aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml5
-rw-r--r--cmd/podman/checkpoint.go6
-rw-r--r--cmd/podman/cliconfig/commands.go56
-rw-r--r--cmd/podman/commands.go2
-rw-r--r--cmd/podman/common.go2
-rw-r--r--cmd/podman/create.go38
-rw-r--r--cmd/podman/exists.go9
-rw-r--r--cmd/podman/generate_kube.go2
-rw-r--r--cmd/podman/image.go6
-rw-r--r--cmd/podman/images.go7
-rw-r--r--cmd/podman/main.go2
-rw-r--r--cmd/podman/ps.go7
-rw-r--r--cmd/podman/restart.go2
-rw-r--r--cmd/podman/stop.go14
-rw-r--r--cmd/podman/trust_set_show.go4
-rw-r--r--contrib/gate/Dockerfile2
-rw-r--r--pkg/secrets/secrets.go12
17 files changed, 117 insertions, 59 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index ad9edd404..4521866d1 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -118,6 +118,11 @@ gating_task:
- '/usr/local/bin/entrypoint.sh vendor'
- 'cd /go/src/github.com/containers/libpod && ./hack/tree_status.sh'
+ # This task builds Podman with different buildtags to ensure the build does
+ # not break.
+ build_script:
+ - '/usr/local/bin/entrypoint.sh clean podman BUILDTAGS="exclude_graphdriver_devicemapper selinux seccomp"'
+
build_each_commit_task:
diff --git a/cmd/podman/checkpoint.go b/cmd/podman/checkpoint.go
index 8c4b8ad3c..367065766 100644
--- a/cmd/podman/checkpoint.go
+++ b/cmd/podman/checkpoint.go
@@ -32,9 +32,9 @@ var (
Args: func(cmd *cobra.Command, args []string) error {
return checkAllAndLatest(cmd, args, false)
},
- Example: `podman checkpoint --keep ctrID
- podman checkpoint --all
- podman checkpoint --leave-running --latest`,
+ Example: `podman container checkpoint --keep ctrID
+ podman container checkpoint --all
+ podman container checkpoint --leave-running --latest`,
}
)
diff --git a/cmd/podman/cliconfig/commands.go b/cmd/podman/cliconfig/commands.go
index 7d1e762d9..3361c14b8 100644
--- a/cmd/podman/cliconfig/commands.go
+++ b/cmd/podman/cliconfig/commands.go
@@ -1,5 +1,7 @@
package cliconfig
+import "github.com/sirupsen/logrus"
+
// GlobalIsSet is a compatibility method for urfave
func (p *PodmanCommand) GlobalIsSet(opt string) bool {
flag := p.PersistentFlags().Lookup(opt)
@@ -22,9 +24,13 @@ func (p *PodmanCommand) IsSet(opt string) bool {
func (p *PodmanCommand) Bool(opt string) bool {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return false
}
- val, _ := p.Flags().GetBool(opt)
+ val, err := p.Flags().GetBool(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -32,9 +38,13 @@ func (p *PodmanCommand) Bool(opt string) bool {
func (p *PodmanCommand) String(opt string) string {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return ""
}
- val, _ := p.Flags().GetString(opt)
+ val, err := p.Flags().GetString(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -42,9 +52,13 @@ func (p *PodmanCommand) String(opt string) string {
func (p *PodmanCommand) StringArray(opt string) []string {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return []string{}
}
- val, _ := p.Flags().GetStringArray(opt)
+ val, err := p.Flags().GetStringArray(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -52,9 +66,13 @@ func (p *PodmanCommand) StringArray(opt string) []string {
func (p *PodmanCommand) StringSlice(opt string) []string {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return []string{}
}
- val, _ := p.Flags().GetStringSlice(opt)
+ val, err := p.Flags().GetStringSlice(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -62,9 +80,13 @@ func (p *PodmanCommand) StringSlice(opt string) []string {
func (p *PodmanCommand) Int(opt string) int {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return 0
}
- val, _ := p.Flags().GetInt(opt)
+ val, err := p.Flags().GetInt(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -72,9 +94,13 @@ func (p *PodmanCommand) Int(opt string) int {
func (p *PodmanCommand) Uint(opt string) uint {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return 0
}
- val, _ := p.Flags().GetUint(opt)
