aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile12
-rw-r--r--cmd/podman-mac-helper/install.go244
-rw-r--r--cmd/podman-mac-helper/main.go149
-rw-r--r--cmd/podman-mac-helper/service.go85
-rw-r--r--cmd/podman-mac-helper/uninstall.go60
-rw-r--r--cmd/podman/machine/init.go5
-rw-r--r--cmd/podman/machine/set.go56
-rw-r--r--contrib/podmanimage/stable/Dockerfile4
-rw-r--r--contrib/podmanimage/testing/Dockerfile4
-rw-r--r--contrib/podmanimage/upstream/Dockerfile4
-rw-r--r--docs/source/markdown/podman-machine-init.1.md9
-rw-r--r--docs/source/markdown/podman-machine-set.1.md59
-rw-r--r--docs/source/markdown/podman-machine.1.md1
-rw-r--r--docs/source/markdown/podman-network-ls.1.md34
-rw-r--r--docs/source/markdown/podman-pod-ps.1.md48
-rw-r--r--go.mod4
-rw-r--r--go.sum18
-rw-r--r--pkg/machine/config.go9
-rw-r--r--pkg/machine/connection.go25
-rw-r--r--pkg/machine/qemu/claim_darwin.go63
-rw-r--r--pkg/machine/qemu/claim_unsupported.go20
-rw-r--r--pkg/machine/qemu/config.go2
-rw-r--r--pkg/machine/qemu/machine.go267
-rw-r--r--pkg/machine/wsl/machine.go80
-rw-r--r--pkg/specgenutil/volumes.go6
-rw-r--r--pkg/util/mountOpts.go12
-rw-r--r--pkg/util/utils_linux.go6
-rw-r--r--test/e2e/images_test.go24
-rw-r--r--test/e2e/volume_plugin_test.go8
-rw-r--r--test/python/docker/compat/test_images.py3
-rw-r--r--vendor/github.com/containers/buildah/.cirrus.yml2
-rw-r--r--vendor/github.com/containers/buildah/CHANGELOG.md13
-rw-r--r--vendor/github.com/containers/buildah/Makefile2
-rw-r--r--vendor/github.com/containers/buildah/changelog.txt12
-rw-r--r--vendor/github.com/containers/buildah/define/types.go2
-rw-r--r--vendor/github.com/containers/buildah/go.mod6
-rw-r--r--vendor/github.com/containers/buildah/go.sum14
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/stage_executor.go63
-rw-r--r--vendor/github.com/containers/buildah/run.go2
-rw-r--r--vendor/github.com/containers/buildah/run_linux.go8
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/containers.go6
-rw-r--r--vendor/github.com/containers/storage/drivers/overlay/overlay.go17
-rw-r--r--vendor/github.com/containers/storage/errors.go2
-rw-r--r--vendor/github.com/containers/storage/go.mod2
-rw-r--r--vendor/github.com/containers/storage/go.sum3
-rw-r--r--vendor/github.com/containers/storage/idset.go45
-rw-r--r--vendor/github.com/containers/storage/pkg/chunked/cache_linux.go25
-rw-r--r--vendor/github.com/containers/storage/pkg/config/config.go106
-rw-r--r--vendor/github.com/containers/storage/types/errors.go2
-rw-r--r--vendor/github.com/containers/storage/types/options.go15
-rw-r--r--vendor/github.com/fsouza/go-dockerclient/LICENSE2
-rw-r--r--vendor/github.com/fsouza/go-dockerclient/Makefile4
-rw-r--r--vendor/github.com/fsouza/go-dockerclient/go.mod4
-rw-r--r--vendor/github.com/fsouza/go-dockerclient/go.sum14
-rw-r--r--vendor/github.com/google/go-cmp/cmp/compare.go17
-rw-r--r--vendor/github.com/google/go-cmp/cmp/export_panic.go1
-rw-r--r--vendor/github.com/google/go-cmp/cmp/export_unsafe.go1
-rw-r--r--vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go1
-rw-r--r--vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go1
-rw-r--r--vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go10
-rw-r--r--vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go10
-rw-r--r--vendor/github.com/google/go-cmp/cmp/internal/value/name.go7
-rw-r--r--vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go1
-rw-r--r--vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go1
-rw-r--r--vendor/github.com/google/go-cmp/cmp/path.go2
-rw-r--r--vendor/github.com/google/go-cmp/cmp/report_reflect.go3
-rw-r--r--vendor/github.com/google/go-cmp/cmp/report_slices.go6
-rw-r--r--vendor/github.com/moby/sys/mountinfo/mounted_linux.go58
-rw-r--r--vendor/github.com/moby/sys/mountinfo/mountinfo.go6
-rw-r--r--vendor/modules.txt10
71 files changed, 1541 insertions, 288 deletions
diff --git a/Makefile b/Makefile
index 9e9b3676e..0a5389ce9 100644
--- a/Makefile
+++ b/Makefile
@@ -376,13 +376,23 @@ podman-winpath: .gopathok $(SOURCES) go.mod go.sum
./cmd/winpath
.PHONY: podman-remote-darwin
-podman-remote-darwin: ## Build podman-remote for macOS
+podman-remote-darwin: podman-mac-helper ## Build podman-remote for macOS
$(MAKE) \
CGO_ENABLED=$(DARWIN_GCO) \
GOOS=darwin \
GOARCH=$(GOARCH) \
bin/darwin/podman
+.PHONY: podman-mac-helper
+podman-mac-helper: ## Build podman-mac-helper for macOS
+ CGO_ENABLED=0 \
+ GOOS=darwin \
+ GOARCH=$(GOARCH) \
+ $(GO) build \
+ $(BUILDFLAGS) \
+ -o bin/darwin/podman-mac-helper \
+ ./cmd/podman-mac-helper
+
bin/rootlessport: .gopathok $(SOURCES) go.mod go.sum
CGO_ENABLED=$(CGO_ENABLED) \
$(GO) build \
diff --git a/cmd/podman-mac-helper/install.go b/cmd/podman-mac-helper/install.go
new file mode 100644
index 000000000..7f623ecb6
--- /dev/null
+++ b/cmd/podman-mac-helper/install.go
@@ -0,0 +1,244 @@
+//go:build darwin
+// +build darwin
+
+package main
+
+import (
+ "bytes"
+ "fmt"
+ "io"
+ "io/fs"
+ "os"
+ "path/filepath"
+ "strings"
+ "syscall"
+ "text/template"
+
+ "github.com/pkg/errors"
+ "github.com/spf13/cobra"
+)
+
+const (
+ rwx_rx_rx = 0755
+ rw_r_r = 0644
+)
+
+const launchConfig = `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>Label</key>
+ <string>com.github.containers.podman.helper-{{.User}}</string>
+ <key>ProgramArguments</key>
+ <array>
+ <string>{{.Program}}</string>
+ <string>service</string>
+ <string>{{.Target}}</string>
+ </array>
+ <key>inetdCompatibility</key>
+ <dict>
+ <key>Wait</key>
+ <false/>
+ </dict>
+ <key>UserName</key>
+ <string>root</string>
+ <key>Sockets</key>
+ <dict>
+ <key>Listeners</key>
+ <dict>
+ <key>SockFamily</key>
+ <string>Unix</string>
+ <key>SockPathName</key>
+ <string>/private/var/run/podman-helper-{{.User}}.socket</string>
+ <key>SockPathOwner</key>
+ <integer>{{.UID}}</integer>
+ <key>SockPathMode</key>
+ <!-- SockPathMode takes base 10 (384 = 0600) -->
+ <integer>384</integer>
+ <key>SockType</key>
+ <string>stream</string>
+ </dict>
+ </dict>
+</dict>
+</plist>
+`
+
+type launchParams struct {
+ Program string
+ User string
+ UID string
+ Target string
+}
+
+var installCmd = &cobra.Command{
+ Use: "install",
+ Short: "installs the podman helper agent",
+ Long: "installs the podman helper agent, which manages the /var/run/docker.sock link",
+ PreRun: silentUsage,
+ RunE: install,
+}
+
+func init() {
+ addPrefixFlag(installCmd)
+ rootCmd.AddCommand(installCmd)
+}
+
+func install(cmd *cobra.Command, args []string) error {
+ userName, uid, homeDir, err := getUser()
+ if err != nil {
+ return err
+ }
+
+ labelName := fmt.Sprintf("com.github.containers.podman.helper-%s.plist", userName)
+ fileName := filepath.Join("/Library", "LaunchDaemons", labelName)
+
+ if _, err := os.Stat(fileName); err == nil || !os.IsNotExist(err) {
+ return errors.New("helper is already installed, uninstall first")
+ }
+
+ prog, err := installExecutable(userName)
+ if err != nil {
+ return err
+ }
+
+ target := filepath.Join(homeDir, ".local", "share", "containers", "podman", "machine", "podman.sock")
+ var buf bytes.Buffer
+ t := template.Must(template.New("launchdConfig").Parse(launchConfig))
+ err = t.Execute(&buf, launchParams{prog, userName, uid, target})
+ if err != nil {
+ return err
+ }
+
+ file, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE|os.O_EXCL, rw_r_r)
+ if err != nil {
+ return errors.Wrap(err, "error creating helper plist file")
+ }
+ defer file.Close()
+ _, err = buf.WriteTo(file)
+ if err != nil {
+ return err
+ }
+
+ if err = runDetectErr("launchctl", "load", fileName); err != nil {
+ return errors.Wrap(err, "launchctl failed loading service")
+ }
+
+ return nil
+}
+
+func restrictRecursive(targetDir string, until string) error {
+ for targetDir != until && len(targetDir) > 1 {
+ info, err := os.Lstat(targetDir)
+ if err != nil {
+ return err
+ }
+ if info.Mode()&fs.ModeSymlink != 0 {
+ return errors.Errorf("symlinks not allowed in helper paths (remove them and rerun): %s", targetDir)
+ }
+ if err = os.Chown(targetDir, 0, 0); err != nil {
+ return errors.Wrap(err, "could not update ownership of helper path")
+ }
+ if err = os.Chmod(targetDir, rwx_rx_rx|fs.ModeSticky); err != nil {
+ return errors.Wrap(err, "could not update permissions of helper path")
+ }
+ targetDir = filepath.Dir(targetDir)
+ }
+
+ return nil
+}
+
+func verifyRootDeep(path string) error {
+ path = filepath.Clean(path)
+ current := "/"
+ segs := strings.Split(path, "/")
+ depth := 0
+ for i := 1; i < len(segs); i++ {
+ seg := segs[i]
+ current = filepath.Join(current, seg)
+ info, err := os.Lstat(current)
+ if err != nil {
+ return err
+ }
+
+ stat := info.Sys().(*syscall.Stat_t)
+ if stat.Uid != 0 {
+ return errors.Errorf("installation target path must be solely owned by root: %s is not", current)
+ }
+
+ if info.Mode()&fs.ModeSymlink != 0 {
+ target, err := os.Readlink(current)
+ if err != nil {
+ return err
+ }
+
+ targetParts := strings.Split(target, "/")
+ segs = append(targetParts, segs[i+1:]...)
+
+ if depth++; depth > 1000 {
+ return errors.New("reached max recursion depth, link structure is cyclical or too complex")
+ }
+
+ if !filepath.IsAbs(target) {
+ current = filepath.Dir(current)
+ i = -1 // Start at 0
+ } else {
+ current = "/"
+ i = 0 // Skip empty first segment
+ }
+ }
+ }
+
+ return nil
+}
+
+func installExecutable(user string) (string, error) {
+ // Since the installed executable runs as root, as a precaution verify root ownership of
+ // the entire installation path, and utilize sticky + read only perms for the helper path
+ // suffix. The goal is to help users harden against privilege escalation from loose
+ // filesystem permissions.
+ //
+ // Since userpsace package management tools, such as brew, delegate management of system
+ // paths to standard unix users, the daemon executable is copied into a separate more
+ // restricted area of the filesystem.
+ if err := verifyRootDeep(installPrefix); err != nil {
+ return "", err
+ }
+
+ targetDir := filepath.Join(installPrefix, "podman", "helper", user)
+ if err := os.MkdirAll(targetDir, rwx_rx_rx); err != nil {
+ return "", errors.Wrap(err, "could not create helper directory structure")
+ }
+
+ // Correct any incorrect perms on previously existing directories and verify no symlinks
+ if err := restrictRecursive(targetDir, installPrefix); err != nil {
+ return "", err
+ }
+
+ exec, err := os.Executable()
+ if err != nil {
+ return "", err
+ }
+ install := filepath.Join(targetDir, filepath.Base(exec))
+
+ return install, copyFile(install, exec, rwx_rx_rx)
+}
+
+func copyFile(dest string, source string, perms fs.FileMode) error {
+ in, err := os.Open(source)
+ if err != nil {
+ return err
+ }
+
+ defer in.Close()
+ out, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
+ if err != nil {
+ return err
+ }
+
+ defer out.Close()
+ if _, err := io.Copy(out, in); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/cmd/podman-mac-helper/main.go b/cmd/podman-mac-helper/main.go
new file mode 100644
index 000000000..8d995519f
--- /dev/null
+++ b/cmd/podman-mac-helper/main.go
@@ -0,0 +1,149 @@
+//go:build darwin
+// +build darwin
+
+package main
+
+import (
+ "fmt"
+ "io"
+ "io/ioutil"
+ "os"
+ "os/exec"
+ "regexp"
+ "strconv"
+ "strings"
+
+ "github.com/pkg/errors"
+ "github.com/spf13/cobra"
+)
+
+const (
+ defaultPrefix = "/usr/local"
+ dockerSock = "/var/run/docker.sock"
+)
+
+var installPrefix string
+
+var rootCmd = &cobra.Command{
+ Use: "podman-mac-helper",
+ Short: "A system helper to manage docker.sock",
+ Long: `podman-mac-helper is a system helper service and tool for managing docker.sock `,
+ CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
+ SilenceErrors: true,
+}
+
+// Note, this code is security sensitive since it runs under privilege.
