))
}
diff --git a/cmd/podman/parse/json_test.go b/cmd/podman/parse/json_test.go
index 5cad185fd..ec3b5664b 100644
--- a/cmd/podman/parse/json_test.go
+++ b/cmd/podman/parse/json_test.go
@@ -1,6 +1,8 @@
package parse
import (
+ "fmt"
+ "strings"
"testing"
"github.com/stretchr/testify/assert"
@@ -13,18 +15,31 @@ func TestMatchesJSONFormat(t *testing.T) {
}{
{"json", true},
{" json", true},
- {"json ", true},
+ {" json ", true},
{" json ", true},
+ {"{{json}}", true},
+ {"{{json }}", true},
{"{{json .}}", true},
{"{{ json .}}", true},
- {"{{json . }}", true},
- {" {{ json . }} ", true},
- {"{{json }}", false},
- {"{{json .", false},
+ {"{{ json . }}", true},
+ {" {{ json . }} ", true},
+ {"{{ json .", false},
{"json . }}", false},
+ {"{{.ID }} json .", false},
+ {"json .", false},
+ {"{{json.}}", false},
}
for _, tt := range tests {
assert.Equal(t, tt.expected, MatchesJSONFormat(tt.input))
}
+
+ for _, tc := range tests {
+ tc := tc
+ label := "MatchesJSONFormat/" + strings.ReplaceAll(tc.input, " ", "_")
+ t.Run(label, func(t *testing.T) {
+ t.Parallel()
+ assert.Equal(t, tc.expected, MatchesJSONFormat(tc.input), fmt.Sprintf("Scanning %q failed", tc.input))
+ })
+ }
}
diff --git a/cmd/podman/report/format.go b/cmd/podman/report/format.go
new file mode 100644
index 000000000..32d92bec5
--- /dev/null
+++ b/cmd/podman/report/format.go
@@ -0,0 +1,68 @@
+package report
+
+import (
+ "reflect"
+ "strings"
+)
+
+// tableReplacer will remove 'table ' prefix and clean up tabs
+var tableReplacer = strings.NewReplacer(
+ "table ", "",
+ `\t`, "\t",
+ `\n`, "\n",
+ " ", "\t",
+)
+
+// escapedReplacer will clean up escaped characters from CLI
+var escapedReplacer = strings.NewReplacer(
+ `\t`, "\t",
+ `\n`, "\n",
+)
+
+// NormalizeFormat reads given go template format provided by CLI and munges it into what we need
+func NormalizeFormat(format string) string {
+ f := format
+ // two replacers used so we only remove the prefix keyword `table`
+ if strings.HasPrefix(f, "table ") {
+ f = tableReplacer.Replace(f)
+ } else {
+ f = escapedReplacer.Replace(format)
+ }
+
+ if !strings.HasSuffix(f, "\n") {
+ f += "\n"
+ }
+
+ return f
+}
+
+// Headers queries the interface for field names
+func Headers(object interface{}, overrides map[string]string) []map[string]string {
+ value := reflect.ValueOf(object)
+ if value.Kind() == reflect.Ptr {
+ value = value.Elem()
+ }
+
+ // Column header will be field name upper-cased.
+ headers := make(map[string]string, value.NumField())
+ for i := 0; i < value.Type().NumField(); i++ {
+ field := value.Type().Field(i)
+ // Recurse to find field names from promoted structs
+ if field.Type.Kind() == reflect.Struct && field.Anonymous {
+ h := Headers(reflect.New(field.Type).Interface(), nil)
+ for k, v := range h[0] {
+ headers[k] = v
+ }
+ continue
+ }
+ headers[field.Name] = strings.ToUpper(field.Name)
+ }
+
+ if len(overrides) > 0 {
+ // Override column header as provided
+ for k, v := range overrides {
+ headers[k] = strings.ToUpper(v)
+ }
+ }
+ return []map[string]string{headers}
+}
diff --git a/cmd/podman/report/format_test.go b/cmd/podman/report/format_test.go
new file mode 100644
index 000000000..7dd62e899
--- /dev/null
+++ b/cmd/podman/report/format_test.go
@@ -0,0 +1,35 @@
+package report
+
+import (
+ "strings"
+ "testing"
+)
+
+func TestNormalizeFormat(t *testing.T) {
+ cases := []struct {
+ format string
+ expected string
+ }{
+ {"table {{.ID}}", "{{.ID}}\n"},
+ {"table {{.ID}} {{.C}}", "{{.ID}}\t{{.C}}\n"},
+ {"{{.ID}}", "{{.ID}}\n"},
+ {"{{.ID}}\n", "{{.ID}}\n"},
+ {"{{.ID}} {{.C}}", "{{.ID}} {{.C}}\n"},
+ {"\t{{.ID}}", "\t{{.ID}}\n"},
+ {`\t` + "{{.ID}}", "\t{{.ID}}\n"},
+ {"table {{.ID}}\t{{.C}}", "{{.ID}}\t{{.C}}\n"},
+ {"{{.ID}} table {{.C}}", "{{.ID}} table {{.C}}\n"},
+ }
+ for _, tc := range cases {
+ tc := tc
+
+ label := strings.ReplaceAll(tc.format, " ", "<sp>")
+ t.Run("NormalizeFormat/"+label, func(t *testing.T) {
+ t.Parallel()
+ actual := NormalizeFormat(tc.format)
+ if actual != tc.expected {
+ t.Errorf("Expected %q, actual %q", tc.expected, actual)
+ }
+ })
+ }
+}
diff --git a/completions/bash/podman b/completions/bash/podman
index a83cfc790..e12862126 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -407,7 +407,7 @@ __podman_local_interfaces() {
__podman_complete_restart() {
case "$prev" in
--restart)
- COMPREPLY=( $( compgen -W "always no on-failure" -- "$cur") )
+ COMPREPLY=( $( compgen -W "always no on-failure unless-stopped" -- "$cur") )
return
;;
esac
diff --git a/contrib/cirrus/logformatter b/contrib/cirrus/logformatter
index f97638b6f..2ab8aa117 100755
--- a/contrib/cirrus/logformatter
+++ b/contrib/cirrus/logformatter
@@ -31,6 +31,12 @@ our $CSS = <<'END_CSS';
/* wrap long lines - don't require user to scroll right */
pre { line-break: normal; overflow-wrap: normal; white-space: pre-wrap; }
+/* synopsis table at top */
+table.synopsis { border: none; border-collapse: collapse; margin-left: 2em; margin-top: 2ex; }
+.synopsis th { font-weight: normal; font-size: 110%; text-align: right; }
+.synopsis td { font-weight: bold; font-size: 120%; font-family: monospace; }
+
+/* test results */
.boring { color: #999; }
.timestamp { color: #999; }
.log-debug { color: #999; }
@@ -171,9 +177,20 @@ window.addEventListener("load", scrollToBottom, false);
</script>
</head>
<body>
-<pre> <!-- begin processed output -->
END_HTML
+ # Synopsis of this job: show job environment, links to PR and Cirrus
+ print { $out_fh } "<h2>Synopsis</h2>\n<hr/>\n",
+ job_synopsis($test_name), "<hr/>\n";
+
+ # FOR DEBUGGING: dump environment, but in HTML comments to not clutter
+ print { $out_fh } "<!-- Environment: -->\n";
+ for my $e (sort keys %ENV) {
+ my $val = escapeHTML($ENV{$e});
+ $val =~ s/--/-&#x002D;/g; # double dash not valid in comments
+ printf { $out_fh } "<!-- %-20s %s -->\n", $e, $val;
+ }
+
# State variables
my $previous_timestamp = ''; # timestamp of previous line
my $cirrus_task; # Cirrus task number, used for linking
@@ -185,6 +202,8 @@ END_HTML
my $looks_like_bats; # binary flag: for detecting BATS results
my %bats_count; # For summary line: count of pass/fail/skip
+ print { $out_fh } "<pre> <!-- begin processed output -->\n";
+
# Main loop: read input, one line at a time, and write out reformatted
LINE:
while (my $line = <STDIN>) {
@@ -232,8 +251,9 @@ END_HTML
my $css;
# Readability: /long/path/to/podman -> podman (hover for full path)
- $line =~ s{^(#\s+(#|\$)\s+)(\S+/)(podman\S*)\s}
- {$1<span title="$3$4">$4</span> };
+ # Also make it boldface, to make commands stand out
+ $line =~ s{^(#\s+(#|\$)\s+)(\S+/)(podman\S*)(\s.*)}
+ {$1<b><span title="$3$4">$4</span>$5</b>};
if ($line =~ /^ok\s.*\s# skip/) { $css = 'skipped' }
elsif ($line =~ /^ok\s/) { $css = 'passed' }
@@ -470,6 +490,83 @@ sub make_id {
}
+###############################################################################
+# BEGIN job_synopsis and related helpers
+
+##################
+# job_synopsis # Job details, links to github/cirrus
+##################
+sub job_synopsis {
+ my $subtest_name = shift; # e.g. integration_test
+
+ my $s = <<"END_SYNOPSIS";
+<table class="synopsis">
+END_SYNOPSIS
+
+ # PR 1234 - title of the pr
+ my $pr_title = escapeHTML(_env_replace("{CIRRUS_CHANGE_TITLE}"));
+ $s .= _tr("Github PR", sprintf("%s - %s",
+ _a("{CIRRUS_PR}", "https://{CIRRUS_REPO_CLONE_HOST}/{CIRRUS_REPO_FULL_NAME}/pull/{CIRRUS_PR}"),
+ $pr_title));
+
+ # PR author, if signed-off-by
+ if (my $msg = _env_replace("{CIRRUS_COMMIT_MESSAGE}")) {
+ while ($msg =~ /^Signed-off-by:\s+(\S.*\S)$/gmi) {
+ $s .= _tr("Author", escapeHTML($1));
+ }
+ }
+
+ # eg "test fedora", "special_testing_rootless"
+ my $test_name = _env_replace("{CIRRUS_TASK_NAME}");
+ if (my $rcli = $ENV{RCLI}) {
+ $test_name .= " [remote]" if $rcli eq 'true';
+ }
+ else {
+ $test_name .= " [no RCLI; cannot determine remote/local]";
+ }
+ $s .= _tr("Test name", $test_name);
+
+ # Subtest, e.g. system_test
+ $s .= _tr("Subtest", $subtest_name);
+
+ # Link to further Cirrus results, e.g. other runs.