+ val, err := p.Flags().GetUint(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -82,9 +108,13 @@ func (p *PodmanCommand) Uint(opt string) uint {
func (p *PodmanCommand) Int64(opt string) int64 {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return 0
}
- val, _ := p.Flags().GetInt64(opt)
+ val, err := p.Flags().GetInt64(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -92,9 +122,13 @@ func (p *PodmanCommand) Int64(opt string) int64 {
func (p *PodmanCommand) Uint64(opt string) uint64 {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return 0
}
- val, _ := p.Flags().GetUint64(opt)
+ val, err := p.Flags().GetUint64(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
@@ -102,8 +136,12 @@ func (p *PodmanCommand) Uint64(opt string) uint64 {
func (p *PodmanCommand) Float64(opt string) float64 {
flag := p.Flags().Lookup(opt)
if flag == nil {
+ logrus.Errorf("Could not find flag %s", opt)
return 0
}
- val, _ := p.Flags().GetFloat64(opt)
+ val, err := p.Flags().GetFloat64(opt)
+ if err != nil {
+ logrus.Errorf("Error getting flag %s: %v", opt, err)
+ }
return val
}
diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go
index 73e02e27a..fd36e77d5 100644
--- a/cmd/podman/commands.go
+++ b/cmd/podman/commands.go
@@ -30,7 +30,6 @@ func getMainCommands() []*cobra.Command {
_rmCommand,
_runCommand,
_searchCommand,
- _signCommand,
_startCommand,
_statsCommand,
_stopCommand,
@@ -49,7 +48,6 @@ func getMainCommands() []*cobra.Command {
// Commands that the local client implements
func getImageSubCommands() []*cobra.Command {
return []*cobra.Command{
- _loadCommand,
_signCommand,
}
}
diff --git a/cmd/podman/common.go b/cmd/podman/common.go
index e297f3921..f9dfa3759 100644
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@@ -415,7 +415,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
"stop-signal", "",
"Signal to stop a container. Default is SIGTERM",
)
- createFlags.Int(
+ createFlags.Uint(
"stop-timeout", libpod.CtrRemoveTimeout,
"Timeout (in seconds) to stop a container. Default is 10",
)
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 2d93c149a..95cb732d9 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -67,7 +67,7 @@ func init() {
getCreateFlags(&createCommand.PodmanCommand)
flags := createCommand.Flags()
- flags.SetInterspersed(true)
+ flags.SetInterspersed(false)
}
@@ -408,7 +408,7 @@ func parseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l
return nil, err
}
- if err = parseVolumesFrom(c.StringArray("volumes-from")); err != nil {
+ if err = parseVolumesFrom(c.StringSlice("volumes-from")); err != nil {
return nil, err
}
@@ -707,23 +707,23 @@ func parseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l
Entrypoint: entrypoint,
Env: env,
//ExposedPorts: ports,
- GroupAdd: c.StringSlice("group-add"),
- Hostname: c.String("hostname"),
- HostAdd: c.StringSlice("add-host"),
- IDMappings: idmappings,
- Image: imageName,
- ImageID: imageID,
- Interactive: c.Bool("interactive"),
- IP6Address: c.String("ipv6"),
- IPAddress: c.String("ip"),
- Labels: labels,
- LinkLocalIP: c.StringSlice("link-local-ip"),
- LogDriver: c.String("log-driver"),
- LogDriverOpt: c.StringSlice("log-opt"),
- MacAddress: c.String("mac-address"),
- Name: c.String("name"),
- Network: network,
- NetworkAlias: c.StringSlice("network-alias"),
+ GroupAdd: c.StringSlice("group-add"),
+ Hostname: c.String("hostname"),
+ HostAdd: c.StringSlice("add-host"),
+ IDMappings: idmappings,
+ Image: imageName,
+ ImageID: imageID,
+ Interactive: c.Bool("interactive"),
+ //IP6Address: c.String("ipv6"), // Not implemented yet - needs CNI support for static v6
+ IPAddress: c.String("ip"),
+ Labels: labels,
+ //LinkLocalIP: c.StringSlice("link-local-ip"), // Not implemented yet
+ LogDriver: c.String("log-driver"),
+ LogDriverOpt: c.StringSlice("log-opt"),
+ MacAddress: c.String("mac-address"),
+ Name: c.String("name"),
+ Network: network,
+ //NetworkAlias: c.StringSlice("network-alias"), // Not implemented - does this make sense in Podman?