+// Limit actions to what is strictly necessary, and take appropriate
+// safeguards
+//
+// After installation the service call is ran under launchd in a nowait
+// inetd style fashion, so stdin, stdout, and stderr are all pointing to
+// an accepted connection
+//
+// This service is installed once per user and will redirect
+// /var/run/docker to the fixed user-assigned unix socket location.
+//
+// Control communication is restricted to each user specific service via
+// unix file permissions
+
+func main() {
+ if os.Geteuid() != 0 {
+ fmt.Printf("This command must be ran as root via sudo or osascript\n")
+ os.Exit(1)
+ }
+
+ if err := rootCmd.Execute(); err != nil {
+ fmt.Fprintf(os.Stderr, "Error: %s\n", err.Error())
+ }
+}
+
+func getUserInfo(name string) (string, string, string, error) {
+ // We exec id instead of using user.Lookup to remain compat
+ // with CGO disabled.
+ cmd := exec.Command("/usr/bin/id", "-P", name)
+ output, err := cmd.StdoutPipe()
+ if err != nil {
+ return "", "", "", err
+ }
+
+ if err := cmd.Start(); err != nil {
+ return "", "", "", err
+ }
+
+ entry := readCapped(output)
+ elements := strings.Split(entry, ":")
+ if len(elements) < 9 || elements[0] != name {
+ return "", "", "", errors.New("Could not lookup user")
+ }
+
+ return elements[0], elements[2], elements[8], nil
+}
+
+func getUser() (string, string, string, error) {
+ name, found := os.LookupEnv("SUDO_USER")
+ if !found {
+ name, found = os.LookupEnv("USER")
+ if !found {
+ return "", "", "", errors.New("could not determine user")
+ }
+ }
+
+ _, uid, home, err := getUserInfo(name)
+ if err != nil {
+ return "", "", "", fmt.Errorf("could not lookup user: %s", name)
+ }
+ id, err := strconv.Atoi(uid)
+ if err != nil {
+ return "", "", "", fmt.Errorf("invalid uid for user: %s", name)
+ }
+ if id == 0 {
+ return "", "", "", fmt.Errorf("unexpected root user")
+ }
+
+ return name, uid, home, nil
+}
+
+// Used for commands that don't return a proper exit code
+func runDetectErr(name string, args ...string) error {
+ cmd := exec.Command(name, args...)
+ errReader, err := cmd.StderrPipe()
+ if err != nil {
+ return err
+ }
+
+ err = cmd.Start()
+ if err == nil {
+ errString := readCapped(errReader)
+ if len(errString) > 0 {
+ re := regexp.MustCompile(`\r?\n`)
+ err = errors.New(re.ReplaceAllString(errString, ": "))
+ }
+ }
+
+ if werr := cmd.Wait(); werr != nil {
+ err = werr
+ }
+
+ return err
+}
+
+func readCapped(reader io.Reader) string {
+ // Cap output
+ buffer := make([]byte, 2048)
+ n, _ := io.ReadFull(reader, buffer)
+ _, _ = io.Copy(ioutil.Discard, reader)
+ if n > 0 {
+ return string(buffer[:n])
+ }
+
+ return ""
+}
+
+func addPrefixFlag(cmd *cobra.Command) {
+ cmd.Flags().StringVar(&installPrefix, "prefix", defaultPrefix, "Sets the install location prefix")
+}
+
+func silentUsage(cmd *cobra.Command, args []string) {
+ cmd.SilenceUsage = true
+ cmd.SilenceErrors = true
+}
diff --git a/cmd/podman-mac-helper/service.go b/cmd/podman-mac-helper/service.go
new file mode 100644
index 000000000..65cd89f34
--- /dev/null
+++ b/cmd/podman-mac-helper/service.go
@@ -0,0 +1,85 @@
+//go:build darwin
+// +build darwin
+
+package main
+
+import (
+ "fmt"
+ "io"
+ "io/fs"
+ "os"
+ "time"
+
+ "github.com/spf13/cobra"
+)
+
+const (
+ trigger = "GO\n"
+ fail = "NO"
+ success = "OK"
+)
+
+var serviceCmd = &cobra.Command{
+ Use: "service",
+ Short: "services requests",
+ Long: "services requests",
+ PreRun: silentUsage,
+ Run: serviceRun,
+ Hidden: true,
+}
+
+func init() {
+ rootCmd.AddCommand(serviceCmd)
+}
+
+func serviceRun(cmd *cobra.Command, args []string) {
+ info, err := os.Stdin.Stat()
+ if err != nil || info.Mode()&fs.ModeSocket == 0 {
+ fmt.Fprintln(os.Stderr, "This is an internal command that is not intended for standard terminal usage")
+ os.Exit(1)
+ }
+
+ os.Exit(service())
+}
+
+func service() int {
+ defer os.Stdout.Close()
+ defer os.Stdin.Close()
+ defer os.Stderr.Close()
+ if len(os.Args) < 3 {
+ fmt.Print(fail)
+ return 1
+ }
+ target := os.Args[2]
+
+ request := make(chan bool)
+ go func() {
+ buf := make([]byte, 3)
+ _, err := io.ReadFull(os.Stdin, buf)
+ request <- err == nil && string(buf) == trigger
+ }()
+
+ valid := false
+ select {
+ case valid = <-request:
+ case <-time.After(5 * time.Second):
+ }
+
+ if !valid {
+ fmt.Println(fail)
+ return 2
+ }
+
+ err := os.Remove(dockerSock)
+ if err == nil || os.IsNotExist(err) {
+ err = os.Symlink(target, dockerSock)
+ }
+
+ if err != nil {
+ fmt.Print(fail)
+ return 3
+ }
+
+ fmt.Print(success)
+ return 0
+}
diff --git a/cmd/podman-mac-helper/uninstall.go b/cmd/podman-mac-helper/uninstall.go
new file mode 100644
index 000000000..f72d0efd1
--- /dev/null
+++ b/cmd/podman-mac-helper/uninstall.go
@@ -0,0 +1,60 @@
+//go:build darwin
+// +build darwin
+
+package main
+
+import (
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+
+ "github.com/pkg/errors"
+ "github.com/spf13/cobra"
+)
+
+var uninstallCmd = &cobra.Command{
+ Use: "uninstall",
+ Short: "uninstalls the podman helper agent",
+ Long: "uninstalls the podman helper agent, which manages the /var/run/docker.sock link",
+ PreRun: silentUsage,
+ RunE: uninstall,
+}
+
+func init() {
+ addPrefixFlag(uninstallCmd)
+ rootCmd.AddCommand(uninstallCmd)
+}
+
+func uninstall(cmd *cobra.Command, args []string) error {
+ userName, _, _, err := getUser()
+ if err != nil {
+ return err
+ }
+
+ labelName := fmt.Sprintf("com.github.containers.podman.helper-%s", userName)
+ fileName := filepath.Join("/Library", "LaunchDaemons", labelName+".plist")
+
+ if err = runDetectErr("launchctl", "unload", fileName); err != nil {
+ // Try removing the service by label in case the service is half uninstalled
+ if rerr := runDetectErr("launchctl", "remove", labelName); rerr != nil {
+ // Exit code 3 = no service to remove
+ if exitErr, ok := rerr.(*exec.ExitError); !ok || exitErr.ExitCode() != 3 {
+ fmt.Fprintf(os.Stderr, "Warning: service unloading failed: %s\n", err.Error())
+ fmt.Fprintf(os.Stderr, "Warning: remove also failed: %s\n", rerr.Error())
+ }
+ }
+ }
+
+ if err := os.Remove(fileName); err != nil {
+ if !os.IsNotExist(err) {
+ return errors.Errorf("could not remove plist file: %s", fileName)
+ }
+ }
+
+ helperPath := filepath.Join(installPrefix, "podman", "helper", userName)
+ if err := os.RemoveAll(helperPath); err != nil {
+ return errors.Errorf("could not remove helper binary path: %s", helperPath)
+ }
+ return nil
+}
diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go
index 0834aa381..ab13d8651 100644
--- a/cmd/podman/machine/init.go
+++ b/cmd/podman/machine/init.go
@@ -26,7 +26,7 @@ var (
var (
initOpts = machine.InitOptions{}
- defaultMachineName = "podman-machine-default"
+ defaultMachineName = machine.DefaultMachineName
now bool
)
@@ -99,6 +99,9 @@ func init() {
IgnitionPathFlagName := "ignition-path"
flags.StringVar(&initOpts.IgnitionPath, IgnitionPathFlagName, "", "Path to ignition file")
_ = initCmd.RegisterFlagCompletionFunc(IgnitionPathFlagName, completion.AutocompleteDefault)
+
+ rootfulFlagName := "rootful"
+ flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container exectution")
}
// TODO should we allow for a users to append to the qemu cmdline?
diff --git a/cmd/podman/machine/set.go b/cmd/podman/machine/set.go
new file mode 100644
index 000000000..c978206f0
--- /dev/null
+++ b/cmd/podman/machine/set.go
@@ -0,0 +1,56 @@
+// +build amd64 arm64
+
+package machine
+
+import (
+ "github.com/containers/common/pkg/completion"
+ "github.com/containers/podman/v4/cmd/podman/registry"
+ "github.com/containers/podman/v4/pkg/machine"
+ "github.com/spf13/cobra"
+)
+
+var (
+ setCmd = &cobra.Command{
+ Use: "set [options] [NAME]",
+ Short: "Sets a virtual machine setting",
+ Long: "Sets an updatable virtual machine setting",
+ RunE: setMachine,
+ Args: cobra.MaximumNArgs(1),
+ Example: `podman machine set --root=false`,
+ ValidArgsFunction: completion.AutocompleteNone,
+ }
+)
+
+var (
+ setOpts = machine.SetOptions{}
+)
+
+func init() {
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Command: setCmd,
+ Parent: machineCmd,
+ })
+ flags := setCmd.Flags()
+
+ rootfulFlagName := "rootful"
+ flags.BoolVar(&setOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution")
+}
+
+func setMachine(cmd *cobra.Command, args []string) error {
+ var (
+ vm machine.VM
+ err error
+ )
+
+ vmName := defaultMachineName
+ if len(args) > 0 && len(args[0]) > 0 {
+ vmName = args[0]
+ }
+ provider := getSystemDefaultProvider()
+ vm, err = provider.LoadVMByName(vmName)
+ if err != nil {
+ return err
+ }
+
+ return vm.Set(vmName, setOpts)
+}
diff --git a/contrib/podmanimage/stable/Dockerfile b/contrib/podmanimage/stable/Dockerfile
index a81c6fd58..78d820458 100644
--- a/contrib/podmanimage/stable/Dockerfile
+++ b/contrib/podmanimage/stable/Dockerfile
@@ -16,8 +16,8 @@ yum -y install podman fuse-overlayfs --exclude container-selinux; \
rm -rf /var/cache /var/log/dnf* /var/log/yum.*
RUN useradd podman; \
-echo podman:10000:5000 > /etc/subuid; \
-echo podman:10000:5000 > /etc/subgid;
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
diff --git a/contrib/podmanimage/testing/Dockerfile b/contrib/podmanimage/testing/Dockerfile
index 0b3e077a6..41af1c849 100644
--- a/contrib/podmanimage/testing/Dockerfile
+++ b/contrib/podmanimage/testing/Dockerfile
@@ -16,8 +16,8 @@ FROM registry.fedoraproject.org/fedora:latest
RUN yum -y update; rpm --restore shadow-utils 2>/dev/null; yum -y install podman fuse-overlayfs --exclude container-selinux --enablerepo updates-testing; rm -rf /var/cache /var/log/dnf* /var/log/yum.*
RUN useradd podman; \
-echo podman:10000:5000 > /etc/subuid; \
-echo podman:10000:5000 > /etc/subgid;
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile
index 4b44c74c2..0769a7612 100644
--- a/contrib/podmanimage/upstream/Dockerfile
+++ b/contrib/podmanimage/upstream/Dockerfile
@@ -65,8 +65,8 @@ RUN yum -y update; rpm --restore shadow-utils 2>/dev/null; yum -y install --exc
yum clean all;
RUN useradd podman; \
-echo podman:10000:5000 > /etc/subuid; \
-echo podman:10000:5000 > /etc/subgid;
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md
index b515e8763..36db5b1cd 100644
--- a/docs/source/markdown/podman-machine-init.1.md
+++ b/docs/source/markdown/podman-machine-init.1.md
@@ -55,6 +55,14 @@ Memory (in MB).
Start the virtual machine immediately after it has been initialized.
+#### **--rootful**=*true|false*
+
+Whether this machine should prefer rootful (`true`) or rootless (`false`)
+container execution. This option will also determine the remote connection default
+if there is no existing remote connection configurations.
+
+API forwarding, if available, will follow this setting.
+
#### **--timezone**
Set the timezone for the machine and containers. Valid values are `local` or
@@ -84,6 +92,7 @@ Print usage statement.