+ # Build is mostly boring, it's usually TASK that we want to see.
+ $s .= _tr("Cirrus Build ID", "<small>" . _a("{CIRRUS_BUILD_ID}", "https://cirrus-ci.com/build/{CIRRUS_BUILD_ID}") . "</small>");
+ $s .= _tr("Cirrus <b>Task</b> ID", _a("{CIRRUS_TASK_ID}", "https://cirrus-ci.com/task/{CIRRUS_TASK_ID}"));
+
+ # "none", "rootless"
+ $s .= _tr("Special mode", _env_replace("{SPECIALMODE}"));
+
+ $s .= "</table>\n";
+ return $s;
+}
+
+
+sub _tr {
+ my ($th, $td) = @_;
+ return "<tr><th>$th:</th><td>$td</td></tr>\n";
+}
+
+sub _a {
+ my ($name, $href) = map { _env_replace($_) } @_;
+
+ if ($href =~ /UNDEFINED/) {
+ return "$name ($href)";
+ }
+ return "<a href='$href'>$name</a>";
+}
+
+sub _env_replace {
+ my $s_in = shift;
+
+ $s_in =~ s[\{(.*?)\}][$ENV{$1} || "[$1 UNDEFINED]"]ge;
+
+ return $s_in;
+}
+
+# END job_synopsis and related helpers
+###############################################################################
+# BEGIN html-formatting helpers
sub escapeHTML {
my $s = shift;
@@ -492,5 +589,7 @@ sub unescapeHTML {
return $s;
}
+# END html-formatting helpers
+###############################################################################
1;
diff --git a/contrib/cirrus/logformatter.t b/contrib/cirrus/logformatter.t
index 2075bff96..bd4179b5e 100755
--- a/contrib/cirrus/logformatter.t
+++ b/contrib/cirrus/logformatter.t
@@ -96,7 +96,7 @@ ok 4 blah
<span class='bats-passed'><a name='t--00001'>ok 1 hi</a></span>
<span class='bats-skipped'><a name='t--00002'>ok 2 bye # skip no reason</a></span>
<span class='bats-failed'><a name='t--00003'>not ok 3 fail</a></span>
-<span class='bats-log'># $ <span title="/path/to/podman">podman</span> foo -bar</span>
+<span class='bats-log'># $ <b><span title="/path/to/podman">podman</span> foo -bar</b></span>
<span class='bats-log-esm'># #| FAIL: exit code is 123; expected 321</span>
<span class='bats-passed'><a name='t--00004'>ok 4 blah</a></span>
<hr/><span class='bats-summary'>Summary: <span class='bats-passed'>2 Passed</span>, <span class='bats-failed'>1 Failed</span>, <span class='bats-skipped'>1 Skipped</span>. Total tests: 4</span>
@@ -147,11 +147,11 @@ $SCRIPT_BASE/integration_test.sh |&amp; ${TIMESTAMP}
<pre>
<span class="timestamp">[+0103s] </span>Podman pod restart
<span class="timestamp"> </span><a name='t--podman-pod-restart-single-empty-pod--1'><h2> podman pod restart single empty pod</h2></a>
-<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L41'>/containers/libpod/test/e2e/pod_restart_test.go:41</a>
+<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L41'>/containers/podman/test/e2e/pod_restart_test.go:41</a>
<span class="timestamp"> </span>[BeforeEach] Podman pod restart
-<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L18'>/containers/libpod/test/e2e/pod_restart_test.go:18</a>
+<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L18'>/containers/podman/test/e2e/pod_restart_test.go:18</a>
<span class="timestamp"> </span>[It] podman pod restart single empty pod
-<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L41'>/containers/libpod/test/e2e/pod_restart_test.go:41</a>
+<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L41'>/containers/podman/test/e2e/pod_restart_test.go:41</a>
<span class="timestamp"> </span>Running: <span title="/var/tmp/go/src/github.com/containers/podman/bin/podman"><b>podman</b></span> <span class="boring" title="--storage-opt vfs.imagestore=/tmp/podman/imagecachedir
--root /tmp/podman_test553496330/crio
--runroot /tmp/podman_test553496330/crio-run
@@ -176,7 +176,7 @@ $SCRIPT_BASE/integration_test.sh |&amp; ${TIMESTAMP}
<span class="timestamp"> </span><span class='log-warn'>Error: no containers in pod 4810be0cfbd42241e349dbe7d50fbc54405cd320a6637c65fd5323f34d64af89 have no dependencies, cannot start pod: no such container</span>
<span class="timestamp"> </span>output:
<span class="timestamp"> </span>[AfterEach] Podman pod restart
-<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L28'>/containers/libpod/test/e2e/pod_restart_test.go:28</a>
+<span class="timestamp"> </span> /var/tmp/go/src/github.com<a class="codelink" href='https://github.com/containers/podman/blob/40f5d8b1becd381c4e8283ed3940d09193e4fe06/test/e2e/pod_restart_test.go#L28'>/containers/podman/test/e2e/pod_restart_test.go:28</a>
<span class="timestamp"> </span>Running: <span title="/var/tmp/go/src/github.com/containers/podman/bin/podman"><b>podman</b></span> <span class="boring" title="--storage-opt vfs.imagestore=/tmp/podman/imagecachedir
--root /tmp/podman_test553496330/crio
--runroot /tmp/podman_test553496330/crio-run
diff --git a/contrib/imgprune/Dockerfile b/contrib/imgprune/Dockerfile
deleted file mode 100644
index b0dc77da5..000000000
--- a/contrib/imgprune/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM quay.io/libpod/imgts:latest
-
-RUN yum -y update && \
- yum clean all
-
-COPY /contrib/imgprune/entrypoint.sh /usr/local/bin/entrypoint.sh
-RUN chmod 755 /usr/local/bin/entrypoint.sh
diff --git a/contrib/imgprune/README.md b/contrib/imgprune/README.md
deleted file mode 100644
index 48abc2028..000000000
--- a/contrib/imgprune/README.md
+++ /dev/null
@@ -1,11 +0,0 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
-
-A container image for maintaining the collection of
-VM images used by CI/CD on this project and several others.
-Acts upon metadata maintained by the imgts container.
-
-Example build (from repository root):
-
-```bash
-sudo podman build -t $IMAGE_NAME -f contrib/imgprune/Dockerfile .
-```
diff --git a/contrib/imgprune/entrypoint.sh b/contrib/imgprune/entrypoint.sh
deleted file mode 100755
index fd80d9b26..000000000
--- a/contrib/imgprune/entrypoint.sh
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-source /usr/local/bin/lib_entrypoint.sh
-
-req_env_var GCPJSON GCPNAME GCPPROJECT IMGNAMES
-
-unset BASE_IMAGES
-# When executing under Cirrus-CI, script have access to current source
-LIB="$CIRRUS_WORKING_DIR/$SCRIPT_BASE/lib.sh"
-if [[ "$CI" == "true" ]] && [[ -r "$LIB" ]]
-then
- # Avoid importing anything that might conflict
- for env in $(sed -ne 's/^[^#]\+_BASE_IMAGE=/img=/p' "$LIB")
- do
- eval $env
- BASE_IMAGES="$BASE_IMAGES $img"
- done
-else
- # metadata labeling may have broken for some reason in the future
- echo "Warning: Running outside of Cirrus-CI, very minor-risk of base-image deletion."