IpcMode: ipcMode,
NetMode: netMode,
UtsMode: utsMode,
diff --git a/cmd/podman/exists.go b/cmd/podman/exists.go
index c01a6a081..109831e74 100644
--- a/cmd/podman/exists.go
+++ b/cmd/podman/exists.go
@@ -40,7 +40,8 @@ var (
imageExistsCommand.GlobalFlags = MainGlobalOpts
return imageExistsCmd(&imageExistsCommand)
},
- Example: `podman image exists imageID`,
+ Example: `podman image exists imageID
+ podman image exists alpine || podman pull alpine`,
}
_containerExistsCommand = &cobra.Command{
@@ -53,7 +54,8 @@ var (
return containerExistsCmd(&containerExistsCommand)
},
- Example: `podman container exists containerID`,
+ Example: `podman container exists containerID
+ podman container exists myctr || podman run --name myctr [etc...]`,
}
_podExistsCommand = &cobra.Command{
@@ -65,7 +67,8 @@ var (
podExistsCommand.GlobalFlags = MainGlobalOpts
return podExistsCmd(&podExistsCommand)
},
- Example: `podman pod exists podID`,
+ Example: `podman pod exists podID
+ podman pod exists mypod || podman pod create --name mypod`,
}
)
diff --git a/cmd/podman/generate_kube.go b/cmd/podman/generate_kube.go
index 090f99495..fa2872b77 100644
--- a/cmd/podman/generate_kube.go
+++ b/cmd/podman/generate_kube.go
@@ -17,7 +17,7 @@ var (
containerKubeCommand cliconfig.GenerateKubeValues
containerKubeDescription = "Generate Kubernetes Pod YAML"
_containerKubeCommand = &cobra.Command{
- Use: "kube CONTAINER | POD",
+ Use: "kube [flags] CONTAINER | POD",
Short: "Generate Kubernetes pod YAML for a container or pod",
Long: containerKubeDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/image.go b/cmd/podman/image.go
index 14053cb0d..aaa1866c4 100644
--- a/cmd/podman/image.go
+++ b/cmd/podman/image.go
@@ -14,6 +14,7 @@ var (
Long: imageDescription,
},
}
+ _imagesSubCommand = _imagesCommand
)
//imageSubCommands are implemented both in local and remote clients
@@ -21,7 +22,6 @@ var imageSubCommands = []*cobra.Command{
_buildCommand,
_historyCommand,
_imageExistsCommand,
- _imagesCommand,
_importCommand,
_inspectCommand,
_loadCommand,
@@ -37,4 +37,8 @@ func init() {
imageCommand.SetUsageTemplate(UsageTemplate())
imageCommand.AddCommand(imageSubCommands...)
imageCommand.AddCommand(getImageSubCommands()...)
+
+ _imagesSubCommand.Aliases = []string{"ls", "list"}
+ imageCommand.AddCommand(&_imagesSubCommand)
+
}
diff --git a/cmd/podman/images.go b/cmd/podman/images.go
index 6e82195a9..e6f4d9a60 100644
--- a/cmd/podman/images.go
+++ b/cmd/podman/images.go
@@ -87,8 +87,8 @@ var (
imagesCommand cliconfig.ImagesValues
imagesDescription = "lists locally stored images."
- _imagesCommand = &cobra.Command{
- Use: "images",
+ _imagesCommand = cobra.Command{
+ Use: "images [flags] [IMAGE]",
Short: "List images in local storage",
Long: imagesDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -103,8 +103,9 @@ var (
)
func init() {
- imagesCommand.Command = _imagesCommand
+ imagesCommand.Command = &_imagesCommand
imagesCommand.SetUsageTemplate(UsageTemplate())
+
flags := imagesCommand.Flags()
flags.BoolVarP(&imagesCommand.All, "all", "a", false, "Show all images (default hides intermediate images)")
flags.BoolVar(&imagesCommand.Digests, "digests", false, "Show digests")
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 19bdb40d6..d36270853 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -38,7 +38,7 @@ var mainCommands = []*cobra.Command{
_buildCommand,
_exportCommand,
_historyCommand,
- _imagesCommand,
+ &_imagesCommand,
_importCommand,
_infoCommand,
_inspectCommand,
diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go
index 9c165b836..3bc4f0b08 100644
--- a/cmd/podman/ps.go
+++ b/cmd/podman/ps.go
@@ -158,10 +158,9 @@ var (
psCommand cliconfig.PsValues
psDescription = "Prints out information about the containers"
_psCommand = &cobra.Command{
- Use: "list",
- Aliases: []string{"ls", "ps"},
- Short: "List containers",
- Long: psDescription,
+ Use: "ps",
+ Short: "List containers",
+ Long: psDescription,
RunE: func(cmd *cobra.Command, args []string) error {
psCommand.InputArgs = args
psCommand.GlobalFlags = MainGlobalOpts
diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go
index 2bebde4f9..5aa12070e 100644
--- a/cmd/podman/restart.go
+++ b/cmd/podman/restart.go
@@ -73,7 +73,7 @@ func restartCmd(c *cliconfig.RestartValues) error {
defer runtime.Shutdown(false)
timeout := c.Timeout
- useTimeout := c.Flag("timeout").Changed
+ useTimeout := c.Flag("timeout").Changed || c.Flag("time").Changed
// Handle --latest
if c.Latest {