```
$ podman machine init
$ podman machine init myvm
+$ podman machine init --rootful
$ podman machine init --disk-size 50
$ podman machine init --memory=1024 myvm
$ podman machine init -v /Users:/mnt/Users
diff --git a/docs/source/markdown/podman-machine-set.1.md b/docs/source/markdown/podman-machine-set.1.md
new file mode 100644
index 000000000..e69779564
--- /dev/null
+++ b/docs/source/markdown/podman-machine-set.1.md
@@ -0,0 +1,59 @@
+% podman-machine-set(1)
+
+## NAME
+podman\-machine\-set - Sets a virtual machine setting
+
+## SYNOPSIS
+**podman machine set** [*options*] [*name*]
+
+## DESCRIPTION
+
+Sets an updatable virtual machine setting.
+
+Options mirror values passed to `podman machine init`. Only a limited
+subset can be changed after machine initialization.
+
+## OPTIONS
+
+#### **--rootful**=*true|false*
+
+Whether this machine should prefer rootful (`true`) or rootless (`false`)
+container execution. This option will also update the current podman
+remote connection default if it is currently pointing at the specified
+machine name (or `podman-machine-default` if no name is specified).
+
+API forwarding, if available, will follow this setting.
+
+#### **--help**
+
+Print usage statement.
+
+## EXAMPLES
+
+To switch the default VM `podman-machine-default` from rootless to rootful:
+
+```
+$ podman machine set --rootful
+```
+
+or more explicitly:
+
+```
+$ podman machine set --rootful=true
+```
+
+To switch the default VM `podman-machine-default` from rootful to rootless:
+```
+$ podman machine set --rootful=false
+```
+
+To switch the VM `myvm` from rootless to rootful:
+```
+$ podman machine set --rootful myvm
+```
+
+## SEE ALSO
+**[podman(1)](podman.1.md)**, **[podman-machine(1)](podman-machine.1.md)**
+
+## HISTORY
+February 2022, Originally compiled by Jason Greene <jason.greene@redhat.com>
diff --git a/docs/source/markdown/podman-machine.1.md b/docs/source/markdown/podman-machine.1.md
index 8d9e77ea5..3bdfd0be9 100644
--- a/docs/source/markdown/podman-machine.1.md
+++ b/docs/source/markdown/podman-machine.1.md
@@ -16,6 +16,7 @@ podman\-machine - Manage Podman's virtual machine
| init | [podman-machine-init(1)](podman-machine-init.1.md) | Initialize a new virtual machine |
| list | [podman-machine-list(1)](podman-machine-list.1.md) | List virtual machines |
| rm | [podman-machine-rm(1)](podman-machine-rm.1.md) | Remove a virtual machine |
+| set | [podman-machine-set(1)](podman-machine-set.1.md) | Sets a virtual machine setting |
| ssh | [podman-machine-ssh(1)](podman-machine-ssh.1.md) | SSH into a virtual machine |
| start | [podman-machine-start(1)](podman-machine-start.1.md) | Start a virtual machine |
| stop | [podman-machine-stop(1)](podman-machine-stop.1.md) | Stop a virtual machine |
diff --git a/docs/source/markdown/podman-network-ls.1.md b/docs/source/markdown/podman-network-ls.1.md
index 72a3b05e2..d5bdb6a39 100644
--- a/docs/source/markdown/podman-network-ls.1.md
+++ b/docs/source/markdown/podman-network-ls.1.md
@@ -12,20 +12,26 @@ Displays a list of existing podman networks.
## OPTIONS
#### **--filter**, **-f**=*filter=value*
-Filter output based on conditions given.
-Multiple filters can be given with multiple uses of the --filter option.
-Filters with the same key work inclusive with the only exception being
-`label` which is exclusive. Filters with different keys always work exclusive.
-
-Valid filters are listed below:
-
-| **Filter** | **Description** |
-| ---------- | ----------------------------------------------------------------- |
-| name | [Name] Network name (accepts regex) |
-| id | [ID] Full or partial network ID |
-| label | [Key] or [Key=Value] Label assigned to a network |
-| driver | [Driver] `bridge` or ,`macvlan` is supported |
-| until | [Until] Show all networks that were created before the given time |
+Provide filter values.
+
+The *filters* argument format is of `key=value`. If there is more than one *filter*, then pass multiple OPTIONS: **--filter** *foo=bar* **--filter** *bif=baz*.
+
+Supported filters:
+
+| **Filter** | **Description** |
+| ---------- | ------------------------------------------------------------------------------------------------ |
+| driver | Filter by driver type. |
+| id | Filter by full or partial network ID. |
+| label | Filter by network with (or without, in the case of label!=[...] is used) the specified labels. |
+| name | Filter by network name (accepts `regex`). |
+| until | Filter by networks created before given timestamp. |
+
+
+The `driver` filter accepts values: `bridge`, `macvlan`, `ipvlan`.
+
+The `label` *filter* accepts two formats. One is the `label`=*key* or `label`=*key*=*value*, which shows images with the specified labels. The other format is the `label!`=*key* or `label!`=*key*=*value*, which shows images without the specified labels.
+
+The `until` *filter* can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the machine’s time.
#### **--format**=*format*
diff --git a/docs/source/markdown/podman-pod-ps.1.md b/docs/source/markdown/podman-pod-ps.1.md
index a0581df50..8a9c3f7cc 100644
--- a/docs/source/markdown/podman-pod-ps.1.md
+++ b/docs/source/markdown/podman-pod-ps.1.md
@@ -86,25 +86,35 @@ Default: created
#### **--filter**, **-f**=*filter*
-Filter output based on conditions given.
-Multiple filters can be given with multiple uses of the --filter flag.
-Filters with the same key work inclusive with the only exception being
-`label` which is exclusive. Filters with different keys always work exclusive.
-
-Valid filters are listed below:
-
-| **Filter** | **Description** |
-| ---------- | ------------------------------------------------------------------------------------- |
-| id | [ID] Pod's ID (accepts regex) |
-| name | [Name] Pod's name (accepts regex) |
-| label | [Key] or [Key=Value] Label assigned to a container |
-| until | Only list pods created before given timestamp |
-| status | Pod's status: `stopped`, `running`, `paused`, `exited`, `dead`, `created`, `degraded` |
-| network | [Network] name or full ID of network |
-| ctr-names | Container name within the pod (accepts regex) |
-| ctr-ids | Container ID within the pod (accepts regex) |
-| ctr-status | Container status within the pod |
-| ctr-number | Number of containers in the pod |
+Provide filter values.
+
+The *filters* argument format is of `key=value`. If there is more than one *filter*, then pass multiple OPTIONS: **--filter** *foo=bar* **--filter** *bif=baz*.
+
+Supported filters:
+
+| Filter | Description |
+| ---------- | -------------------------------------------------------------------------------------------------- |
+| *ctr-ids* | Filter by container ID within the pod. |
+| *ctr-names* | Filter by container name within the pod. |
+| *ctr-number*| Filter by number of containers in the pod. |
+| *ctr-status*| Filter by container status within the pod. |
+| *id* | Filter by pod ID. |
+| *label* | Filter by container with (or without, in the case of label!=[...] is used) the specified labels. |
+| *name* | Filter by pod name. |
+| *network* | Filter by network name or full ID of network. |
+| *status* | Filter by pod status. |
+| *until* | Filter by pods created before given timestamp. |
+
+The `ctr-ids`, `ctr-names`, `id`, `name` filters accept `regex` format.
+
+The `ctr-status` filter accepts values: `created`, `running`, `paused`, `stopped`, `exited`, `unknown`.
+
+The `label` *filter* accepts two formats. One is the `label`=*key* or `label`=*key*=*value*, which removes containers with the specified labels. The other format is the `label!`=*key* or `label!`=*key*=*value*, which removes containers without the specified labels.
+
+The `until` *filter* can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the machine’s time.
+
+The `status` filter accepts values: `stopped`, `running`, `paused`, `exited`, `dead`, `created`, `degraded`.
+
#### **--help**, **-h**
diff --git a/go.mod b/go.mod
index 79880469b..16b02321c 100644
--- a/go.mod
+++ b/go.mod
@@ -11,13 +11,13 @@ require (
github.com/container-orchestrated-devices/container-device-interface v0.0.0-20220111162300-46367ec063fd
github.com/containernetworking/cni v1.0.1
github.com/containernetworking/plugins v1.0.1
- github.com/containers/buildah v1.24.1
+ github.com/containers/buildah v1.24.2
github.com/containers/common v0.47.4
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.19.1
github.com/containers/ocicrypt v1.1.2
github.com/containers/psgo v1.7.2
- github.com/containers/storage v1.38.2
+ github.com/containers/storage v1.38.3-0.20220214113600-26c561f9a645
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cyphar/filepath-securejoin v0.2.3
diff --git a/go.sum b/go.sum
index b291e068e..4cc0ac839 100644
--- a/go.sum
+++ b/go.sum
@@ -323,9 +323,8 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV
github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
github.com/containernetworking/plugins v1.0.1 h1:wwCfYbTCj5FC0EJgyzyjTXmqysOiJE9r712Z+2KVZAk=
github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containers/buildah v1.24.1 h1:PlvU0hbUsm1x4H9kPcsmqjViqDGnBpSZT3QtZ00RtgI=
-github.com/containers/buildah v1.24.1/go.mod h1:sE7AaoPQYwAB7dleOOKOpzOO3bA8lRUvZRiZcn/RYi0=
-github.com/containers/common v0.47.3/go.mod h1:/VAV4ibC27Lfyb9cxXM4uTYrJFa/7s+utNB052MJdzY=
+github.com/containers/buildah v1.24.2 h1:B+3Drs0oDnaDogZXT75Ktim+P0Yo0O1Da6kuAWX8ID4=
+github.com/containers/buildah v1.24.2/go.mod h1:iA7OJjcSuRhd9+YqHvvnmwUokNnwerXQOA2kt8ARDVw=
github.com/containers/common v0.47.4 h1:kS202Z/bTQIM/pwyuJ+lF8143Uli6AB9Q9OVR0xa9CM=
github.com/containers/common v0.47.4/go.mod h1:HgX0mFXyB0Tbe2REEIp9x9CxET6iSzmHfwR6S/t2LZc=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
@@ -343,8 +342,9 @@ github.com/containers/psgo v1.7.2 h1:WbCvsY9w+nCv3j4der0mbD3PSRUv/W8l+G0YrZrdSDc
github.com/containers/psgo v1.7.2/go.mod h1:SLpqxsPOHtTqRygjutCPXmeU2PoEFzV3gzJplN4BMx0=
github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
github.com/containers/storage v1.38.0/go.mod h1:lBzt28gAk5ADZuRtwdndRJyqX22vnRaXmlF+7ktfMYc=
-github.com/containers/storage v1.38.2 h1:8bAIxnVBGKzMw5EWCivVj24bztQT6IkDp4uHiyhnzwE=
github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZPWprAbAlQWPQ=
+github.com/containers/storage v1.38.3-0.20220214113600-26c561f9a645 h1:2zzCKvfSq9T9zHGVWBygnYMdkBBmEsqXFa9gvWT4AFk=
+github.com/containers/storage v1.38.3-0.20220214113600-26c561f9a645/go.mod h1:ugJrnJvpb6LrUshIYF/9g9YP9D4VTCYP+wShSiuqxN4=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
@@ -407,6 +407,7 @@ github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc
github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=
github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U=
github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
@@ -471,8 +472,9 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
-github.com/fsouza/go-dockerclient v1.7.7 h1:/pLili4Sj42vpzNkjqag8vpsN0ObuusT1EH/MvGX9+4=
github.com/fsouza/go-dockerclient v1.7.7/go.mod h1:njNCXvoZj3sLPjf3yO0DPHf1mdLdCPDYPc14GskKA4Y=
+github.com/fsouza/go-dockerclient v1.7.8 h1:Tp7IYXyvmZsmrCDffMENOv6l2xN2Aw17EThY8Gokq48=
+github.com/fsouza/go-dockerclient v1.7.8/go.mod h1:7cvopLQDrW3dJ5mcx2LzWMBfmpv/fq7MZUEPcQlAtLw=
github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
@@ -611,8 +613,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM=