-fi
-
-gcloud_init
-
-# For safety's sake + limit nr background processes
-PRUNE_LIMIT=5
-THEFUTURE=$(date --date='+1 hour' +%s)
-TOO_OLD='30 days ago'
-THRESHOLD=$(date --date="$TOO_OLD" +%s)
-# Format Ref: https://cloud.google.com/sdk/gcloud/reference/topic/formats
-FORMAT='value[quote](name,selfLink,creationTimestamp,labels)'
-PROJRE="/v1/projects/$GCPPROJECT/global/"
-RECENTLY=$(date --date='3 days ago' --iso-8601=date)
-# Filter Ref: https://cloud.google.com/sdk/gcloud/reference/topic/filters
-FILTER="selfLink~$PROJRE AND creationTimestamp<$RECENTLY AND NOT name=($IMGNAMES $BASE_IMAGES)"
-TODELETE=$(mktemp -p '' todelete.XXXXXX)
-IMGCOUNT=$(mktemp -p '' imgcount.XXXXXX)
-
-# Search-loop runs in a sub-process, must store count in file
-echo "0" > "$IMGCOUNT"
-count_image() {
- local count
- count=$(<"$IMGCOUNT")
- let 'count+=1'
- echo "$count" > "$IMGCOUNT"
-}
-
-echo "Using filter: $FILTER"
-echo "Searching images for pruning candidates older than $TOO_OLD ($(date --date="$TOO_OLD" --iso-8601=date)):"
-$GCLOUD compute images list --format="$FORMAT" --filter="$FILTER" | \
- while read name selfLink creationTimestamp labels
- do
- count_image
- created_ymd=$(date --date=$creationTimestamp --iso-8601=date)
- last_used=$(egrep --only-matching --max-count=1 'last-used=[[:digit:]]+' <<< $labels || true)
- markmsgpfx="Marking $name (created $created_ymd) for deletion"
- if [[ -z "$last_used" ]]
- then # image pre-dates addition of tracking labels
- echo "$markmsgpfx: Missing 'last-used' metadata, labels: '$labels'"
- echo "$name" >> $TODELETE
- continue
- fi
-
- last_used_timestamp=$(date --date=@$(cut -d= -f2 <<< $last_used || true) +%s || true)
- last_used_ymd=$(date --date=@$last_used_timestamp --iso-8601=date)
- if [[ -z "$last_used_timestamp" ]] || [[ "$last_used_timestamp" -ge "$THEFUTURE" ]]
- then
- echo "$markmsgpfx: Missing or invalid last-used timestamp: '$last_used_timestamp'"
- echo "$name" >> $TODELETE
- continue
- fi
-
- if [[ "$last_used_timestamp" -le "$THRESHOLD" ]]
- then
- echo "$markmsgpfx: Used over $TOO_OLD on $last_used_ymd"
- echo "$name" >> $TODELETE
- continue
- fi
- done
-
-COUNT=$(<"$IMGCOUNT")
-echo "########################################################################"
-echo "Deleting up to $PRUNE_LIMIT images marked ($(wc -l < $TODELETE)) of all searched ($COUNT):"
-
-# Require a minimum number of images to exist
-NEED="$[$PRUNE_LIMIT*2]"
-if [[ "$COUNT" -lt "$NEED" ]]
-then
- die 0 Safety-net Insufficient images \($COUNT\) to process deletions \($NEED\)
- exit 0
-fi
-
-for image_name in $(sort --random-sort $TODELETE | tail -$PRUNE_LIMIT)
-do
- if echo "$IMGNAMES $BASE_IMAGES" | grep -q "$image_name"
- then
- # double-verify in-use images were filtered out in search loop above
- die 8 FATAL ATTEMPT TO DELETE IN-USE IMAGE \'$image_name\' - THIS SHOULD NEVER HAPPEN
- fi
- echo "Deleting $image_name in parallel..."
- $GCLOUD compute images delete $image_name &
-done
-
-wait || true # Nothing to delete: No background jobs
diff --git a/contrib/imgts/Dockerfile b/contrib/imgts/Dockerfile
deleted file mode 100644
index deaadb899..000000000
--- a/contrib/imgts/Dockerfile
+++ /dev/null
@@ -1,20 +0,0 @@
-FROM centos:7
-
-# Only needed for installing build-time dependencies
-COPY /contrib/imgts/google-cloud-sdk.repo /etc/yum.repos.d/google-cloud-sdk.repo
-RUN yum -y update && \
- yum -y install epel-release && \
- yum -y install google-cloud-sdk && \
- yum clean all
-
-ENV GCPJSON="__unknown__" \
- GCPNAME="__unknown__" \
- GCPPROJECT="__unknown__" \
- IMGNAMES="__unknown__" \
- BUILDID="__unknown__" \
- REPOREF="__unknown__"
-
-COPY ["/contrib/imgts/entrypoint.sh", "/contrib/imgts/lib_entrypoint.sh", "/usr/local/bin/"]
-RUN chmod 755 /usr/local/bin/entrypoint.sh
-
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/contrib/imgts/README.md b/contrib/imgts/README.md
deleted file mode 100644
index ad5ed4172..000000000
--- a/contrib/imgts/README.md
+++ /dev/null
@@ -1,11 +0,0 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
-
-A container image for tracking automation metadata.
-Currently this is used to update last-used timestamps on
-VM images.
-
-Example build (from repository root):
-
-```bash
-sudo podman build -t $IMAGE_NAME -f contrib/imgts/Dockerfile .
-```
diff --git a/contrib/imgts/entrypoint.sh b/contrib/imgts/entrypoint.sh
deleted file mode 100755
index b089e1e9b..000000000
--- a/contrib/imgts/entrypoint.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-source /usr/local/bin/lib_entrypoint.sh
-
-req_env_var GCPJSON GCPNAME GCPPROJECT IMGNAMES BUILDID REPOREF
-
-gcloud_init
-
-ARGS="
- --update-labels=last-used=$(date +%s)
- --update-labels=build-id=$BUILDID
- --update-labels=repo-ref=$REPOREF
- --update-labels=project=$GCPPROJECT
-"
-
-for image in $IMGNAMES
-do
- $GCLOUD compute images update "$image" $ARGS &
-done
-
-wait || echo "Warning: No \$IMGNAMES were specified."
diff --git a/contrib/imgts/google-cloud-sdk.repo b/contrib/imgts/google-cloud-sdk.repo
deleted file mode 100644
index 45b1e43bb..000000000
--- a/contrib/imgts/google-cloud-sdk.repo
+++ /dev/null
@@ -1,8 +0,0 @@
-[google-cloud-sdk]
-name=Google Cloud SDK
-baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64
-enabled=1
-gpgcheck=1
-repo_gpgcheck=1
-gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
- https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
diff --git a/contrib/imgts/lib_entrypoint.sh b/contrib/imgts/lib_entrypoint.sh
deleted file mode 100644
index 6eb5cdc2f..000000000
--- a/contrib/imgts/lib_entrypoint.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-RED="\e[1;36;41m"
-YEL="\e[1;33;44m"
-NOR="\e[0m"
-SENTINEL="__unknown__" # default set in dockerfile
-# Disable all input prompts
-# https://cloud.google.com/sdk/docs/scripting-gcloud
-GCLOUD="gcloud --quiet"
-
-die() {
- EXIT=$1
- PFX=$2
- shift 2
- MSG="$@"
- echo -e "${RED}${PFX}:${NOR} ${YEL}$MSG${NOR}"
- [[ "$EXIT" -eq "0" ]] || exit "$EXIT"
-}
-
-# Pass in a list of one or more envariable names; exit non-zero with
-# helpful error message if any value is empty
-req_env_var() {
- for i; do
- if [[ -z "${!i}" ]]
- then
- die 1 FATAL entrypoint.sh requires \$$i to be non-empty.
- elif [[ "${!i}" == "$SENTINEL" ]]
- then
- die 2 FATAL entrypoint.sh requires \$$i to be explicitly set.
- fi
- done
-}
-
-gcloud_init() {
- set +xe
- if [[ -n "$1" ]] && [[ -r "$1" ]]
- then
- TMPF="$1"
- else
- TMPF=$(mktemp -p '' .$(uuidgen)_XXXX.json)
- trap "rm -f $TMPF &> /dev/null" EXIT
- echo "$GCPJSON" > $TMPF
- fi
- $GCLOUD auth activate-service-account --project="$GCPPROJECT" --key-file="$TMPF" || \
- die 5 FATAL auth
- rm -f $TMPF &> /dev/null || true # ignore any read-only error
-}
diff --git a/contrib/upldrel/Dockerfile b/contrib/upldrel/Dockerfile
deleted file mode 100644
index 54a58c521..000000000
--- a/contrib/upldrel/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM quay.io/libpod/imgts:latest
-
-RUN yum -y update && \
- yum -y install unzip && \
- rpm -V unzip && \
- yum clean all
-
-COPY /contrib/upldrel/entrypoint.sh /usr/local/bin/entrypoint.sh
-RUN chmod 755 /usr/local/bin/entrypoint.sh
diff --git a/contrib/upldrel/README.md b/contrib/upldrel/README.md
deleted file mode 100644
index 41f5ffef0..000000000
--- a/contrib/upldrel/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-![PODMAN logo](../../logo/podman-logo-source.svg)
-
-A container image for canonical-naming and uploading of
-libpod and remote-client archives. Only intended to ever
-be used by CI/CD, and depends heavily on an embedded
-`release.txt` file produced by `make`.
-
-Build script: [../cirrus/build_release.sh](../cirrus/build_release.sh)
-Upload script: [../cirrus/upload_release_archive.sh](../cirrus/upload_release_archive.sh)
diff --git a/contrib/upldrel/entrypoint.sh b/contrib/upldrel/entrypoint.sh
deleted file mode 100755
index 6eb1b8f94..000000000
--- a/contrib/upldrel/entrypoint.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-source /usr/local/bin/lib_entrypoint.sh
-
-req_env_var GCPJSON_FILEPATH GCPNAME GCPPROJECT BUCKET FROM_FILEPATH TO_FILENAME
-
-[[ -r "$FROM_FILEPATH" ]] || \
- die 2 ERROR Cannot read release archive file: "$FROM_FILEPATH"
-
-[[ -r "$GCPJSON_FILEPATH" ]] || \
- die 3 ERROR Cannot read GCP credentials file: "$GCPJSON_FILEPATH"
-
-echo "Authenticating to google cloud for upload"
-gcloud_init "$GCPJSON_FILEPATH"
-
-echo "Uploading archive as $TO_FILENAME"
-gsutil cp "$FROM_FILEPATH" "gs://$BUCKET/$TO_FILENAME"
-[[ -z "$ALSO_FILENAME" ]] || \
- gsutil cp "$FROM_FILEPATH" "gs://$BUCKET/$ALSO_FILENAME"
-
-echo "."
-echo "Release now available for download at:"
-echo " https://storage.googleapis.com/$BUCKET/$TO_FILENAME"
-[[ -z "$ALSO_FILENAME" ]] || \
- echo " https://storage.googleapis.com/$BUCKET/$ALSO_FILENAME"
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 4a8b311f0..28c340d2f 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -215,6 +215,10 @@ Note: if the user only has access rights via a group, accessing the device
from inside a rootless container will fail. The **crun**(1) runtime offers a
workaround for this by adding the option **--annotation run.oci.keep_original_groups=1**.