diff --git a/cmd/podman/stop.go b/cmd/podman/stop.go
index d86894a6f..ab9a2cf38 100644
--- a/cmd/podman/stop.go
+++ b/cmd/podman/stop.go
@@ -73,21 +73,29 @@ func stopCmd(c *cliconfig.StopValues) error {
fmt.Println(err.Error())
}
+ if c.Flag("timeout").Changed && c.Flag("time").Changed {
+ return errors.New("the --timeout and --time flags are mutually exclusive")
+ }
+
var stopFuncs []shared.ParallelWorkerInput
for _, ctr := range containers {
con := ctr
var stopTimeout uint
- if c.Flag("timeout").Changed {
+ if c.Flag("timeout").Changed || c.Flag("time").Changed {
stopTimeout = c.Timeout
} else {
stopTimeout = ctr.StopTimeout()
+ logrus.Debugf("Set timeout to container %s default (%d)", ctr.ID(), stopTimeout)
}
f := func() error {
- if err := con.StopWithTimeout(stopTimeout); err != nil && errors.Cause(err) != libpod.ErrCtrStopped {
+ if err := con.StopWithTimeout(stopTimeout); err != nil {
+ if errors.Cause(err) == libpod.ErrCtrStopped {
+ logrus.Debugf("Container %s already stopped", con.ID())
+ return nil
+ }
return err
}
return nil
-
}
stopFuncs = append(stopFuncs, shared.ParallelWorkerInput{
ContainerID: con.ID(),
diff --git a/cmd/podman/trust_set_show.go b/cmd/podman/trust_set_show.go
index 0a4783d0a..746854249 100644
--- a/cmd/podman/trust_set_show.go
+++ b/cmd/podman/trust_set_show.go
@@ -23,7 +23,7 @@ var (
showTrustCommand cliconfig.ShowTrustValues
setTrustDescription = "Set default trust policy or add a new trust policy for a registry"
_setTrustCommand = &cobra.Command{
- Use: "set",
+ Use: "set [flags] REGISTRY",
Short: "Set default trust policy or a new trust policy for a registry",
Long: setTrustDescription,
Example: "",
@@ -36,7 +36,7 @@ var (
showTrustDescription = "Display trust policy for the system"
_showTrustCommand = &cobra.Command{
- Use: "show",
+ Use: "show [flags] [REGISTRY]",
Short: "Display trust policy for the system",
Long: showTrustDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile
index f9b57a6da..4d88ae9a6 100644
--- a/contrib/gate/Dockerfile
+++ b/contrib/gate/Dockerfile
@@ -49,8 +49,6 @@ WORKDIR $GOSRC
# Install dependencies
RUN set -x && \
- go get -u github.com/mailru/easyjson/... && \
- install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/ && \
make install.tools && \
install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \
rm -rf "$GOSRC"
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go
index 242953609..3b64f8952 100644
--- a/pkg/secrets/secrets.go
+++ b/pkg/secrets/secrets.go
@@ -8,6 +8,7 @@ import (
"strings"
"github.com/containers/libpod/pkg/rootless"
+ "github.com/containers/storage/pkg/idtools"
rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
@@ -176,7 +177,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
// Add FIPS mode secret if /etc/system-fips exists on the host
_, err := os.Stat("/etc/system-fips")
if err == nil {
- if err := addFIPSModeSecret(&secretMounts, containerWorkingDir); err != nil {
+ if err := addFIPSModeSecret(&secretMounts, containerWorkingDir, mountPrefix, mountLabel, uid, gid); err != nil {
logrus.Errorf("error adding FIPS mode secret to container: %v", err)
}
} else if os.IsNotExist(err) {
@@ -264,13 +265,16 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr
// root filesystem if /etc/system-fips exists on hosts.
// This enables the container to be FIPS compliant and run openssl in
// FIPS mode as the host is also in FIPS mode.
-func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir string) error {
+func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, mountLabel string, uid, gid int) error {
secretsDir := "/run/secrets"
ctrDirOnHost := filepath.Join(containerWorkingDir, secretsDir)
if _, err := os.Stat(ctrDirOnHost); os.IsNotExist(err) {
- if err = os.MkdirAll(ctrDirOnHost, 0755); err != nil {
+ if err = idtools.MkdirAllAs(ctrDirOnHost, 0755, uid, gid); err != nil {
return errors.Wrapf(err, "making container directory on host failed")
}
+ if err = label.Relabel(ctrDirOnHost, mountLabel, false); err != nil {
+ return errors.Wrap(err, "error applying correct labels")
+ }
}
fipsFile := filepath.Join(ctrDirOnHost, "system-fips")
// In the event of restart, it is possible for the FIPS mode file to already exist
@@ -284,7 +288,7 @@ func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir string) error
if !mountExists(*mounts, secretsDir) {
m := rspec.Mount{
- Source: ctrDirOnHost,
+ Source: filepath.Join(mountPrefix, secretsDir),
Destination: secretsDir,
Type: "bind",
Options: []string{"bind", "rprivate"},