github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
@@ -935,8 +938,9 @@ github.com/moby/sys/mount v0.2.0 h1:WhCW5B355jtxndN5ovugJlMFJawbUODuW8fSnEH6SSM=
github.com/moby/sys/mount v0.2.0/go.mod h1:aAivFE2LB3W4bACsUXChRHQ0qKWsetY4Y9V7sxOougM=
github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
+github.com/moby/sys/mountinfo v0.6.0 h1:gUDhXQx58YNrpHlK4nSL+7y2pxFZkUcXqzFDKWdC0Oo=
+github.com/moby/sys/mountinfo v0.6.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
index 97237f5e5..efb1eda15 100644
--- a/pkg/machine/config.go
+++ b/pkg/machine/config.go
@@ -27,6 +27,7 @@ type InitOptions struct {
URI url.URL
Username string
ReExec bool
+ Rootful bool
}
type QemuMachineStatus = string
@@ -35,7 +36,8 @@ const (
// Running indicates the qemu vm is running
Running QemuMachineStatus = "running"
// Stopped indicates the vm has stopped
- Stopped QemuMachineStatus = "stopped"
+ Stopped QemuMachineStatus = "stopped"
+ DefaultMachineName string = "podman-machine-default"
)
type Provider interface {
@@ -89,6 +91,10 @@ type ListResponse struct {
IdentityPath string
}
+type SetOptions struct {
+ Rootful bool
+}
+
type SSHOptions struct {
Username string
Args []string
@@ -107,6 +113,7 @@ type RemoveOptions struct {
type VM interface {
Init(opts InitOptions) (bool, error)
Remove(name string, opts RemoveOptions) (string, func() error, error)
+ Set(name string, opts SetOptions) error
SSH(name string, opts SSHOptions) error
Start(name string, opts StartOptions) error
Stop(name string, opts StopOptions) error
diff --git a/pkg/machine/connection.go b/pkg/machine/connection.go
index d28ffcef1..841b2afa6 100644
--- a/pkg/machine/connection.go
+++ b/pkg/machine/connection.go
@@ -39,6 +39,31 @@ func AddConnection(uri fmt.Stringer, name, identity string, isDefault bool) erro
return cfg.Write()
}
+func AnyConnectionDefault(name ...string) (bool, error) {
+ cfg, err := config.ReadCustomConfig()
+ if err != nil {
+ return false, err
+ }
+ for _, n := range name {
+ if n == cfg.Engine.ActiveService {
+ return true, nil
+ }
+ }
+
+ return false, nil
+}
+
+func ChangeDefault(name string) error {
+ cfg, err := config.ReadCustomConfig()
+ if err != nil {
+ return err
+ }
+
+ cfg.Engine.ActiveService = name
+
+ return cfg.Write()
+}
+
func RemoveConnection(name string) error {
cfg, err := config.ReadCustomConfig()
if err != nil {
diff --git a/pkg/machine/qemu/claim_darwin.go b/pkg/machine/qemu/claim_darwin.go
new file mode 100644
index 000000000..66aed9ad8
--- /dev/null
+++ b/pkg/machine/qemu/claim_darwin.go
@@ -0,0 +1,63 @@
+package qemu
+
+import (
+ "fmt"
+ "io/ioutil"
+ "net"
+ "os"
+ "os/user"
+ "path/filepath"
+ "time"
+)
+
+func dockerClaimSupported() bool {
+ return true
+}
+
+func dockerClaimHelperInstalled() bool {
+ u, err := user.Current()
+ if err != nil {
+ return false
+ }
+
+ labelName := fmt.Sprintf("com.github.containers.podman.helper-%s", u.Username)
+ fileName := filepath.Join("/Library", "LaunchDaemons", labelName+".plist")
+ info, err := os.Stat(fileName)
+ return err == nil && info.Mode().IsRegular()
+}
+
+func claimDockerSock() bool {
+ u, err := user.Current()
+ if err != nil {
+ return false
+ }
+
+ helperSock := fmt.Sprintf("/var/run/podman-helper-%s.socket", u.Username)
+ con, err := net.DialTimeout("unix", helperSock, time.Second*5)
+ if err != nil {
+ return false
+ }
+ _ = con.SetWriteDeadline(time.Now().Add(time.Second * 5))
+ _, err = fmt.Fprintln(con, "GO")
+ if err != nil {
+ return false
+ }
+ _ = con.SetReadDeadline(time.Now().Add(time.Second * 5))
+ read, err := ioutil.ReadAll(con)
+
+ return err == nil && string(read) == "OK"
+}
+
+func findClaimHelper() string {
+ exe, err := os.Executable()
+ if err != nil {
+ return ""
+ }
+
+ exe, err = filepath.EvalSymlinks(exe)
+ if err != nil {
+ return ""
+ }
+
+ return filepath.Join(filepath.Dir(exe), "podman-mac-helper")
+}
diff --git a/pkg/machine/qemu/claim_unsupported.go b/pkg/machine/qemu/claim_unsupported.go
new file mode 100644
index 000000000..e0b3dd3d3
--- /dev/null
+++ b/pkg/machine/qemu/claim_unsupported.go
@@ -0,0 +1,20 @@
+//go:build !darwin && !windows
+// +build !darwin,!windows
+
+package qemu
+
+func dockerClaimHelperInstalled() bool {
+ return false
+}
+
+func claimDockerSock() bool {
+ return false
+}
+
+func dockerClaimSupported() bool {
+ return false
+}
+
+func findClaimHelper() string {
+ return ""
+}
diff --git a/pkg/machine/qemu/config.go b/pkg/machine/qemu/config.go
index e76509bb1..c619b7dd4 100644
--- a/pkg/machine/qemu/config.go
+++ b/pkg/machine/qemu/config.go
@@ -33,6 +33,8 @@ type MachineVM struct {
QMPMonitor Monitor
// RemoteUsername of the vm user
RemoteUsername string
+ // Whether this machine should run in a rootful or rootless manner
+ Rootful bool
}
type Mount struct {
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 240442e49..9beec2173 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -5,11 +5,15 @@ package qemu
import (
"bufio"
+ "context"
"encoding/base64"
"encoding/json"
"fmt"
+ "io/fs"
"io/ioutil"
"net"
+ "net/http"
+ "net/url"
"os"
"os/exec"
"path/filepath"
@@ -39,8 +43,21 @@ func GetQemuProvider() machine.Provider {
}
const (
- VolumeTypeVirtfs = "virtfs"
- MountType9p = "9p"
+ VolumeTypeVirtfs = "virtfs"
+ MountType9p = "9p"
+ dockerSock = "/var/run/docker.sock"
+ dockerConnectTimeout = 5 * time.Second
+ apiUpTimeout = 20 * time.Second
+)
+
+type apiForwardingState int
+
+const (
+ noForwarding apiForwardingState = iota
+ claimUnsupported
+ notInstalled
+ machineLocal
+ dockerGlobal
)
// NewMachine initializes an instance of a virtual machine based on the qemu
@@ -150,14 +167,8 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
key string
)
sshDir := filepath.Join(homedir.Get(), ".ssh")
- // GetConfDir creates the directory so no need to check for
- // its existence
- vmConfigDir, err := machine.GetConfDir(vmtype)
- if err != nil {
- return false, err
- }
- jsonFile := filepath.Join(vmConfigDir, v.Name) + ".json"
v.IdentityPath = filepath.Join(sshDir, v.Name)
+ v.Rootful = opts.Rootful
switch opts.ImagePath {
case "testing", "next", "stable", "":
@@ -240,29 +251,33 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
// This kind of stinks but no other way around this r/n
if len(opts.IgnitionPath) < 1 {
uri := machine.SSHRemoteConnection.MakeSSHURL("localhost", "/run/user/1000/podman/podman.sock", strconv.Itoa(v.Port), v.RemoteUsername)
- if err := machine.AddConnection(&uri, v.Name, filepath.Join(sshDir, v.Name), opts.IsDefault); err != nil {
- return false, err
+ uriRoot := machine.SSHRemoteConnection.MakeSSHURL("localhost", "/run/podman/podman.sock", strconv.Itoa(v.Port), "root")
+ identity := filepath.Join(sshDir, v.Name)
+
+ uris := []url.URL{uri, uriRoot}
+ names := []string{v.Name, v.Name + "-root"}
+
+ // The first connection defined when connections is empty will become the default
+ // regardless of IsDefault, so order according to rootful
+ if opts.Rootful {
+ uris[0], names[0], uris[1], names[1] = uris[1], names[1], uris[0], names[0]
}
- uriRoot := machine.SSHRemoteConnection.MakeSSHURL("localhost", "/run/podman/podman.sock", strconv.Itoa(v.Port), "root")
- if err := machine.AddConnection(&uriRoot, v.Name+"-root", filepath.Join(sshDir, v.Name), opts.IsDefault); err != nil {
- return false, err
+ for i := 0; i < 2; i++ {
+ if err := machine.AddConnection(&uris[i], names[i], identity, opts.IsDefault && i == 0); err != nil {
+ return false, err
+ }
}
} else {
fmt.Println("An ignition path was provided. No SSH connection was added to Podman")
}
// Write the JSON file
- b, err := json.MarshalIndent(v, "", " ")
- if err != nil {
- return false, err
- }
- if err := ioutil.WriteFile(jsonFile, b, 0644); err != nil {
- return false, err
- }
+ v.writeConfig()
// User has provided ignition file so keygen
// will be skipped.
if len(opts.IgnitionPath) < 1 {
+ var err error
key, err = machine.CreateSSHKeys(v.IdentityPath)
if err != nil {
return false, err
@@ -309,6 +324,30 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
return err == nil, err
}
+func (v *MachineVM) Set(name string, opts machine.SetOptions) error {
+ if v.Rootful == opts.Rootful {
+ return nil
+ }
+
+ changeCon, err := machine.AnyConnectionDefault(v.Name, v.Name+"-root")
+ if err != nil {
+ return err
+ }
+
+ if changeCon {
+ newDefault := v.Name
+ if opts.Rootful {
+ newDefault += "-root"
+ }
+ if err := machine.ChangeDefault(newDefault); err != nil {
+ return err
+ }
+ }
+
+ v.Rootful = opts.Rootful
+ return v.writeConfig()
+}
+
// Start executes the qemu command line and forks it
func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
var (
@@ -318,7 +357,8 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
wait time.Duration = time.Millisecond * 500
)
- if err := v.startHostNetworking(); err != nil {
+ forwardSock, forwardState, err := v.startHostNetworking()
+ if err != nil {
return errors.Errorf("unable to start host networking: %q", err)
}
@@ -439,6 +479,9 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
return fmt.Errorf("unknown mount type: %s", mount.Type)
}
}
+
+ waitAPIAndPrintInfo(forwardState, forwardSock, v.Rootful, v.Name)
+
return nil
}
@@ -869,19 +912,19 @@ func (p *Provider) CheckExclusiveActiveVM() (bool, string, error) {
// startHostNetworking runs a binary on the host system that allows users
// to setup port forwarding to the podman virtual machine
-func (v *MachineVM) startHostNetworking() error {
+func (v *MachineVM) startHostNetworking() (string, apiForwardingState, error) {
cfg, err := config.Default()
if err != nil {
- return err
+ return "", noForwarding, err
}
binary, err := cfg.FindHelperBinary(machine.ForwarderBinaryName, false)
if err != nil {
- return err
+ return "", noForwarding, err
}
qemuSocket, pidFile, err := v.getSocketandPid()
if err != nil {
- return err
+ return "", noForwarding, err
}
attr := new(os.ProcAttr)
// Pass on stdin, stdout, stderr
@@ -891,12 +934,82 @@ func (v *MachineVM) startHostNetworking() error {
cmd = append(cmd, []string{"-listen-qemu", fmt.Sprintf("unix://%s", qemuSocket), "-pid-file", pidFile}...)
// Add the ssh port
cmd = append(cmd, []string{"-ssh-port", fmt.Sprintf("%d", v.Port)}...)
+
+ cmd, forwardSock, state := v.setupAPIForwarding(cmd)
+
if logrus.GetLevel() == logrus.DebugLevel {
cmd = append(cmd, "--debug")
fmt.Println(cmd)
}
_, err = os.StartProcess(cmd[0], cmd, attr)
- return err
+ return forwardSock, state, err
+}
+
+func (v *MachineVM) setupAPIForwarding(cmd []string) ([]string, string, apiForwardingState) {
+ socket, err := v.getForwardSocketPath()
+
+ if err != nil {
+ return cmd, "", noForwarding
+ }
+
+ destSock := "/run/user/1000/podman/podman.sock"
+ forwardUser := "core"
+
+ if v.Rootful {
+ destSock = "/run/podman/podman.sock"
+ forwardUser = "root"
+ }
+
+ cmd = append(cmd, []string{"-forward-sock", socket}...)
+ cmd = append(cmd, []string{"-forward-dest", destSock}...)
+ cmd = append(cmd, []string{"-forward-user", forwardUser}...)
+ cmd = append(cmd, []string{"-forward-identity", v.IdentityPath}...)
+ link := filepath.Join(filepath.Dir(filepath.Dir(socket)), "podman.sock")
+
+ // The linking pattern is /var/run/docker.sock -> user global sock (link) -> machine sock (socket)
+ // This allows the helper to only have to maintain one constant target to the user, which can be
+ // repositioned without updating docker.sock.