+Podman may load kernel modules required for using the specified
+device. The devices that podman will load modules when necessary are:
+/dev/fuse.
+
**--device-cgroup-rule**="type major:minor mode"
Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 47aa8827f..a27b1b175 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -231,6 +231,10 @@ Note: if the user only has access rights via a group, accessing the device
from inside a rootless container will fail. The **crun**(1) runtime offers a
workaround for this by adding the option **--annotation run.oci.keep_original_groups=1**.
+Podman may load kernel modules required for using the specified
+device. The devices that podman will load modules when necessary are:
+/dev/fuse.
+
**--device-cgroup-rule**=rule
Add a rule to the cgroup allowed devices list
diff --git a/go.mod b/go.mod
index 637777f5d..63dd84feb 100644
--- a/go.mod
+++ b/go.mod
@@ -11,8 +11,8 @@ require (
github.com/containerd/containerd v1.4.1 // indirect
github.com/containernetworking/cni v0.8.0
github.com/containernetworking/plugins v0.8.7
- github.com/containers/buildah v1.16.2
- github.com/containers/common v0.23.0
+ github.com/containers/buildah v1.16.4
+ github.com/containers/common v0.24.0
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.6.0
github.com/containers/psgo v1.5.1
diff --git a/go.sum b/go.sum
index c0c5006ab..219ec20df 100644
--- a/go.sum
+++ b/go.sum
@@ -70,11 +70,11 @@ github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjM
github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
github.com/containernetworking/plugins v0.8.7 h1:bU7QieuAp+sACI2vCzESJ3FoT860urYP+lThyZkb/2M=
github.com/containernetworking/plugins v0.8.7/go.mod h1:R7lXeZaBzpfqapcAbHRW8/CYwm0dHzbz0XEjofx0uB0=
-github.com/containers/buildah v1.16.2 h1:u8RA0r9sp3d5df/QRm0glG7L6ZN40UVJcYedwcZGt8w=
-github.com/containers/buildah v1.16.2/go.mod h1:i1XqXgpCROnfcq4oNtfrFEk7UzNDxLJ/PZ+CnPyoIq8=
+github.com/containers/buildah v1.16.4 h1:bxthp2FoGcpc2O/RyvbGUAZoefmc5hRBqWQi3BjRu7w=
+github.com/containers/buildah v1.16.4/go.mod h1:i1XqXgpCROnfcq4oNtfrFEk7UzNDxLJ/PZ+CnPyoIq8=
github.com/containers/common v0.21.0/go.mod h1:8w8SVwc+P2p1MOnRMbSKNWXt1Iwd2bKFu2LLZx55DTM=
-github.com/containers/common v0.23.0 h1:+g4mI3wUYSzOtoWU9TNVoV4K52/aN6JEz0qs1YdPEe8=
-github.com/containers/common v0.23.0/go.mod h1:E56/N0beWGf+lrrJX32atuo2hkjzHwSC8n1vCG+TAR0=
+github.com/containers/common v0.24.0 h1:5C03ROzmRvZCyooNJVkZ4Q8T2d04g+VVyPMQ428XC4Y=
+github.com/containers/common v0.24.0/go.mod h1:BFRo6uRh1TbkZgR2oYTILxc2BNZTBtBffa9xtu881QI=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.5.2/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM=
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index eba732d2a..514cdaee1 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -7,6 +7,7 @@ import (
"fmt"
"io"
"io/ioutil"
+ "math"
"net"
"os"
"os/user"
@@ -35,6 +36,7 @@ import (
"github.com/containers/podman/v2/pkg/util"
"github.com/containers/podman/v2/utils"
"github.com/containers/storage/pkg/archive"
+ "github.com/containers/storage/pkg/idtools"
securejoin "github.com/cyphar/filepath-securejoin"
runcuser "github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -416,9 +418,43 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// Look up and add groups the user belongs to, if a group wasn't directly specified
if !strings.Contains(c.config.User, ":") {
+ // the gidMappings that are present inside the container user namespace
+ var gidMappings []idtools.IDMap
+
+ switch {
+ case len(c.config.IDMappings.GIDMap) > 0:
+ gidMappings = c.config.IDMappings.GIDMap
+ case rootless.IsRootless():
+ // Check whether the current user namespace has enough gids available.
+ availableGids, err := rootless.GetAvailableGids()
+ if err != nil {
+ return nil, errors.Wrapf(err, "cannot read number of available GIDs")
+ }
+ gidMappings = []idtools.IDMap{{
+ ContainerID: 0,
+ HostID: 0,
+ Size: int(availableGids),
+ }}
+ default:
+ gidMappings = []idtools.IDMap{{
+ ContainerID: 0,
+ HostID: 0,
+ Size: math.MaxInt32,
+ }}
+ }
for _, gid := range execUser.Sgids {
- // FIXME: We need to add a flag to containers.conf to not add these for HPC Users.
- g.AddProcessAdditionalGid(uint32(gid))
+ isGidAvailable := false
+ for _, m := range gidMappings {
+ if gid >= m.ContainerID && gid < m.ContainerID+m.Size {
+ isGidAvailable = true
+ break
+ }
+ }
+ if isGidAvailable {
+ g.AddProcessAdditionalGid(uint32(gid))
+ } else {
+ logrus.Warnf("additional gid=%d is not present in the user namespace, skip setting it", gid)
+ }
}
}
diff --git a/libpod/container_log_linux.go b/libpod/container_log_linux.go
index 73c2df76e..d895171cf 100644
--- a/libpod/container_log_linux.go
+++ b/libpod/container_log_linux.go
@@ -33,7 +33,7 @@ const (
func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOptions, logChannel chan *logs.LogLine) error {
var config journal.JournalReaderConfig
if options.Tail < 0 {
- config.NumFromTail = math.MaxUint64
+ config.NumFromTail = 0
} else {
config.NumFromTail = uint64(options.Tail)
}
diff --git a/libpod/image/prune.go b/libpod/image/prune.go
index fcc65fb03..b38265a7e 100644
--- a/libpod/image/prune.go
+++ b/libpod/image/prune.go
@@ -125,29 +125,39 @@ func (ir *Runtime) PruneImages(ctx context.Context, all bool, filter []string) (
filterFuncs = append(filterFuncs, generatedFunc)
}
- pruneImages, err := ir.GetPruneImages(ctx, all, filterFuncs)
- if err != nil {
- return nil, errors.Wrap(err, "unable to get images to prune")
- }
- prunedCids := make([]string, 0, len(pruneImages))
- for _, p := range pruneImages {
- repotags, err := p.RepoTags()
+ pruned := []string{}
+ prev := 0
+ for {
+ toPrune, err := ir.GetPruneImages(ctx, all, filterFuncs)
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "unable to get images to prune")
}
- if err := p.Remove(ctx, true); err != nil {
- if errors.Cause(err) == storage.ErrImageUsedByContainer {
- logrus.Warnf("Failed to prune image %s as it is in use: %v.\nA container associated with containers/storage i.e. Buildah, CRI-O, etc., maybe associated with this image.\nUsing the rmi command with the --force option will remove the container and image, but may cause failures for other dependent systems.", p.ID(), err)
- continue
- }
- return nil, errors.Wrap(err, "failed to prune image")
+ numImages := len(toPrune)
+ if numImages == 0 || numImages == prev {
+ // If there's nothing left to do, return.
+ break
}
- defer p.newImageEvent(events.Prune)
- nameOrID := p.ID()
- if len(repotags) > 0 {
- nameOrID = repotags[0]
+ prev = numImages
+ for _, img := range toPrune {
+ repotags, err := img.RepoTags()
+ if err != nil {
+ return nil, err
+ }
+ if err := img.Remove(ctx, false); err != nil {
+ if errors.Cause(err) == storage.ErrImageUsedByContainer {
+ logrus.Warnf("Failed to prune image %s as it is in use: %v.\nA container associated with containers/storage (e.g., Buildah, CRI-O, etc.) maybe associated with this image.\nUsing the rmi command with the --force option will remove the container and image, but may cause failures for other dependent systems.", img.ID(), err)
+ continue
+ }
+ return nil, errors.Wrap(err, "failed to prune image")
+ }
+ defer img.newImageEvent(events.Prune)
+ nameOrID := img.ID()
+ if len(repotags) > 0 {
+ nameOrID = repotags[0]
+ }
+ pruned = append(pruned, nameOrID)
}
- prunedCids = append(prunedCids, nameOrID)
+
}
- return prunedCids, nil
+ return pruned, nil
}
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index 03c3ab061..5184ed393 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -90,19 +90,23 @@ func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) {
return final, nil
}
+var lvpRelabel = label.Relabel
+var lvpInitLabels = label.InitLabels
+var lvpReleaseLabel = label.ReleaseLabel
+
// LabelVolumePath takes a mount path for a volume and gives it an
// selinux label of either shared or not
func LabelVolumePath(path string) error {
- _, mountLabel, err := label.InitLabels([]string{})
+ _, mountLabel, err := lvpInitLabels([]string{})
if err != nil {
return errors.Wrapf(err, "error getting default mountlabels")
}
- if err := label.ReleaseLabel(mountLabel); err != nil {
+ if err := lvpReleaseLabel(mountLabel); err != nil {
return errors.Wrapf(err, "error releasing label %q", mountLabel)
}
- if err := label.Relabel(path, mountLabel, true); err != nil {
- if err != syscall.ENOTSUP {
+ if err := lvpRelabel(path, mountLabel, true); err != nil {
+ if err == syscall.ENOTSUP {
logrus.Debugf("Labeling not supported on %q", path)
} else {
return errors.Wrapf(err, "error setting selinux label for %s to %q as shared", path, mountLabel)
diff --git a/libpod/util_linux_test.go b/libpod/util_linux_test.go
new file mode 100644
index 000000000..5fcb04beb
--- /dev/null
+++ b/libpod/util_linux_test.go
@@ -0,0 +1,39 @@
+package libpod
+
+import (
+ "syscall"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestLabelVolumePath(t *testing.T) {
+ // Set up mocked SELinux functions for testing.