+ if !dockerClaimSupported() {
+ return cmd, socket, claimUnsupported
+ }
+
+ if !dockerClaimHelperInstalled() {
+ return cmd, socket, notInstalled
+ }
+
+ if !alreadyLinked(socket, link) {
+ if checkSockInUse(link) {
+ return cmd, socket, machineLocal
+ }
+
+ _ = os.Remove(link)
+ if err = os.Symlink(socket, link); err != nil {
+ logrus.Warnf("could not create user global API forwarding link: %s", err.Error())
+ return cmd, socket, machineLocal
+ }
+ }
+
+ if !alreadyLinked(link, dockerSock) {
+ if checkSockInUse(dockerSock) {
+ return cmd, socket, machineLocal
+ }
+
+ if !claimDockerSock() {
+ logrus.Warn("podman helper is installed, but was not able to claim the global docker sock")
+ return cmd, socket, machineLocal
+ }
+ }
+
+ return cmd, dockerSock, dockerGlobal
+}
+
+func (v *MachineVM) getForwardSocketPath() (string, error) {
+ path, err := machine.GetDataDir(v.Name)
+ if err != nil {
+ logrus.Errorf("Error resolving data dir: %s", err.Error())
+ return "", nil
+ }
+ return filepath.Join(path, "podman.sock"), nil
}
func (v *MachineVM) getSocketandPid() (string, string, error) {
@@ -912,3 +1025,103 @@ func (v *MachineVM) getSocketandPid() (string, string, error) {
qemuSocket := filepath.Join(socketDir, fmt.Sprintf("qemu_%s.sock", v.Name))
return qemuSocket, pidFile, nil
}
+
+func checkSockInUse(sock string) bool {
+ if info, err := os.Stat(sock); err == nil && info.Mode()&fs.ModeSocket == fs.ModeSocket {
+ _, err = net.DialTimeout("unix", dockerSock, dockerConnectTimeout)
+ return err == nil
+ }
+
+ return false
+}
+
+func alreadyLinked(target string, link string) bool {
+ read, err := os.Readlink(link)
+ return err == nil && read == target
+}
+
+func waitAndPingAPI(sock string) {
+ client := http.Client{
+ Transport: &http.Transport{
+ DialContext: func(context.Context, string, string) (net.Conn, error) {
+ con, err := net.DialTimeout("unix", sock, apiUpTimeout)
+ if err == nil {
+ con.SetDeadline(time.Now().Add(apiUpTimeout))
+ }
+ return con, err
+ },
+ },
+ }
+
+ resp, err := client.Get("http://host/_ping")
+ if err == nil {
+ defer resp.Body.Close()
+ }
+ if err != nil || resp.StatusCode != 200 {
+ logrus.Warn("API socket failed ping test")
+ }
+}
+
+func waitAPIAndPrintInfo(forwardState apiForwardingState, forwardSock string, rootFul bool, name string) {
+ if forwardState != noForwarding {
+ waitAndPingAPI(forwardSock)
+ if !rootFul {
+ fmt.Printf("\nThis machine is currently configured in rootless mode. If your containers\n")
+ fmt.Printf("require root permissions (e.g. ports < 1024), or if you run into compatibility\n")
+ fmt.Printf("issues with non-podman clients, you can switch using the following command: \n")
+
+ suffix := ""
+ if name != machine.DefaultMachineName {
+ suffix = " " + name
+ }
+ fmt.Printf("\n\tpodman machine set --rootful%s\n\n", suffix)
+ }
+
+ fmt.Printf("API forwarding listening on: %s\n", forwardSock)
+ if forwardState == dockerGlobal {
+ fmt.Printf("Docker API clients default to this address. You do not need to set DOCKER_HOST.\n\n")
+ } else {
+ stillString := "still "
+ switch forwardState {
+ case notInstalled:
+ fmt.Printf("\nThe system helper service is not installed; the default Docker API socket\n")
+ fmt.Printf("address can't be used by podman. ")
+ if helper := findClaimHelper(); len(helper) > 0 {
+ fmt.Printf("If you would like to install it run the\nfollowing command:\n")
+ fmt.Printf("\n\tsudo %s install\n\n", helper)
+ }
+ case machineLocal:
+ fmt.Printf("\nAnother process was listening on the default Docker API socket address.\n")
+ case claimUnsupported:
+ fallthrough
+ default:
+ stillString = ""
+ }
+
+ fmt.Printf("You can %sconnect Docker API clients by setting DOCKER_HOST using the\n", stillString)
+ fmt.Printf("following command in your terminal session:\n")
+ fmt.Printf("\n\texport DOCKER_HOST='unix://%s'\n\n", forwardSock)
+ }
+ }
+}
+
+func (v *MachineVM) writeConfig() error {
+ // GetConfDir creates the directory so no need to check for
+ // its existence
+ vmConfigDir, err := machine.GetConfDir(vmtype)
+ if err != nil {
+ return err
+ }
+
+ jsonFile := filepath.Join(vmConfigDir, v.Name) + ".json"
+ // Write the JSON file
+ b, err := json.MarshalIndent(v, "", " ")
+ if err != nil {
+ return err
+ }
+ if err := ioutil.WriteFile(jsonFile, b, 0644); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go
index 3edf3ddf6..5b0c757f0 100644
--- a/pkg/machine/wsl/machine.go
+++ b/pkg/machine/wsl/machine.go
@@ -1,3 +1,4 @@
+//go:build windows
// +build windows
package wsl
@@ -8,6 +9,7 @@ import (
"fmt"
"io"
"io/ioutil"
+ "net/url"
"os"
"os/exec"
"path/filepath"
@@ -35,9 +37,6 @@ const (
ErrorSuccessRebootRequired = 3010
)
-// Usermode networking avoids potential nftables compatibility issues between the distro
-// and the WSL Kernel. Additionally it avoids fw rule conflicts between distros, since
-// all instances run under the same Kernel at runtime
const containersConf = `[containers]
[engine]
@@ -162,6 +161,8 @@ type MachineVM struct {
Port int
// RemoteUsername of the vm user
RemoteUsername string
+ // Whether this machine should run in a rootful or rootless manner
+ Rootful bool
}
type ExitCodeError struct {
@@ -227,12 +228,13 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
homeDir := homedir.Get()
sshDir := filepath.Join(homeDir, ".ssh")
v.IdentityPath = filepath.Join(sshDir, v.Name)
+ v.Rootful = opts.Rootful
if err := downloadDistro(v, opts); err != nil {
return false, err
}
- if err := writeJSON(v); err != nil {
+ if err := v.writeConfig(); err != nil {
return false, err
}
@@ -282,7 +284,7 @@ func downloadDistro(v *MachineVM, opts machine.InitOptions) error {
return machine.DownloadImage(dd)
}
-func writeJSON(v *MachineVM) error {
+func (v *MachineVM) writeConfig() error {
vmConfigDir, err := machine.GetConfDir(vmtype)
if err != nil {
return err
@@ -302,14 +304,26 @@ func writeJSON(v *MachineVM) error {
}
func setupConnections(v *MachineVM, opts machine.InitOptions, sshDir string) error {
+ uri := machine.SSHRemoteConnection.MakeSSHURL("localhost", "/run/user/1000/podman/podman.sock", strconv.Itoa(v.Port), v.RemoteUsername)
uriRoot := machine.SSHRemoteConnection.MakeSSHURL("localhost", "/run/podman/podman.sock", strconv.Itoa(v.Port), "root")
- if err := machine.AddConnection(&uriRoot, v.Name+"-root", filepath.Join(sshDir, v.Name), opts.IsDefault); err != nil {
- return err
+ identity := filepath.Join(sshDir, v.Name)
+
+ uris := []url.URL{uri, uriRoot}
+ names := []string{v.Name, v.Name + "-root"}
+
+ // The first connection defined when connections is empty will become the default
+ // regardless of IsDefault, so order according to rootful
+ if opts.Rootful {
+ uris[0], names[0], uris[1], names[1] = uris[1], names[1], uris[0], names[0]
+ }
+
+ for i := 0; i < 2; i++ {
+ if err := machine.AddConnection(&uris[i], names[i], identity, opts.IsDefault && i == 0); err != nil {
+ return err
+ }
}
- user := opts.Username
- uri := machine.SSHRemoteConnection.MakeSSHURL("localhost", withUser("/run/[USER]/1000/podman/podman.sock", user), strconv.Itoa(v.Port), v.RemoteUsername)
- return machine.AddConnection(&uri, v.Name, filepath.Join(sshDir, v.Name), opts.IsDefault)
+ return nil
}
func provisionWSLDist(v *MachineVM) (string, error) {
@@ -335,6 +349,16 @@ func provisionWSLDist(v *MachineVM) (string, error) {
return "", errors.Wrap(err, "package upgrade on guest OS failed")
}
+ fmt.Println("Enabling Copr")
+ if err = runCmdPassThrough("wsl", "-d", dist, "dnf", "install", "-y", "'dnf-command(copr)'"); err != nil {
+ return "", errors.Wrap(err, "enabling copr failed")
+ }
+
+ fmt.Println("Enabling podman4 repo")
+ if err = runCmdPassThrough("wsl", "-d", dist, "dnf", "-y", "copr", "enable", "rhcontainerbot/podman4"); err != nil {
+ return "", errors.Wrap(err, "enabling copr failed")
+ }
+
if err = runCmdPassThrough("wsl", "-d", dist, "dnf", "install",
"podman", "podman-docker", "openssh-server", "procps-ng", "-y"); err != nil {
return "", errors.Wrap(err, "package installation on guest OS failed")
@@ -704,6 +728,30 @@ func pipeCmdPassThrough(name string, input string, arg ...string) error {
return cmd.Run()
}
+func (v *MachineVM) Set(name string, opts machine.SetOptions) error {
+ if v.Rootful == opts.Rootful {
+ return nil
+ }
+
+ changeCon, err := machine.AnyConnectionDefault(v.Name, v.Name+"-root")
+ if err != nil {
+ return err
+ }
+
+ if changeCon {
+ newDefault := v.Name
+ if opts.Rootful {
+ newDefault += "-root"
+ }
+ if err := machine.ChangeDefault(newDefault); err != nil {
+ return err
+ }
+ }
+
+ v.Rootful = opts.Rootful
+ return v.writeConfig()
+}
+
func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
if v.isRunning() {
return errors.Errorf("%q is already running", name)
@@ -716,6 +764,18 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
return errors.Wrap(err, "WSL bootstrap script failed")
}
+ if !v.Rootful {
+ fmt.Printf("\nThis machine is currently configured in rootless mode. If your containers\n")
+ fmt.Printf("require root permissions (e.g. ports < 1024), or if you run into compatibility\n")
+ fmt.Printf("issues with non-podman clients, you can switch using the following command: \n")
+
+ suffix := ""
+ if name != machine.DefaultMachineName {
+ suffix = " " + name
+ }
+ fmt.Printf("\n\tpodman machine set --rootful%s\n\n", suffix)
+ }
+
globalName, pipeName, err := launchWinProxy(v)
if err != nil {
fmt.Fprintln(os.Stderr, "API forwarding for Docker API clients is not available due to the following startup failures.")
diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go
index 6b9624ebb..2bd79b186 100644
--- a/pkg/specgenutil/volumes.go
+++ b/pkg/specgenutil/volumes.go
@@ -356,7 +356,11 @@ func getBindMount(args []string) (spec.Mount, error) {
}
setOwnership = true
case "idmap":
- newMount.Options = append(newMount.Options, "idmap")
+ if len(kv) > 1 {
+ newMount.Options = append(newMount.Options, fmt.Sprintf("idmap=%s", kv[1]))
+ } else {
+ newMount.Options = append(newMount.Options, "idmap")
+ }
case "consistency":
// Often used on MACs and mistakenly on Linux platforms.
// Since Docker ignores this option so shall we.
diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go
index d8b14c0df..2a0101791 100644
--- a/pkg/util/mountOpts.go
+++ b/pkg/util/mountOpts.go
@@ -45,14 +45,18 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string
}
}
- switch splitOpt[0] {
- case "O":
- foundOverlay = true
- case "idmap":
+ if strings.HasPrefix(splitOpt[0], "idmap") {
if foundIdmap {
return nil, errors.Wrapf(ErrDupeMntOption, "the 'idmap' option can only be set once")
}
foundIdmap = true
+ newOptions = append(newOptions, opt)
+ continue
+ }
+
+ switch splitOpt[0] {
+ case "O":
+ foundOverlay = true
case "exec", "noexec":
if foundExec {
return nil, errors.Wrapf(ErrDupeMntOption, "only one of 'noexec' and 'exec' can be used")
diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
index 288137ca5..1cffab19d 100644
--- a/pkg/util/utils_linux.go
+++ b/pkg/util/utils_linux.go
@@ -39,8 +39,10 @@ func FindDeviceNodes() (map[string]string, error) {
if !ok {
return errors.Errorf("Could not convert stat output for use")
}
- major := sysstat.Rdev / 256
- minor := sysstat.Rdev % 256
+ // We must typeconvert sysstat.Rdev from uint64->int to avoid constant overflow
+ rdev := int(sysstat.Rdev)
+ major := ((rdev >> 8) & 0xfff) | ((rdev >> 32) & ^0xfff)
+ minor := (rdev & 0xff) | ((rdev >> 12) & ^0xff)
nodes[fmt.Sprintf("%d:%d", major, minor)] = path
diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go
index 0a4d9b134..d34c911ad 100644
--- a/test/e2e/images_test.go
+++ b/test/e2e/images_test.go
@@ -186,24 +186,24 @@ WORKDIR /test
Expect(result.OutputToString()).To(Equal("/test"))
})
- It("podman images filter since image", func() {
- dockerfile := `FROM quay.io/libpod/alpine:latest
+ It("podman images filter since/after image", func() {
+ dockerfile := `FROM scratch
`
- podmanTest.BuildImage(dockerfile, "foobar.com/before:latest", "false")
- result := podmanTest.Podman([]string{"images", "-q", "-f", "since=quay.io/libpod/alpine:latest"})
+ podmanTest.BuildImage(dockerfile, "foobar.com/one:latest", "false")
+ podmanTest.BuildImage(dockerfile, "foobar.com/two:latest", "false")
+ podmanTest.BuildImage(dockerfile, "foobar.com/three:latest", "false")
+
+ // `since` filter
+ result := podmanTest.PodmanNoCache([]string{"images", "-q", "-f", "since=foobar.com/one:latest"})
result.WaitWithDefaultTimeout()
Expect(result).Should(Exit(0))
- Expect(result.OutputToStringArray()).To(HaveLen(9))
- })
+ Expect(result.OutputToStringArray()).To(HaveLen(2))
- It("podman image list filter after image", func() {
- dockerfile := `FROM quay.io/libpod/alpine:latest
-`
- podmanTest.BuildImage(dockerfile, "foobar.com/before:latest", "false")
- result := podmanTest.Podman([]string{"image", "list", "-q", "-f", "after=quay.io/libpod/alpine:latest"})
+ // `after` filter
+ result = podmanTest.Podman([]string{"image", "list", "-q", "-f", "after=foobar.com/one:latest"})
result.WaitWithDefaultTimeout()
Expect(result).Should(Exit(0))
- Expect(result.OutputToStringArray()).Should(HaveLen(9), "list filter output: %q", result.OutputToString())
+ Expect(result.OutputToStringArray()).Should(HaveLen(2), "list filter output: %q", result.OutputToString())
})
It("podman images filter dangling", func() {
diff --git a/test/e2e/volume_plugin_test.go b/test/e2e/volume_plugin_test.go
index 959a44bb8..fd205805d 100644
--- a/test/e2e/volume_plugin_test.go
+++ b/test/e2e/volume_plugin_test.go
@@ -166,11 +166,13 @@ var _ = Describe("Podman volume plugins", func() {
create.WaitWithDefaultTimeout()
Expect(create).Should(Exit(0))
- ctr1 := podmanTest.Podman([]string{"run", "--security-opt", "label=disable", "-v", fmt.Sprintf("%v:/test", volName), ALPINE, "sh", "-c", "touch /test/testfile && echo helloworld > /test/testfile"})
+ ctr1Name := "ctr1"
+ ctr1 := podmanTest.Podman([]string{"run", "--security-opt", "label=disable", "--name", ctr1Name, "-v", fmt.Sprintf("%v:/test", volName), ALPINE, "sh", "-c", "touch /test/testfile && echo helloworld > /test/testfile"})
ctr1.WaitWithDefaultTimeout()
Expect(ctr1).Should(Exit(0))
- ctr2 := podmanTest.Podman([]string{"run", "--security-opt", "label=disable", "-v", fmt.Sprintf("%v:/test", volName), ALPINE, "cat", "/test/testfile"})
+ ctr2Name := "ctr2"
+ ctr2 := podmanTest.Podman([]string{"run", "--security-opt", "label=disable", "--name", ctr2Name, "-v", fmt.Sprintf("%v:/test", volName), ALPINE, "cat", "/test/testfile"})
ctr2.WaitWithDefaultTimeout()
Expect(ctr2).Should(Exit(0))
Expect(ctr2.OutputToString()).To(ContainSubstring("helloworld"))
@@ -178,7 +180,7 @@ var _ = Describe("Podman volume plugins", func() {
// HACK: `volume rm -f` is timing out trying to remove containers using the volume.
// Solution: remove them manually...
// TODO: fix this when I get back
- rmAll := podmanTest.Podman([]string{"rm", "-af"})
+ rmAll := podmanTest.Podman([]string{"rm", "-f", ctr2Name, ctr1Name})
rmAll.WaitWithDefaultTimeout()
Expect(rmAll).Should(Exit(0))
})
diff --git a/test/python/docker/compat/test_images.py b/test/python/docker/compat/test_images.py
index 485a0e419..05d0e3e12 100644
--- a/test/python/docker/compat/test_images.py
+++ b/test/python/docker/compat/test_images.py
@@ -87,7 +87,8 @@ class TestImages(unittest.TestCase):
def test_search_image(self):
"""Search for image"""
for r in self.client.images.search("alpine"):
- self.assertIn("alpine", r["Name"])
+ # registry matches if string is in either one
+ self.assertIn("alpine", r["Name"]+" "+r["Description"].lower())
def test_search_bogus_image(self):
"""Search for bogus image should throw exception"""
diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml
index ec954630c..38e698ef9 100644
--- a/vendor/github.com/containers/buildah/.cirrus.yml
+++ b/vendor/github.com/containers/buildah/.cirrus.yml
@@ -29,7 +29,7 @@ env:
PRIOR_FEDORA_NAME: "fedora-34"
UBUNTU_NAME: "ubuntu-2110"
- IMAGE_SUFFIX: "c4560539387953152"
+ IMAGE_SUFFIX: "c4764556961513472"
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 469031925..5b2996e37 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,6 +2,19 @@
# Changelog
+## v1.24.2 (2022-02-16)
+
+ Increase subuid/subgid to 65535
+ history: only add proxy vars to history if specified
+ run_linux: use --systemd-cgroup
+ buildah: new global option --cgroup-manager
+ Makefile: build with systemd when available
+ build(deps): bump github.com/fsouza/go-dockerclient from 1.7.7 to 1.7.8
+ Bump c/common to v0.47.4
+ Cirrus: Use updated VM images
+ conformance: add a few "replace-directory-with-symlink" tests
+ Bump back to v1.25.0-dev
+
## v1.24.1 (2022-02-03)
executor: Add support for inline --platform within Dockerfile
diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile
index f3d1ee817..8a10dfa05 100644
--- a/vendor/github.com/containers/buildah/Makefile
+++ b/vendor/github.com/containers/buildah/Makefile
@@ -3,7 +3,7 @@ export GOPROXY=https://proxy.golang.org
APPARMORTAG := $(shell hack/apparmor_tag.sh)
STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./libdm_tag.sh) $(shell ./hack/libsubid_tag.sh)
SECURITYTAGS ?= seccomp $(APPARMORTAG)
-TAGS ?= $(SECURITYTAGS) $(STORAGETAGS)
+TAGS ?= $(SECURITYTAGS) $(STORAGETAGS) $(shell ./hack/systemd_tag.sh)
BUILDTAGS += $(TAGS)
PREFIX := /usr/local
BINDIR := $(PREFIX)/bin
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index 6547f70c5..7351a7906 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,3 +1,15 @@
+- Changelog for v1.24.2 (2022-02-16)
+ * Increase subuid/subgid to 65535
+ * history: only add proxy vars to history if specified
+ * run_linux: use --systemd-cgroup
+ * buildah: new global option --cgroup-manager
+ * Makefile: build with systemd when available
+ * build(deps): bump github.com/fsouza/go-dockerclient from 1.7.7 to 1.7.8
+ * Bump c/common to v0.47.4
+ * Cirrus: Use updated VM images
+ * conformance: add a few "replace-directory-with-symlink" tests
+ * Bump back to v1.25.0-dev
+
- Changelog for v1.24.1 (2022-02-03)
* executor: Add support for inline --platform within Dockerfile
* caps: fix buildah run --cap-add=all
diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go
index 63a5bf2fb..ae7e0b196 100644
--- a/vendor/github.com/containers/buildah/define/types.go
+++ b/vendor/github.com/containers/buildah/define/types.go
@@ -29,7 +29,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.24.1"
+ Version = "1.24.2"
// DefaultRuntime if containers.conf fails.
DefaultRuntime = "runc"
diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod
index 5a4e22aea..974f6f9a4 100644
--- a/vendor/github.com/containers/buildah/go.mod
+++ b/vendor/github.com/containers/buildah/go.mod
@@ -5,15 +5,15 @@ go 1.13
require (
github.com/containerd/containerd v1.5.9
github.com/containernetworking/cni v1.0.1
- github.com/containers/common v0.47.3
+ github.com/containers/common v0.47.4
github.com/containers/image/v5 v5.19.1
github.com/containers/ocicrypt v1.1.2
github.com/containers/storage v1.38.2
- github.com/docker/distribution v2.7.1+incompatible
+ github.com/docker/distribution v2.8.0+incompatible
github.com/docker/docker v20.10.12+incompatible
github.com/docker/go-units v0.4.0
github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316
- github.com/fsouza/go-dockerclient v1.7.7
+ github.com/fsouza/go-dockerclient v1.7.8
github.com/ghodss/yaml v1.0.0
github.com/hashicorp/go-multierror v1.1.1
github.com/ishidawataru/sctp v0.0.0-20210226210310-f2269e66cdee // indirect
diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum
index df47d2fc3..bf12a1430 100644
--- a/vendor/github.com/containers/buildah/go.sum
+++ b/vendor/github.com/containers/buildah/go.sum
@@ -277,8 +277,8 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV
github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
github.com/containernetworking/plugins v1.0.1 h1:wwCfYbTCj5FC0EJgyzyjTXmqysOiJE9r712Z+2KVZAk=
github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containers/common v0.47.3 h1:pRT7gkLrBSQe3075j5hoHYeeKpGTWBJHws+tS5xxfak=
-github.com/containers/common v0.47.3/go.mod h1:/VAV4ibC27Lfyb9cxXM4uTYrJFa/7s+utNB052MJdzY=
+github.com/containers/common v0.47.4 h1:kS202Z/bTQIM/pwyuJ+lF8143Uli6AB9Q9OVR0xa9CM=
+github.com/containers/common v0.47.4/go.mod h1:HgX0mFXyB0Tbe2REEIp9x9CxET6iSzmHfwR6S/t2LZc=
github.com/containers/image/v5 v5.19.1 h1:g4/+XIuh1kRoRn2MfLDhfHhkNOIO9JtqhSyo55tjpfE=
github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE=
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE=
@@ -337,9 +337,11 @@ github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyG
github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=
+github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U=
github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
@@ -390,8 +392,9 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
-github.com/fsouza/go-dockerclient v1.7.7 h1:/pLili4Sj42vpzNkjqag8vpsN0ObuusT1EH/MvGX9+4=
github.com/fsouza/go-dockerclient v1.7.7/go.mod h1:njNCXvoZj3sLPjf3yO0DPHf1mdLdCPDYPc14GskKA4Y=
+github.com/fsouza/go-dockerclient v1.7.8 h1:Tp7IYXyvmZsmrCDffMENOv6l2xN2Aw17EThY8Gokq48=
+github.com/fsouza/go-dockerclient v1.7.8/go.mod h1:7cvopLQDrW3dJ5mcx2LzWMBfmpv/fq7MZUEPcQlAtLw=
github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -492,8 +495,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM=
github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
index ac1068fbf..81a65dea4 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@@ -19,6 +19,7 @@ import (
"github.com/containers/buildah/pkg/parse"
"github.com/containers/buildah/pkg/rusage"
"github.com/containers/buildah/util"
+ config "github.com/containers/common/pkg/config"
cp "github.com/containers/image/v5/copy"
"github.com/containers/image/v5/docker/reference"
"github.com/containers/image/v5/manifest"
@@ -49,21 +50,22 @@ import (
// If we're naming the result of the build, only the last stage will apply that
// name to the image that it produces.
type StageExecutor struct {
- ctx context.Context
- executor *Executor
- log func(format string, args ...interface{})
- index int
- stages imagebuilder.Stages
- name string
- builder *buildah.Builder
- preserved int
- volumes imagebuilder.VolumeSet
- volumeCache map[string]string
- volumeCacheInfo map[string]os.FileInfo
- mountPoint string
- output string
- containerIDs []string
- stage *imagebuilder.Stage
+ ctx context.Context
+ executor *Executor
+ log func(format string, args ...interface{})
+ index int
+ stages imagebuilder.Stages
+ name string
+ builder *buildah.Builder
+ preserved int
+ volumes imagebuilder.VolumeSet
+ volumeCache map[string]string
+ volumeCacheInfo map[string]os.FileInfo
+ mountPoint string
+ output string
+ containerIDs []string
+ stage *imagebuilder.Stage
+ argsFromContainerfile []string
}
// Preserve informs the stage executor that from this point on, it needs to
@@ -1228,6 +1230,11 @@ func (s *StageExecutor) getCreatedBy(node *parser.Node, addedContentSummary stri
}
switch strings.ToUpper(node.Value) {
case "ARG":
+ for _, variable := range strings.Fields(node.Original) {
+ if variable != "ARG" {
+ s.argsFromContainerfile = append(s.argsFromContainerfile, variable)
+ }
+ }
buildArgs := s.getBuildArgsKey()
return "/bin/sh -c #(nop) ARG " + buildArgs
case "RUN":
@@ -1271,7 +1278,31 @@ func (s *StageExecutor) getBuildArgsResolvedForRun() string {
if inImage {
envs = append(envs, fmt.Sprintf("%s=%s", key, configuredEnvs[key]))
} else {
- envs = append(envs, fmt.Sprintf("%s=%s", key, value))
+ // By default everything must be added to history.
+ // Following variable is configured to false only for special cases.
+ addToHistory := true
+
+ // Following value is being assigned from build-args,
+ // check if this key belongs to any of the predefined allowlist args e.g Proxy Variables
+ // and if that arg is not manually set in Containerfile/Dockerfile
+ // then don't write its value to history.
+ // Following behaviour ensures parity with docker/buildkit.
+ for _, variable := range config.ProxyEnv {
+ if key == variable {
+ // found in predefined args
+ // so don't add to history
+ // unless user did explicit `ARG <some-predefined-proxy-variable>`
+ addToHistory = false
+ for _, processedArg := range s.argsFromContainerfile {
+ if key == processedArg {
+ addToHistory = true
+ }
+ }
+ }
+ }
+ if addToHistory {
+ envs = append(envs, fmt.Sprintf("%s=%s", key, value))
+ }
}
}
}
diff --git a/vendor/github.com/containers/buildah/run.go b/vendor/github.com/containers/buildah/run.go
index fedeb6dc5..ae3907278 100644
--- a/vendor/github.com/containers/buildah/run.go
+++ b/vendor/github.com/containers/buildah/run.go
@@ -157,6 +157,8 @@ type RunOptions struct {
ExternalImageMounts []string
// System context of current build
SystemContext *types.SystemContext
+ // CgroupManager to use for running OCI containers
+ CgroupManager string
}
// RunMountArtifacts are the artifacts created when using a run mount.
diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go
index f26f4e867..794636bf4 100644
--- a/vendor/github.com/containers/buildah/run_linux.go
+++ b/vendor/github.com/containers/buildah/run_linux.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
package buildah
@@ -874,9 +875,14 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
}
}
+ runtimeArgs := options.Args[:]
+ if options.CgroupManager == config.SystemdCgroupsManager {
+ runtimeArgs = append(runtimeArgs, "--systemd-cgroup")
+ }
+
// Build the commands that we'll execute.
pidFile := filepath.Join(bundlePath, "pid")
- args := append(append(append(options.Args, "create", "--bundle", bundlePath, "--pid-file", pidFile), moreCreateArgs...), containerName)
+ args := append(append(append(runtimeArgs, "create", "--bundle", bundlePath, "--pid-file", pidFile), moreCreateArgs...), containerName)
create := exec.Command(runtime, args...)
create.Dir = bundlePath
stdin, stdout, stderr := getCreateStdio()
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index c85090d66..a1c1503d3 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.38.2
+1.38.2+dev
diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go
index b4f773f2b..5425f0339 100644
--- a/vendor/github.com/containers/storage/containers.go
+++ b/vendor/github.com/containers/storage/containers.go
@@ -324,6 +324,12 @@ func (r *containerStore) Create(id string, names []string, image, layer, metadat
fmt.Sprintf("the container name \"%s\" is already in use by \"%s\". You have to remove that container to be able to reuse that name.", name, r.byname[name].ID))
}
}
+ if err := hasOverlappingRanges(options.UIDMap); err != nil {
+ return nil, err
+ }
+ if err := hasOverlappingRanges(options.GIDMap); err != nil {
+ return nil, err
+ }
if err == nil {
container = &Container{
ID: id,
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index b22f9dfb2..e5355590b 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
package overlay
@@ -1166,6 +1167,9 @@ func (d *Driver) Remove(id string) error {
// under each layer has a symlink created for it under the linkDir. If the symlink does not
// exist, it creates them
func (d *Driver) recreateSymlinks() error {
+ // We have at most 3 corrective actions per layer, so 10 iterations is plenty.