+ oldRelabel := lvpRelabel
+ oldInitLabels := lvpInitLabels
+ oldReleaseLabel := lvpReleaseLabel
+ defer func() {
+ lvpRelabel = oldRelabel
+ lvpInitLabels = oldInitLabels
+ lvpReleaseLabel = oldReleaseLabel
+ }()
+
+ // Relabel returns ENOTSUP unconditionally.
+ lvpRelabel = func(path string, fileLabel string, shared bool) error {
+ return syscall.ENOTSUP
+ }
+
+ // InitLabels and ReleaseLabel both return dummy values and nil errors.
+ lvpInitLabels = func(options []string) (string, string, error) {
+ pLabel := "system_u:system_r:container_t:s0:c1,c2"
+ mLabel := "system_u:object_r:container_file_t:s0:c1,c2"
+ return pLabel, mLabel, nil
+ }
+ lvpReleaseLabel = func(label string) error {
+ return nil
+ }
+
+ // LabelVolumePath should not return an error if the operation is unsupported.
+ err := LabelVolumePath("/foo/bar")
+ assert.NoError(t, err)
+}
diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go
index 940b57343..cc67ebcd1 100644
--- a/pkg/api/handlers/compat/images.go
+++ b/pkg/api/handlers/compat/images.go
@@ -20,9 +20,25 @@ import (
"github.com/containers/podman/v2/pkg/domain/entities"
"github.com/docker/docker/api/types"
"github.com/gorilla/schema"
+ "github.com/opencontainers/go-digest"
"github.com/pkg/errors"
)
+// mergeNameAndTagOrDigest creates an image reference as string from the
+// provided image name and tagOrDigest which can be a tag, a digest or empty.
+func mergeNameAndTagOrDigest(name, tagOrDigest string) string {
+ if len(tagOrDigest) == 0 {
+ return name
+ }
+
+ separator := ":" // default to tag
+ if _, err := digest.Parse(tagOrDigest); err == nil {
+ // We have a digest, so let's change the separator.
+ separator = "@"
+ }
+ return fmt.Sprintf("%s%s%s", name, separator, tagOrDigest)
+}
+
func ExportImage(w http.ResponseWriter, r *http.Request) {
// 200 ok
// 500 server
@@ -252,10 +268,7 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) {
return
}
- fromImage := query.FromImage
- if len(query.Tag) >= 1 {
- fromImage = fmt.Sprintf("%s:%s", fromImage, query.Tag)
- }
+ fromImage := mergeNameAndTagOrDigest(query.FromImage, query.Tag)
authConf, authfile, key, err := auth.GetCredentials(r)
if err != nil {
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index d56dc7d94..965c63bec 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -46,11 +46,7 @@ func (ir *ImageEngine) Exists(_ context.Context, nameOrID string) (*entities.Boo
}
func (ir *ImageEngine) Prune(ctx context.Context, opts entities.ImagePruneOptions) (*entities.ImagePruneReport, error) {
- return ir.pruneImagesHelper(ctx, opts.All, opts.Filter)
-}
-
-func (ir *ImageEngine) pruneImagesHelper(ctx context.Context, all bool, filters []string) (*entities.ImagePruneReport, error) {
- results, err := ir.Libpod.ImageRuntime().PruneImages(ctx, all, filters)
+ results, err := ir.Libpod.ImageRuntime().PruneImages(ctx, opts.All, opts.Filter)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/tunnel/helpers.go b/pkg/domain/infra/tunnel/helpers.go
index 5944f855a..7d28f1bd3 100644
--- a/pkg/domain/infra/tunnel/helpers.go
+++ b/pkg/domain/infra/tunnel/helpers.go
@@ -2,74 +2,118 @@ package tunnel
import (
"context"
- "strings"
"github.com/containers/podman/v2/libpod/define"
"github.com/containers/podman/v2/pkg/bindings"
"github.com/containers/podman/v2/pkg/bindings/containers"
"github.com/containers/podman/v2/pkg/bindings/pods"
"github.com/containers/podman/v2/pkg/domain/entities"
- "github.com/containers/podman/v2/pkg/util"
+ "github.com/containers/podman/v2/pkg/errorhandling"
"github.com/pkg/errors"
)
+// FIXME: the `ignore` parameter is very likely wrong here as it should rather
+// be used on *errors* from operations such as remove.
func getContainersByContext(contextWithConnection context.Context, all, ignore bool, namesOrIDs []string) ([]entities.ListContainer, error) {
- var (
- cons []entities.ListContainer
- )
if all && len(namesOrIDs) > 0 {
return nil, errors.New("cannot lookup containers and all")
}
- c, err := containers.List(contextWithConnection, nil, bindings.PTrue, nil, nil, bindings.PTrue)
+
+ allContainers, err := containers.List(contextWithConnection, nil, bindings.PTrue, nil, nil, bindings.PTrue)
if err != nil {
return nil, err
}
if all {
- return c, err
+ return allContainers, err
}
- for _, id := range namesOrIDs {
- var found bool
- for _, con := range c {
- if id == con.ID || strings.HasPrefix(con.ID, id) || util.StringInSlice(id, con.Names) {
- cons = append(cons, con)
+
+ // Note: it would be nicer if the lists endpoint would support that as
+ // we could use the libpod backend for looking up containers rather
+ // than risking diverging the local and remote lookups.
+ //
+ // A `--filter nameOrId=abc` that can be specified multiple times would
+ // be awesome to have.
+ filtered := []entities.ListContainer{}
+ for _, nameOrID := range namesOrIDs {
+ // First determine if the container exists by doing an inspect.
+ // Inspect takes supports names and IDs and let's us determine
+ // a containers full ID.
+ inspectData, err := containers.Inspect(contextWithConnection, nameOrID, bindings.PFalse)
+ if err != nil {
+ if ignore && errorhandling.Contains(err, define.ErrNoSuchCtr) {
+ continue
+ }
+ return nil, err
+ }
+
+ // Now we can do a full match of the ID to find the right
+ // container. Note that we *really* need a full ID match to
+ // prevent any ambiguities between IDs and names (see #7837).
+ found := false
+ for _, ctr := range allContainers {
+ if ctr.ID == inspectData.ID {
+ filtered = append(filtered, ctr)
found = true
break
}
+
}
+
if !found && !ignore {
- return nil, errors.Wrapf(define.ErrNoSuchCtr, "unable to find container %q", id)
+ return nil, errors.Wrapf(define.ErrNoSuchCtr, "unable to find container %q", nameOrID)
}
}
- return cons, nil
+ return filtered, nil
}
func getPodsByContext(contextWithConnection context.Context, all bool, namesOrIDs []string) ([]*entities.ListPodsReport, error) {
- var (
- sPods []*entities.ListPodsReport
- )
if all && len(namesOrIDs) > 0 {
return nil, errors.New("cannot lookup specific pods and all")
}
- fPods, err := pods.List(contextWithConnection, nil)
+ allPods, err := pods.List(contextWithConnection, nil)
if err != nil {
return nil, err
}
if all {
- return fPods, nil
+ return allPods, nil
}
+
+ filtered := []*entities.ListPodsReport{}
+ // Note: it would be nicer if the lists endpoint would support that as
+ // we could use the libpod backend for looking up pods rather than
+ // risking diverging the local and remote lookups.
+ //
+ // A `--filter nameOrId=abc` that can be specified multiple times would
+ // be awesome to have.
for _, nameOrID := range namesOrIDs {
- var found bool
- for _, f := range fPods {
- if f.Name == nameOrID || strings.HasPrefix(f.Id, nameOrID) {
- sPods = append(sPods, f)
+ // First determine if the pod exists by doing an inspect.
+ // Inspect takes supports names and IDs and let's us determine
+ // a containers full ID.
+ inspectData, err := pods.Inspect(contextWithConnection, nameOrID)
+ if err != nil {
+ if errorhandling.Contains(err, define.ErrNoSuchPod) {
+ return nil, errors.Wrapf(define.ErrNoSuchPod, "unable to find pod %q", nameOrID)
+ }
+ return nil, err
+ }
+
+ // Now we can do a full match of the ID to find the right pod.
+ // Note that we *really* need a full ID match to prevent any
+ // ambiguities between IDs and names (see #7837).
+ found := false
+ for _, pod := range allPods {
+ if pod.Id == inspectData.ID {
+ filtered = append(filtered, pod)
found = true
break
}
+
}
+
if !found {
return nil, errors.Wrapf(define.ErrNoSuchPod, "unable to find pod %q", nameOrID)
}
}
- return sPods, nil
+ return filtered, nil
}
diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go
index d02721ea9..799c793d8 100644
--- a/pkg/rootless/rootless.go
+++ b/pkg/rootless/rootless.go
@@ -2,8 +2,10 @@ package rootless
import (
"os"
+ "sync"
"github.com/containers/storage"
+ "github.com/opencontainers/runc/libcontainer/user"
"github.com/pkg/errors"
)
@@ -46,3 +48,26 @@ func TryJoinPauseProcess(pausePidPath string) (bool, int, error) {
}
return became, ret, err
}
+
+var (
+ availableGids int64
+ availableGidsErr error
+ availableGidsOnce sync.Once
+)
+
+// GetAvailableGids returns how many GIDs are available in the
+// current user namespace.