+ const maxIterations = 10
+
// List all the directories under the home directory
dirs, err := ioutil.ReadDir(d.home)
if err != nil {
@@ -1183,6 +1187,7 @@ func (d *Driver) recreateSymlinks() error {
// Keep looping as long as we take some corrective action in each iteration
var errs *multierror.Error
madeProgress := true
+ iterations := 0
for madeProgress {
errs = nil
madeProgress = false
@@ -1233,7 +1238,12 @@ func (d *Driver) recreateSymlinks() error {
if len(targetComponents) != 3 || targetComponents[0] != ".." || targetComponents[2] != "diff" {
errs = multierror.Append(errs, errors.Errorf("link target of %q looks weird: %q", link, target))
// force the link to be recreated on the next pass
- os.Remove(filepath.Join(linksDir, link.Name()))
+ if err := os.Remove(filepath.Join(linksDir, link.Name())); err != nil {
+ if !os.IsNotExist(err) {
+ errs = multierror.Append(errs, errors.Wrapf(err, "removing link %q", link))
+ } // else don’t report any error, but also don’t set madeProgress.
+ continue
+ }
madeProgress = true
continue
}
@@ -1250,6 +1260,11 @@ func (d *Driver) recreateSymlinks() error {
madeProgress = true
}
}
+ iterations++
+ if iterations >= maxIterations {
+ errs = multierror.Append(errs, fmt.Errorf("Reached %d iterations in overlay graph driver’s recreateSymlink, giving up", iterations))
+ break
+ }
}
if errs != nil {
return errs.ErrorOrNil()
diff --git a/vendor/github.com/containers/storage/errors.go b/vendor/github.com/containers/storage/errors.go
index 5fc810b89..0b55639e6 100644
--- a/vendor/github.com/containers/storage/errors.go
+++ b/vendor/github.com/containers/storage/errors.go
@@ -55,4 +55,6 @@ var (
ErrStoreIsReadOnly = types.ErrStoreIsReadOnly
// ErrNotSupported is returned when the requested functionality is not supported.
ErrNotSupported = types.ErrNotSupported
+ // ErrInvalidMappings is returned when the specified mappings are invalid.
+ ErrInvalidMappings = types.ErrInvalidMappings
)
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
index a2aff4902..e4c593ff8 100644
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@@ -16,7 +16,7 @@ require (
github.com/klauspost/pgzip v1.2.5
github.com/mattn/go-shellwords v1.0.12
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
- github.com/moby/sys/mountinfo v0.5.0
+ github.com/moby/sys/mountinfo v0.6.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/runc v1.1.0
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
index b211efd37..d3e5cb009 100644
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@@ -466,8 +466,9 @@ github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQ
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
+github.com/moby/sys/mountinfo v0.6.0 h1:gUDhXQx58YNrpHlK4nSL+7y2pxFZkUcXqzFDKWdC0Oo=
+github.com/moby/sys/mountinfo v0.6.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
diff --git a/vendor/github.com/containers/storage/idset.go b/vendor/github.com/containers/storage/idset.go
index f870b9cee..0a06a4323 100644
--- a/vendor/github.com/containers/storage/idset.go
+++ b/vendor/github.com/containers/storage/idset.go
@@ -1,6 +1,9 @@
package storage
import (
+ "fmt"
+ "strings"
+
"github.com/containers/storage/pkg/idtools"
"github.com/google/go-intervals/intervalset"
"github.com/pkg/errors"
@@ -218,3 +221,45 @@ func maxInt(a, b int) int {
}
return a
}
+
+func hasOverlappingRanges(mappings []idtools.IDMap) error {
+ hostIntervals := intervalset.Empty()
+ containerIntervals := intervalset.Empty()
+
+ var conflicts []string
+
+ for _, m := range mappings {
+ c := interval{start: m.ContainerID, end: m.ContainerID + m.Size}
+ h := interval{start: m.HostID, end: m.HostID + m.Size}
+
+ added := false
+ overlaps := false
+
+ containerIntervals.IntervalsBetween(c, func(x intervalset.Interval) bool {
+ overlaps = true
+ return false
+ })
+ if overlaps {
+ conflicts = append(conflicts, fmt.Sprintf("%v:%v:%v", m.ContainerID, m.HostID, m.Size))
+ added = true
+ }
+ containerIntervals.Add(intervalset.NewSet([]intervalset.Interval{c}))
+
+ hostIntervals.IntervalsBetween(h, func(x intervalset.Interval) bool {
+ overlaps = true
+ return false
+ })
+ if overlaps && !added {
+ conflicts = append(conflicts, fmt.Sprintf("%v:%v:%v", m.ContainerID, m.HostID, m.Size))
+ }
+ hostIntervals.Add(intervalset.NewSet([]intervalset.Interval{h}))
+ }
+
+ if conflicts != nil {
+ if len(conflicts) == 1 {
+ return errors.Wrapf(ErrInvalidMappings, "the specified UID and/or GID mapping %s conflicts with other mappings", conflicts[0])
+ }
+ return errors.Wrapf(ErrInvalidMappings, "the specified UID and/or GID mappings %s conflict with other mappings", strings.Join(conflicts, ", "))
+ }
+ return nil
+}
diff --git a/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go b/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go
index a931fb5d1..b8b278a13 100644
--- a/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go
+++ b/vendor/github.com/containers/storage/pkg/chunked/cache_linux.go
@@ -108,35 +108,32 @@ func (c *layersCache) load() error {
}
bigData, err := c.store.LayerBigData(r.ID, cacheKey)
- if err != nil {
- if errors.Cause(err) == os.ErrNotExist {
+ // if the cache areadly exists, read and use it
+ if err == nil {
+ defer bigData.Close()
+ metadata, err := readMetadataFromCache(bigData)
+ if err == nil {
+ c.addLayer(r.ID, metadata)
continue
}
- return err
- }
- defer bigData.Close()
-
- metadata, err := readMetadataFromCache(bigData)
- if err != nil {
logrus.Warningf("Error reading cache file for layer %q: %v", r.ID, err)
+ } else if errors.Cause(err) != os.ErrNotExist {
+ return err
}
- if metadata != nil {
- c.addLayer(r.ID, metadata)
- continue
- }
-
+ // otherwise create it from the layer TOC.
manifestReader, err := c.store.LayerBigData(r.ID, bigDataKey)
if err != nil {
continue
}
defer manifestReader.Close()
+
manifest, err := ioutil.ReadAll(manifestReader)
if err != nil {
return fmt.Errorf("open manifest file for layer %q: %w", r.ID, err)
}
- metadata, err = writeCache(manifest, r.ID, c.store)
+ metadata, err := writeCache(manifest, r.ID, c.store)
if err == nil {
c.addLayer(r.ID, metadata)
}
diff --git a/vendor/github.com/containers/storage/pkg/config/config.go b/vendor/github.com/containers/storage/pkg/config/config.go
index e6622cf14..f6e0cfcfe 100644
--- a/vendor/github.com/containers/storage/pkg/config/config.go
+++ b/vendor/github.com/containers/storage/pkg/config/config.go
@@ -12,109 +12,109 @@ type ThinpoolOptionsConfig struct {
// grown. This is specified in terms of % of pool size. So a value of
// 20 means that when threshold is hit, pool will be grown by 20% of
// existing pool size.
- AutoExtendPercent string `toml:"autoextend_percent"`
+ AutoExtendPercent string `toml:"autoextend_percent,omitempty"`
// AutoExtendThreshold determines the pool extension threshold in terms
// of percentage of pool size. For example, if threshold is 60, that
// means when pool is 60% full, threshold has been hit.
- AutoExtendThreshold string `toml:"autoextend_threshold"`
+ AutoExtendThreshold string `toml:"autoextend_threshold,omitempty"`
// BaseSize specifies the size to use when creating the base device,
// which limits the size of images and containers.
- BaseSize string `toml:"basesize"`
+ BaseSize string `toml:"basesize,omitempty"`
// BlockSize specifies a custom blocksize to use for the thin pool.
- BlockSize string `toml:"blocksize"`
+ BlockSize string `toml:"blocksize,omitempty"`
// DirectLvmDevice specifies a custom block storage device to use for
// the thin pool.
- DirectLvmDevice string `toml:"directlvm_device"`
+ DirectLvmDevice string `toml:"directlvm_device,omitempty"`
// DirectLvmDeviceForcewipes device even if device already has a
// filesystem
- DirectLvmDeviceForce string `toml:"directlvm_device_force"`
+ DirectLvmDeviceForce string `toml:"directlvm_device_force,omitempty"`
// Fs specifies the filesystem type to use for the base device.
- Fs string `toml:"fs"`
+ Fs string `toml:"fs,omitempty"`
// log_level sets the log level of devicemapper.
- LogLevel string `toml:"log_level"`
+ LogLevel string `toml:"log_level,omitempty"`
// MetadataSize specifies the size of the metadata for the thinpool
// It will be used with the `pvcreate --metadata` option.
- MetadataSize string `toml:"metadatasize"`
+ MetadataSize string `toml:"metadatasize,omitempty"`
// MinFreeSpace specifies the min free space percent in a thin pool
// require for new device creation to
- MinFreeSpace string `toml:"min_free_space"`
+ MinFreeSpace string `toml:"min_free_space,omitempty"`
// MkfsArg specifies extra mkfs arguments to be used when creating the
// basedevice.
- MkfsArg string `toml:"mkfsarg"`
+ MkfsArg string `toml:"mkfsarg,omitempty"`
// MountOpt specifies extra mount options used when mounting the thin
// devices.
- MountOpt string `toml:"mountopt"`
+ MountOpt string `toml:"mountopt,omitempty"`
// Size
- Size string `toml:"size"`
+ Size string `toml:"size,omitempty"`
// UseDeferredDeletion marks device for deferred deletion
- UseDeferredDeletion string `toml:"use_deferred_deletion"`
+ UseDeferredDeletion string `toml:"use_deferred_deletion,omitempty"`
// UseDeferredRemoval marks device for deferred removal
- UseDeferredRemoval string `toml:"use_deferred_removal"`
+ UseDeferredRemoval string `toml:"use_deferred_removal,omitempty"`
// XfsNoSpaceMaxRetriesFreeSpace specifies the maximum number of
// retries XFS should attempt to complete IO when ENOSPC (no space)
// error is returned by underlying storage device.
- XfsNoSpaceMaxRetries string `toml:"xfs_nospace_max_retries"`
+ XfsNoSpaceMaxRetries string `toml:"xfs_nospace_max_retries,omitempty"`
}
type AufsOptionsConfig struct {
// MountOpt specifies extra mount options used when mounting
- MountOpt string `toml:"mountopt"`
+ MountOpt string `toml:"mountopt,omitempty"`
}
type BtrfsOptionsConfig struct {
// MinSpace is the minimal spaces allocated to the device
- MinSpace string `toml:"min_space"`
+ MinSpace string `toml:"min_space,omitempty"`
// Size
- Size string `toml:"size"`
+ Size string `toml:"size,omitempty"`
}
type OverlayOptionsConfig struct {
// IgnoreChownErrors is a flag for whether chown errors should be
// ignored when building an image.
- IgnoreChownErrors string `toml:"ignore_chown_errors"`
+ IgnoreChownErrors string `toml:"ignore_chown_errors,omitempty"`
// MountOpt specifies extra mount options used when mounting
- MountOpt string `toml:"mountopt"`
+ MountOpt string `toml:"mountopt,omitempty"`
// Alternative program to use for the mount of the file system
- MountProgram string `toml:"mount_program"`
+ MountProgram string `toml:"mount_program,omitempty"`
// Size
- Size string `toml:"size"`
+ Size string `toml:"size,omitempty"`
// Inodes is used to set a maximum inodes of the container image.
- Inodes string `toml:"inodes"`
+ Inodes string `toml:"inodes,omitempty"`
// Do not create a bind mount on the storage home
- SkipMountHome string `toml:"skip_mount_home"`
+ SkipMountHome string `toml:"skip_mount_home,omitempty"`
// ForceMask indicates the permissions mask (e.g. "0755") to use for new
// files and directories
- ForceMask string `toml:"force_mask"`
+ ForceMask string `toml:"force_mask,omitempty"`
}
type VfsOptionsConfig struct {
// IgnoreChownErrors is a flag for whether chown errors should be
// ignored when building an image.