+func GetAvailableGids() (int64, error) {
+ availableGidsOnce.Do(func() {
+ idMap, err := user.ParseIDMapFile("/proc/self/gid_map")
+ if err != nil {
+ availableGidsErr = err
+ return
+ }
+ availableGids = int64(0)
+ for _, r := range idMap {
+ availableGids += r.Count
+ }
+ })
+ return availableGids, availableGidsErr
+}
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go
index 1d5dcd8e7..fac02ad01 100644
--- a/pkg/specgen/generate/config_linux.go
+++ b/pkg/specgen/generate/config_linux.go
@@ -248,6 +248,13 @@ func addDevice(g *generate.Generator, device string) error {
}
g.Config.Mounts = append(g.Config.Mounts, devMnt)
return nil
+ } else if src == "/dev/fuse" {
+ // if the user is asking for fuse inside the container
+ // make sure the module is loaded.
+ f, err := unix.Open(src, unix.O_RDONLY|unix.O_NONBLOCK, 0)
+ if err == nil {
+ unix.Close(f)
+ }
}
dev.Path = dst
g.AddDevice(*dev)
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index b57ddf1aa..f02432f5b 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -10,7 +10,6 @@ import (
"github.com/containers/podman/v2/libpod/image"
"github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/podman/v2/pkg/specgen"
- "github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
@@ -200,7 +199,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
}
gid5Available := true
if isRootless {
- nGids, err := GetAvailableGids()
+ nGids, err := rootless.GetAvailableGids()
if err != nil {
return nil, err
}
@@ -360,15 +359,3 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
return configSpec, nil
}
-
-func GetAvailableGids() (int64, error) {
- idMap, err := user.ParseIDMapFile("/proc/self/gid_map")
- if err != nil {
- return 0, err
- }
- count := int64(0)
- for _, r := range idMap {
- count += r.Count
- }
- return count, nil
-}
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index a204df65c..bdc298ae3 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -39,7 +39,11 @@ t GET images/$iid/json 200 \
.Id=sha256:$iid \
.RepoTags[0]=$IMAGE
-#t POST images/create fromImage=alpine 201 foo
+t POST "images/create?fromImage=alpine" '' 200
+
+t POST "images/create?fromImage=alpine&tag=latest" '' 200
+
+t POST "images/create?fromImage=docker.io/library/alpine&tag=sha256:acd3ca9941a85e8ed16515bfc5328e4e2f8c128caa72959a58a127b7801ee01f" '' 200
# Display the image history
t GET libpod/images/nonesuch/history 404
diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go
index bcbfdd80a..49f5f0ce6 100644
--- a/test/e2e/info_test.go
+++ b/test/e2e/info_test.go
@@ -50,15 +50,17 @@ var _ = Describe("Podman Info", func() {
{"{{ json .}}", true, 0},
{"{{json . }}", true, 0},
{" {{ json . }} ", true, 0},
- {"{{json }}", false, 125},
+ {"{{json }}", true, 0},
{"{{json .", false, 125},
- {"json . }}", false, 0}, // Note: this does NOT fail but produces garbage
+ {"json . }}", false, 0}, // without opening {{ template seen as string literal
}
for _, tt := range tests {
session := podmanTest.Podman([]string{"info", "--format", tt.input})
session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(tt.exitCode))
- Expect(session.IsJSONOutputValid()).To(Equal(tt.success))
+
+ desc := fmt.Sprintf("JSON test(%q)", tt.input)
+ Expect(session).Should(Exit(tt.exitCode), desc)
+ Expect(session.IsJSONOutputValid()).To(Equal(tt.success), desc)
}
})
diff --git a/test/e2e/logs_test.go b/test/e2e/logs_test.go
index 3aa3cf409..67ab71d20 100644
--- a/test/e2e/logs_test.go
+++ b/test/e2e/logs_test.go
@@ -203,6 +203,7 @@ var _ = Describe("Podman logs", func() {
results.WaitWithDefaultTimeout()
Expect(results).To(Exit(0))
Expect(len(results.OutputToStringArray())).To(Equal(3))
+ Expect(results.OutputToString()).To(Equal("podman podman podman"))
})
It("using journald tail two lines", func() {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 292df529c..05aede122 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -67,6 +67,30 @@ var _ = Describe("Podman run", func() {
Expect(session.ExitCode()).To(Equal(0))
})
+ It("podman run --rm with --restart", func() {
+ session := podmanTest.Podman([]string{"run", "--rm", "--restart", "", ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--rm", "--restart", "no", ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ // the --rm option conflicts with --restart, when the restartPolicy is not "" and "no"
+ // so the exitCode should not equal 0
+ session = podmanTest.Podman([]string{"run", "--rm", "--restart", "on-failure", ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+
+ session = podmanTest.Podman([]string{"run", "--rm", "--restart", "always", ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+
+ session = podmanTest.Podman([]string{"run", "--rm", "--restart", "unless-stopped", ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+ })
+
It("podman run a container based on on a short name with localhost", func() {
tag := podmanTest.Podman([]string{"tag", nginx, "localhost/libpod/alpine_nginx:latest"})
tag.WaitWithDefaultTimeout()
diff --git a/test/e2e/version_test.go b/test/e2e/version_test.go
index 695cccc11..903748b58 100644
--- a/test/e2e/version_test.go
+++ b/test/e2e/version_test.go
@@ -1,6 +1,7 @@
package integration
import (
+ "fmt"
"os"
. "github.com/containers/podman/v2/test/utils"
@@ -68,15 +69,17 @@ var _ = Describe("Podman version", func() {
{"{{ json .}}", true, 0},
{"{{json . }}", true, 0},
{" {{ json . }} ", true, 0},
- {"{{json }}", false, 125},
+ {"{{json }}", true, 0},
{"{{json .", false, 125},
- {"json . }}", false, 0}, // Note: this does NOT fail but produces garbage
+ {"json . }}", false, 0}, // without opening {{ template seen as string literal
}
for _, tt := range tests {
session := podmanTest.Podman([]string{"version", "--format", tt.input})
session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(tt.exitCode))
- Expect(session.IsJSONOutputValid()).To(Equal(tt.success))
+
+ desc := fmt.Sprintf("JSON test(%q)", tt.input)
+ Expect(session).Should(Exit(tt.exitCode), desc)
+ Expect(session.IsJSONOutputValid()).To(Equal(tt.success), desc)
}
})
diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
index cbb2091e5..130bc5243 100644
--- a/test/system/035-logs.bats
+++ b/test/system/035-logs.bats
@@ -50,4 +50,15 @@ ${cid[1]} c
${cid[0]} d" "Sequential output from logs"
}
+@test "podman logs over journald" {
+ msg=$(random_string 20)
+
+ run_podman run --name myctr --log-driver journald $IMAGE echo $msg
+
+ run_podman logs myctr
+ is "$output" "$msg" "check that log output equals the container output"
+
+ run_podman rm myctr
+}
+
# vim: filetype=sh
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 150626ded..a923402ac 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -82,6 +82,8 @@ load helpers
# "network create" now works rootless, with the help of a special container
@test "podman network create" {
+ skip_if_remote "FIXME: pending #7808"
+
local mynetname=testnet-$(random_string 10)
local mysubnet=$(random_rfc1918_subnet)
diff --git a/vendor/github.com/containers/buildah/.golangci.yml b/vendor/github.com/containers/buildah/.golangci.yml
index 888d89afa..f8247f049 100644
--- a/vendor/github.com/containers/buildah/.golangci.yml
+++ b/vendor/github.com/containers/buildah/.golangci.yml
@@ -7,38 +7,26 @@ run:
# Don't exceed number of threads available when running under CI
concurrency: 4
linters:
- disable-all: true
- enable:
- - bodyclose
+ enable-all: true
+ disable:
+ # All these break for one reason or another
- deadcode
- depguard
- dupl
- errcheck
- - gofmt
- - goimports
+ - gochecknoglobals
+ - gochecknoinits
+ - goconst
+ - gocritic
+ - gocyclo
- golint
- # Broken? Unpredictably dies w/o any error well before deadline/timeout expires
- # - gosimple
- - govet
- - ineffassign
- - interfacer
- - misspell
- - nakedret
- - staticcheck
+ - gosec
+ - gosimple
+ - lll
+ - maligned
+ - prealloc
+ - scopelint
- structcheck
- - stylecheck
- typecheck
- unconvert
- - unparam
- - unused
- varcheck
- # - gochecknoglobals
- # - gochecknoinits
- # - goconst
- # - gocritic
- # - gocyclo
- # - gosec
- # - lll
- # - maligned
- # - prealloc
- # - scopelint
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 6168dc317..ca6a98889 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,10 +2,21 @@
# Changelog
+## v1.16.4 (2020-10-01)
+ ADD: only expand archives at the right time
+
+## v1.16.3 (2020-09-30)
+ Lint: Use same linters as podman
+ add: preserve ownerships and permissions on ADDed archives
+ chroot: fix handling of errno seccomp rules
+ git-validation.sh: set the base for comparison to v1.16.0
+ chroot: create bind mount targets 0755 instead of 0700
+
## v1.16.2 (2020-09-21)
Add(): fix handling of relative paths with no ContextDir
## v1.16.1 (2020-09-10)
+ CI: use release-1.16 as the basis for validation tests
copier.Get(): hard link targets shouldn't be relative paths
## v1.16.0 (2020-09-03)
diff --git a/vendor/github.com/containers/buildah/add.go b/vendor/github.com/containers/buildah/add.go
index bbfdda9c1..a3f3c7a37 100644
--- a/vendor/github.com/containers/buildah/add.go
+++ b/vendor/github.com/containers/buildah/add.go
@@ -33,7 +33,8 @@ type AddAndCopyOptions struct {
Chown string
// PreserveOwnership, if Chown is not set, tells us to avoid setting
// ownership of copied items to 0:0, instead using whatever ownership
- // information is already set. Not meaningful for remote sources.
+ // information is already set. Not meaningful for remote sources or
+ // local archives that we extract.
PreserveOwnership bool
// All of the data being copied will pass through Hasher, if set.
// If the sources are URLs or files, their contents will be passed to
@@ -210,7 +211,6 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
// Find out which user (and group) the destination should belong to.
var chownDirs, chownFiles *idtools.IDPair
- var chmodDirs, chmodFiles *os.FileMode
var user specs.User
if options.Chown != "" {
user, _, err = b.user(mountPoint, options.Chown)
@@ -319,9 +319,9 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
UIDMap: destUIDMap,
GIDMap: destGIDMap,
ChownDirs: chownDirs,
- ChmodDirs: chmodDirs,
+ ChmodDirs: nil,
ChownFiles: chownFiles,
- ChmodFiles: chmodFiles,
+ ChmodFiles: nil,
}
putErr = copier.Put(mountPoint, extractDirectory, putOptions, io.TeeReader(pipeReader, hasher))
}
@@ -396,6 +396,10 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
GIDMap: srcGIDMap,
Excludes: options.Excludes,
ExpandArchives: extract,
+ ChownDirs: chownDirs,
+ ChmodDirs: nil,
+ ChownFiles: chownFiles,
+ ChmodFiles: nil,
StripSetuidBit: options.StripSetuidBit,
StripSetgidBit: options.StripSetgidBit,
StripStickyBit: options.StripStickyBit,
@@ -423,12 +427,14 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
_, putErr = io.Copy(hasher, pipeReader)
} else {
putOptions := copier.PutOptions{
- UIDMap: destUIDMap,
- GIDMap: destGIDMap,
- ChownDirs: chownDirs,
- ChmodDirs: chmodDirs,
- ChownFiles: chownFiles,
- ChmodFiles: chmodFiles,
+ UIDMap: destUIDMap,
+ GIDMap: destGIDMap,
+ DefaultDirOwner: chownDirs,
+ DefaultDirMode: nil,
+ ChownDirs: nil,
+ ChmodDirs: nil,
+ ChownFiles: nil,
+ ChmodFiles: nil,
}
putErr = copier.Put(mountPoint, extractDirectory, putOptions, io.TeeReader(pipeReader, hasher))
}
diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go
index e63cfff3a..2ac0210bd 100644
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@@ -28,7 +28,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.16.2"
+ Version = "1.16.4"
// The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index d34ede417..048dc61c1 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,7 +1,18 @@
+- Changelog for v1.16.4 (2020-10-01)
+ * ADD: only expand archives at the right time
+
+- Changelog for v1.16.3 (2020-09-30)
+ * Lint: Use same linters as podman
+ * add: preserve ownerships and permissions on ADDed archives
+ * chroot: fix handling of errno seccomp rules
+ * git-validation.sh: set the base for comparison to v1.16.0
+ * chroot: create bind mount targets 0755 instead of 0700
+
- Changelog for v1.16.2 (2020-09-21)
* Add(): fix handling of relative paths with no ContextDir
- Changelog for v1.16.1 (2020-09-10)
+ * CI: use release-1.16 as the basis for validation tests
* copier.Get(): hard link targets shouldn't be relative paths
- Changelog for v1.16.0 (2020-09-03)
diff --git a/vendor/github.com/containers/buildah/chroot/run.go b/vendor/github.com/containers/buildah/chroot/run.go
index 7a83a73a3..e8842f7a9 100644
--- a/vendor/github.com/containers/buildah/chroot/run.go
+++ b/vendor/github.com/containers/buildah/chroot/run.go
@@ -1047,7 +1047,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
subDev := filepath.Join(spec.Root.Path, "/dev")
if err := unix.Mount("/dev", subDev, "bind", devFlags, ""); err != nil {
if os.IsNotExist(err) {
- err = os.Mkdir(subDev, 0700)
+ err = os.Mkdir(subDev, 0755)
if err == nil {
err = unix.Mount("/dev", subDev, "bind", devFlags, "")
}
@@ -1071,7 +1071,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
subProc := filepath.Join(spec.Root.Path, "/proc")
if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
if os.IsNotExist(err) {
- err = os.Mkdir(subProc, 0700)
+ err = os.Mkdir(subProc, 0755)
if err == nil {
err = unix.Mount("/proc", subProc, "bind", procFlags, "")
}
@@ -1086,7 +1086,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
subSys := filepath.Join(spec.Root.Path, "/sys")
if err := unix.Mount("/sys", subSys, "bind", sysFlags, ""); err != nil {
if os.IsNotExist(err) {
- err = os.Mkdir(subSys, 0700)
+ err = os.Mkdir(subSys, 0755)
if err == nil {
err = unix.Mount("/sys", subSys, "bind", sysFlags, "")
}
@@ -1163,15 +1163,15 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
}
// The target isn't there yet, so create it.
if srcinfo.IsDir() {
- if err = os.MkdirAll(target, 0111); err != nil {
+ if err = os.MkdirAll(target, 0755); err != nil {
return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
}
} else {
- if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
+ if err = os.MkdirAll(filepath.Dir(target), 0755); err != nil {
return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target))
}
var file *os.File
- if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil {
+ if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0755); err != nil {
return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
}
file.Close()
diff --git a/vendor/github.com/containers/buildah/chroot/seccomp.go b/vendor/github.com/containers/buildah/chroot/seccomp.go
index 12a9b0032..1ca0a159e 100644
--- a/vendor/github.com/containers/buildah/chroot/seccomp.go
+++ b/vendor/github.com/containers/buildah/chroot/seccomp.go
@@ -15,18 +15,28 @@ func setSeccomp(spec *specs.Spec) error {
if spec.Linux.Seccomp == nil {
return nil
}
- mapAction := func(specAction specs.LinuxSeccompAction) libseccomp.ScmpAction {
+ mapAction := func(specAction specs.LinuxSeccompAction, errnoRet *uint) libseccomp.ScmpAction {
switch specAction {
case specs.ActKill:
return libseccomp.ActKill
case specs.ActTrap:
return libseccomp.ActTrap
case specs.ActErrno:
- return libseccomp.ActErrno
+ action := libseccomp.ActErrno
+ if errnoRet != nil {
+ action = action.SetReturnCode(int16(*errnoRet))
+ }
+ return action
case specs.ActTrace:
return libseccomp.ActTrace
case specs.ActAllow:
return libseccomp.ActAllow
+ case specs.ActLog:
+ return libseccomp.ActLog
+ case specs.ActKillProcess:
+ return libseccomp.ActKillProcess
+ default:
+ logrus.Errorf("unmappable action %v", specAction)
}
return libseccomp.ActInvalid
}
@@ -68,6 +78,8 @@ func setSeccomp(spec *specs.Spec) error {
/* fallthrough */ /* for now */
case specs.ArchPARISC64:
/* fallthrough */ /* for now */
+ default:
+ logrus.Errorf("unmappable arch %v", specArch)
}
return libseccomp.ArchInvalid
}
@@ -87,11 +99,13 @@ func setSeccomp(spec *specs.Spec) error {
return libseccomp.CompareGreater
case specs.OpMaskedEqual:
return libseccomp.CompareMaskedEqual
+ default:
+ logrus.Errorf("unmappable op %v", op)
}
return libseccomp.CompareInvalid
}
- filter, err := libseccomp.NewFilter(mapAction(spec.Linux.Seccomp.DefaultAction))
+ filter, err := libseccomp.NewFilter(mapAction(spec.Linux.Seccomp.DefaultAction, nil))
if err != nil {
return errors.Wrapf(err, "error creating seccomp filter with default action %q", spec.Linux.Seccomp.DefaultAction)
}
@@ -112,7 +126,7 @@ func setSeccomp(spec *specs.Spec) error {
}
for scnum := range scnames {
if len(rule.Args) == 0 {
- if err = filter.AddRule(scnum, mapAction(rule.Action)); err != nil {
+ if err = filter.AddRule(scnum, mapAction(rule.Action, rule.ErrnoRet)); err != nil {
return errors.Wrapf(err, "error adding a rule (%q:%q) to seccomp filter", scnames[scnum], rule.Action)
}
continue
@@ -129,7 +143,7 @@ func setSeccomp(spec *specs.Spec) error {
}
conditions = append(conditions, condition)
}
- if err = filter.AddRuleConditional(scnum, mapAction(rule.Action), conditions); err != nil {
+ if err = filter.AddRuleConditional(scnum, mapAction(rule.Action, rule.ErrnoRet), conditions); err != nil {
// Okay, if the rules specify multiple equality
// checks, assume someone thought that they
// were OR'd, when in fact they're ordinarily
@@ -137,7 +151,7 @@ func setSeccomp(spec *specs.Spec) error {
// different rules to get that OR effect.
if len(rule.Args) > 1 && opsAreAllEquality && err.Error() == "two checks on same syscall argument" {
for i := range conditions {
- if err = filter.AddRuleConditional(scnum, mapAction(rule.Action), conditions[i:i+1]); err != nil {
+ if err = filter.AddRuleConditional(scnum, mapAction(rule.Action, rule.ErrnoRet), conditions[i:i+1]); err != nil {
return errors.Wrapf(err, "error adding a conditional rule (%q:%q[%d]) to seccomp filter", scnames[scnum], rule.Action, i)
}
}
diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go
index a980fe292..1021aeb6f 100644
--- a/vendor/github.com/containers/buildah/copier/copier.go
+++ b/vendor/github.com/containers/buildah/copier/copier.go
@@ -222,6 +222,10 @@ type GetOptions struct {
UIDMap, GIDMap []idtools.IDMap // map from hostIDs to containerIDs in the output archive
Excludes []string // contents to pretend don't exist, using the OS-specific path separator
ExpandArchives bool // extract the contents of named items that are archives
+ ChownDirs *idtools.IDPair // set ownership on directories. no effect on archives being extracted
+ ChmodDirs *os.FileMode // set permissions on directories. no effect on archives being extracted
+ ChownFiles *idtools.IDPair // set ownership of files. no effect on archives being extracted
+ ChmodFiles *os.FileMode // set permissions on files. no effect on archives being extracted
StripSetuidBit bool // strip the setuid bit off of items being copied. no effect on archives being extracted
StripSetgidBit bool // strip the setgid bit off of items being copied. no effect on archives being extracted
StripStickyBit bool // strip the sticky bit off of items being copied. no effect on archives being extracted
@@ -265,6 +269,8 @@ func Get(root string, directory string, options GetOptions, globs []string, bulk
// PutOptions controls parts of Put()'s behavior.
type PutOptions struct {
UIDMap, GIDMap []idtools.IDMap // map from containerIDs to hostIDs when writing contents to disk
+ DefaultDirOwner *idtools.IDPair // set ownership of implicitly-created directories, default is ChownDirs, or 0:0 if ChownDirs not set
+ DefaultDirMode *os.FileMode // set permissions on implicitly-created directories, default is ChmodDirs, or 0755 if ChmodDirs not set
ChownDirs *idtools.IDPair // set ownership of newly-created directories
ChmodDirs *os.FileMode // set permissions on newly-created directories
ChownFiles *idtools.IDPair // set ownership of newly-created files
@@ -1032,6 +1038,9 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
}
// evaluate excludes relative to the root directory
if info.Mode().IsDir() {
+ // we don't expand any of the contents that are archives
+ options := req.GetOptions
+ options.ExpandArchives = false
walkfn := func(path string, info os.FileInfo, err error) error {
// compute the path of this item
// relative to the top-level directory,
@@ -1073,7 +1082,7 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
symlinkTarget = target
}
// add the item to the outgoing tar stream
- return copierHandlerGetOne(info, symlinkTarget, rel, path, req.GetOptions, tw, hardlinkChecker, idMappings)
+ return copierHandlerGetOne(info, symlinkTarget, rel, path, options, tw, hardlinkChecker, idMappings)
}
// walk the directory tree, checking/adding items individually
if err := filepath.Walk(item, walkfn); err != nil {
@@ -1193,6 +1202,22 @@ func copierHandlerGetOne(srcfi os.FileInfo, symlinkTarget, name, contentPath str
return errors.Wrapf(err, "error mapping host filesystem owners %#v to container filesystem owners", hostPair)
}
}
+ // force ownership and/or permissions, if requested
+ if hdr.Typeflag == tar.TypeDir {
+ if options.ChownDirs != nil {
+ hdr.Uid, hdr.Gid = options.ChownDirs.UID, options.ChownDirs.GID
+ }
+ if options.ChmodDirs != nil {
+ hdr.Mode = int64(*options.ChmodDirs)
+ }
+ } else {
+ if options.ChownFiles != nil {
+ hdr.Uid, hdr.Gid = options.ChownFiles.UID, options.ChownFiles.GID
+ }
+ if options.ChmodFiles != nil {
+ hdr.Mode = int64(*options.ChmodFiles)
+ }
+ }
// output the header
if err = tw.WriteHeader(hdr); err != nil {
return errors.Wrapf(err, "error writing header for %s (%s)", contentPath, hdr.Name)
@@ -1220,13 +1245,20 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
errorResponse := func(fmtspec string, args ...interface{}) (*response, func() error, error) {
return &response{Error: fmt.Sprintf(fmtspec, args...), Put: putResponse{}}, nil, nil
}
- dirUID, dirGID := 0, 0
+ dirUID, dirGID, defaultDirUID, defaultDirGID := 0, 0, 0, 0
if req.PutOptions.ChownDirs != nil {
dirUID, dirGID = req.PutOptions.ChownDirs.UID, req.PutOptions.ChownDirs.GID
+ defaultDirUID, defaultDirGID = dirUID, dirGID
}
- dirMode := os.FileMode(0755)
+ defaultDirMode := os.FileMode(0755)
if req.PutOptions.ChmodDirs != nil {
- dirMode = *req.PutOptions.ChmodDirs
+ defaultDirMode = *req.PutOptions.ChmodDirs
+ }
+ if req.PutOptions.DefaultDirOwner != nil {
+ defaultDirUID, defaultDirGID = req.PutOptions.DefaultDirOwner.UID, req.PutOptions.DefaultDirOwner.GID
+ }
+ if req.PutOptions.DefaultDirMode != nil {
+ defaultDirMode = *req.PutOptions.DefaultDirMode
}
var fileUID, fileGID *int
if req.PutOptions.ChownFiles != nil {
@@ -1258,11 +1290,11 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
subdir = filepath.Join(subdir, component)
path := filepath.Join(req.Root, subdir)
if err := os.Mkdir(path, 0700); err == nil {
- if err = lchown(path, dirUID, dirGID); err != nil {
- return errors.Wrapf(err, "copier: put: error setting owner of %q to %d:%d", path, dirUID, dirGID)
+ if err = lchown(path, defaultDirUID, defaultDirGID); err != nil {
+ return errors.Wrapf(err, "copier: put: error setting owner of %q to %d:%d", path, defaultDirUID, defaultDirGID)
}
- if err = os.Chmod(path, dirMode); err != nil {
- return errors.Wrapf(err, "copier: put: error setting permissions on %q to 0%o", path, dirMode)
+ if err = os.Chmod(path, defaultDirMode); err != nil {
+ return errors.Wrapf(err, "copier: put: error setting permissions on %q to 0%o", path, defaultDirMode)
}
} else {
if !os.IsExist(err) {
diff --git a/vendor/github.com/containers/common/pkg/completion/completion.go b/vendor/github.com/containers/common/pkg/completion/completion.go
index 6e7ddff30..07451e992 100644
--- a/vendor/github.com/containers/common/pkg/completion/completion.go
+++ b/vendor/github.com/containers/common/pkg/completion/completion.go
@@ -1,6 +1,14 @@
package completion
-import "github.com/spf13/cobra"
+import (
+ "bufio"
+ "os"
+ "strings"
+ "unicode"
+
+ "github.com/containers/common/pkg/capabilities"
+ "github.com/spf13/cobra"
+)
// FlagCompletions - hold flag completion functions to be applied later with CompleteCommandFlags()
type FlagCompletions map[string]func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective)
@@ -24,3 +32,62 @@ func AutocompleteNone(cmd *cobra.Command, args []string, toComplete string) ([]s
func AutocompleteDefault(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return nil, cobra.ShellCompDirectiveDefault
}
+
+// AutocompleteCapabilities - Autocomplete linux capabilities options.
+// Used by --cap-add and --cap-drop.
+func AutocompleteCapabilities(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ caps := capabilities.AllCapabilities()
+
+ // convertCase will convert a string to lowercase only if the user input is lowercase
+ convertCase := func(s string) string { return s }
+ if len(toComplete) > 0 && unicode.IsLower(rune(toComplete[0])) {
+ convertCase = strings.ToLower
+ }
+
+ // offset is used to trim "CAP_" if the user doesn't type CA... or ca...
+ offset := 0
+ if !strings.HasPrefix(toComplete, convertCase("CA")) {
+ // setting the offset to 4 is safe since each cap starts with CAP_
+ offset = 4
+ }
+
+ var completions []string
+ for _, cap := range caps {
+ completions = append(completions, convertCase(cap)[offset:])
+ }
+
+ // add ALL here which is also a valid argument
+ completions = append(completions, convertCase(capabilities.All))
+ return completions, cobra.ShellCompDirectiveNoFileComp
+}
+
+// autocompleteSubIDName - autocomplete the names in /etc/subuid or /etc/subgid
+func autocompleteSubIDName(filename string) ([]string, cobra.ShellCompDirective) {
+ file, err := os.Open(filename)
+ if err != nil {
+ return nil, cobra.ShellCompDirectiveError
+ }
+ defer file.Close()
+
+ var names []string
+ scanner := bufio.NewScanner(file)
+ for scanner.Scan() {
+ name := strings.SplitN(scanner.Text(), ":", 2)[0]
+ names = append(names, name)
+ }
+ if err = scanner.Err(); err != nil {
+ return nil, cobra.ShellCompDirectiveError
+ }
+
+ return names, cobra.ShellCompDirectiveNoFileComp
+}
+
+// AutocompleteSubgidName - Autocomplete subgidname based on the names in the /etc/subgid file.
+func AutocompleteSubgidName(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ return autocompleteSubIDName("/etc/subgid")
+}
+
+// AutocompleteSubuidName - Autocomplete subuidname based on the names in the /etc/subuid file.
+func AutocompleteSubuidName(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ return autocompleteSubIDName("/etc/subuid")
+}
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index eaa728791..8e69c7daf 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.23.0"
+const Version = "0.24.0"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3c7749b57..e1c2b6300 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -67,7 +67,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr
github.com/containernetworking/plugins/pkg/utils/sysctl
github.com/containernetworking/plugins/plugins/ipam/host-local/backend
github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator
-# github.com/containers/buildah v1.16.2
+# github.com/containers/buildah v1.16.4
github.com/containers/buildah
github.com/containers/buildah/bind
github.com/containers/buildah/chroot
@@ -87,7 +87,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.23.0
+# github.com/containers/common v0.24.0
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/apparmor/internal/supported
github.com/containers/common/pkg/auth