- IgnoreChownErrors string `toml:"ignore_chown_errors"`
+ IgnoreChownErrors string `toml:"ignore_chown_errors,omitempty"`
}
type ZfsOptionsConfig struct {
// MountOpt specifies extra mount options used when mounting
- MountOpt string `toml:"mountopt"`
+ MountOpt string `toml:"mountopt,omitempty"`
// Name is the File System name of the ZFS File system
- Name string `toml:"fsname"`
+ Name string `toml:"fsname,omitempty"`
// Size
- Size string `toml:"size"`
+ Size string `toml:"size,omitempty"`
}
// OptionsConfig represents the "storage.options" TOML config table.
@@ -122,82 +122,82 @@ type OptionsConfig struct {
// AdditionalImagesStores is the location of additional read/only
// Image stores. Usually used to access Networked File System
// for shared image content
- AdditionalImageStores []string `toml:"additionalimagestores"`
+ AdditionalImageStores []string `toml:"additionalimagestores,omitempty"`
// AdditionalLayerStores is the location of additional read/only
// Layer stores. Usually used to access Networked File System
// for shared image content
// This API is experimental and can be changed without bumping the
// major version number.
- AdditionalLayerStores []string `toml:"additionallayerstores"`
+ AdditionalLayerStores []string `toml:"additionallayerstores,omitempty"`
// Size
- Size string `toml:"size"`
+ Size string `toml:"size,omitempty"`
// RemapUIDs is a list of default UID mappings to use for layers.
- RemapUIDs string `toml:"remap-uids"`
+ RemapUIDs string `toml:"remap-uids,omitempty"`
// RemapGIDs is a list of default GID mappings to use for layers.
- RemapGIDs string `toml:"remap-gids"`
+ RemapGIDs string `toml:"remap-gids,omitempty"`
// IgnoreChownErrors is a flag for whether chown errors should be
// ignored when building an image.
- IgnoreChownErrors string `toml:"ignore_chown_errors"`
+ IgnoreChownErrors string `toml:"ignore_chown_errors,omitempty"`
// ForceMask indicates the permissions mask (e.g. "0755") to use for new
// files and directories.
- ForceMask os.FileMode `toml:"force_mask"`
+ ForceMask os.FileMode `toml:"force_mask,omitempty"`
// RemapUser is the name of one or more entries in /etc/subuid which
// should be used to set up default UID mappings.
- RemapUser string `toml:"remap-user"`
+ RemapUser string `toml:"remap-user,omitempty"`
// RemapGroup is the name of one or more entries in /etc/subgid which
// should be used to set up default GID mappings.
- RemapGroup string `toml:"remap-group"`
+ RemapGroup string `toml:"remap-group,omitempty"`
// RootAutoUsernsUser is the name of one or more entries in /etc/subuid and
// /etc/subgid which should be used to set up automatically a userns.
- RootAutoUsernsUser string `toml:"root-auto-userns-user"`
+ RootAutoUsernsUser string `toml:"root-auto-userns-user,omitempty"`
// AutoUsernsMinSize is the minimum size for a user namespace that is
// created automatically.
- AutoUsernsMinSize uint32 `toml:"auto-userns-min-size"`
+ AutoUsernsMinSize uint32 `toml:"auto-userns-min-size,omitempty"`
// AutoUsernsMaxSize is the maximum size for a user namespace that is
// created automatically.
- AutoUsernsMaxSize uint32 `toml:"auto-userns-max-size"`
+ AutoUsernsMaxSize uint32 `toml:"auto-userns-max-size,omitempty"`
// Aufs container options to be handed to aufs drivers
- Aufs struct{ AufsOptionsConfig } `toml:"aufs"`
+ Aufs struct{ AufsOptionsConfig } `toml:"aufs,omitempty"`
// Btrfs container options to be handed to btrfs drivers
- Btrfs struct{ BtrfsOptionsConfig } `toml:"btrfs"`
+ Btrfs struct{ BtrfsOptionsConfig } `toml:"btrfs,omitempty"`
// Thinpool container options to be handed to thinpool drivers
- Thinpool struct{ ThinpoolOptionsConfig } `toml:"thinpool"`
+ Thinpool struct{ ThinpoolOptionsConfig } `toml:"thinpool,omitempty"`
// Overlay container options to be handed to overlay drivers
- Overlay struct{ OverlayOptionsConfig } `toml:"overlay"`
+ Overlay struct{ OverlayOptionsConfig } `toml:"overlay,omitempty"`
// Vfs container options to be handed to VFS drivers
- Vfs struct{ VfsOptionsConfig } `toml:"vfs"`
+ Vfs struct{ VfsOptionsConfig } `toml:"vfs,omitempty"`
// Zfs container options to be handed to ZFS drivers
- Zfs struct{ ZfsOptionsConfig } `toml:"zfs"`
+ Zfs struct{ ZfsOptionsConfig } `toml:"zfs,omitempty"`
// Do not create a bind mount on the storage home
- SkipMountHome string `toml:"skip_mount_home"`
+ SkipMountHome string `toml:"skip_mount_home,omitempty"`
// Alternative program to use for the mount of the file system
- MountProgram string `toml:"mount_program"`
+ MountProgram string `toml:"mount_program,omitempty"`
// MountOpt specifies extra mount options used when mounting
- MountOpt string `toml:"mountopt"`
+ MountOpt string `toml:"mountopt,omitempty"`
// PullOptions specifies options to be handed to pull managers
// This API is experimental and can be changed without bumping the major version number.
- PullOptions map[string]string `toml:"pull_options"`
+ PullOptions map[string]string `toml:"pull_options,omitempty"`
// DisableVolatile doesn't allow volatile mounts when it is set.
- DisableVolatile bool `toml:"disable-volatile"`
+ DisableVolatile bool `toml:"disable-volatile,omitempty"`
}
// GetGraphDriverOptions returns the driver specific options
diff --git a/vendor/github.com/containers/storage/types/errors.go b/vendor/github.com/containers/storage/types/errors.go
index d920d12eb..ad12ffdbf 100644
--- a/vendor/github.com/containers/storage/types/errors.go
+++ b/vendor/github.com/containers/storage/types/errors.go
@@ -55,4 +55,6 @@ var (
ErrStoreIsReadOnly = errors.New("called a write method on a read-only store")
// ErrNotSupported is returned when the requested functionality is not supported.
ErrNotSupported = errors.New("not supported")
+ // ErrInvalidMappings is returned when the specified mappings are invalid.
+ ErrInvalidMappings = errors.New("invalid mappings specified")
)
diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go
index ad8377dab..567985b98 100644
--- a/vendor/github.com/containers/storage/types/options.go
+++ b/vendor/github.com/containers/storage/types/options.go
@@ -19,11 +19,11 @@ import (
// TOML-friendly explicit tables used for conversions.
type TomlConfig struct {
Storage struct {
- Driver string `toml:"driver"`
- RunRoot string `toml:"runroot"`
- GraphRoot string `toml:"graphroot"`
- RootlessStoragePath string `toml:"rootless_storage_path"`
- Options cfg.OptionsConfig `toml:"options"`
+ Driver string `toml:"driver,omitempty"`
+ RunRoot string `toml:"runroot,omitempty"`
+ GraphRoot string `toml:"graphroot,omitempty"`
+ RootlessStoragePath string `toml:"rootless_storage_path,omitempty"`
+ Options cfg.OptionsConfig `toml:"options,omitempty"`
} `toml:"storage"`
}
@@ -431,11 +431,12 @@ func Save(conf TomlConfig, rootless bool) error {
if err != nil {
return err
}
- if err = os.Remove(configFile); !os.IsNotExist(err) {
+
+ if err = os.Remove(configFile); !os.IsNotExist(err) && err != nil {
return err
}
- f, err := os.Open(configFile)
+ f, err := os.Create(configFile)
if err != nil {
return err
}
diff --git a/vendor/github.com/fsouza/go-dockerclient/LICENSE b/vendor/github.com/fsouza/go-dockerclient/LICENSE
index 707a0ed49..20837167a 100644
--- a/vendor/github.com/fsouza/go-dockerclient/LICENSE
+++ b/vendor/github.com/fsouza/go-dockerclient/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2013-2021, go-dockerclient authors
+Copyright (c) go-dockerclient authors
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/vendor/github.com/fsouza/go-dockerclient/Makefile b/vendor/github.com/fsouza/go-dockerclient/Makefile
index 431458441..2f5d9fcc6 100644
--- a/vendor/github.com/fsouza/go-dockerclient/Makefile
+++ b/vendor/github.com/fsouza/go-dockerclient/Makefile
@@ -7,12 +7,12 @@ test: pretest gotest
.PHONY: golangci-lint
golangci-lint:
- cd /tmp && GO111MODULE=on go get github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+ go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
golangci-lint run
.PHONY: staticcheck
staticcheck:
- cd /tmp && GO111MODULE=on go get honnef.co/go/tools/cmd/staticcheck@master
+ go install honnef.co/go/tools/cmd/staticcheck@master
staticcheck ./...
.PHONY: lint
diff --git a/vendor/github.com/fsouza/go-dockerclient/go.mod b/vendor/github.com/fsouza/go-dockerclient/go.mod
index 3d27f5b0b..485428253 100644
--- a/vendor/github.com/fsouza/go-dockerclient/go.mod
+++ b/vendor/github.com/fsouza/go-dockerclient/go.mod
@@ -5,10 +5,10 @@ go 1.16
require (
github.com/Microsoft/go-winio v0.5.1
github.com/containerd/containerd v1.5.9 // indirect
- github.com/docker/docker v20.10.12+incompatible
+ github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.4.0
- github.com/google/go-cmp v0.5.6
+ github.com/google/go-cmp v0.5.7
github.com/gorilla/mux v1.8.0
github.com/moby/sys/mount v0.2.0 // indirect
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
diff --git a/vendor/github.com/fsouza/go-dockerclient/go.sum b/vendor/github.com/fsouza/go-dockerclient/go.sum
index 595445af0..869f6d67c 100644
--- a/vendor/github.com/fsouza/go-dockerclient/go.sum
+++ b/vendor/github.com/fsouza/go-dockerclient/go.sum
@@ -117,7 +117,6 @@ github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1
github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1 h1:iJnMvco9XGvKUvNQkv88bE4uJXxRQH18efbKo9w5vHQ=
github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
@@ -226,8 +225,8 @@ github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyG
github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U=
-github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible h1:DPMrerxYRbdZnOnlPPwt9QGf207ETn7FebEmxUQI3bE=
+github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
@@ -295,7 +294,6 @@ github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4er
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -316,7 +314,6 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -329,8 +326,8 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@@ -392,6 +389,7 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.11.13 h1:eSvu8Tmq6j2psUJqJrLcWH6K3w5Dwc+qipbaA6eVEN4=
github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -605,7 +603,6 @@ go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvS
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -886,7 +883,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
diff --git a/vendor/github.com/google/go-cmp/cmp/compare.go b/vendor/github.com/google/go-cmp/cmp/compare.go
index 86d0903b8..2a5446762 100644
--- a/vendor/github.com/google/go-cmp/cmp/compare.go
+++ b/vendor/github.com/google/go-cmp/cmp/compare.go
@@ -36,7 +36,6 @@ import (
"strings"
"github.com/google/go-cmp/cmp/internal/diff"
- "github.com/google/go-cmp/cmp/internal/flags"
"github.com/google/go-cmp/cmp/internal/function"
"github.com/google/go-cmp/cmp/internal/value"
)
@@ -319,7 +318,6 @@ func (s *state) tryMethod(t reflect.Type, vx, vy reflect.Value) bool {
}
func (s *state) callTRFunc(f, v reflect.Value, step Transform) reflect.Value {
- v = sanitizeValue(v, f.Type().In(0))
if !s.dynChecker.Next() {
return f.Call([]reflect.Value{v})[0]
}
@@ -343,8 +341,6 @@ func (s *state) callTRFunc(f, v reflect.Value, step Transform) reflect.Value {
}
func (s *state) callTTBFunc(f, x, y reflect.Value) bool {
- x = sanitizeValue(x, f.Type().In(0))
- y = sanitizeValue(y, f.Type().In(1))
if !s.dynChecker.Next() {
return f.Call([]reflect.Value{x, y})[0].Bool()
}
@@ -372,19 +368,6 @@ func detectRaces(c chan<- reflect.Value, f reflect.Value, vs ...reflect.Value) {
ret = f.Call(vs)[0]
}
-// sanitizeValue converts nil interfaces of type T to those of type R,
-// assuming that T is assignable to R.
-// Otherwise, it returns the input value as is.
-func sanitizeValue(v reflect.Value, t reflect.Type) reflect.Value {
- // TODO(≥go1.10): Workaround for reflect bug (https://golang.org/issue/22143).
- if !flags.AtLeastGo110 {
- if v.Kind() == reflect.Interface && v.IsNil() && v.Type() != t {
- return reflect.New(t).Elem()
- }
- }
- return v
-}
-
func (s *state) compareStruct(t reflect.Type, vx, vy reflect.Value) {
var addr bool
var vax, vay reflect.Value // Addressable versions of vx and vy
diff --git a/vendor/github.com/google/go-cmp/cmp/export_panic.go b/vendor/github.com/google/go-cmp/cmp/export_panic.go
index 5ff0b4218..ae851fe53 100644
--- a/vendor/github.com/google/go-cmp/cmp/export_panic.go
+++ b/vendor/github.com/google/go-cmp/cmp/export_panic.go
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build purego
// +build purego
package cmp
diff --git a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go b/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
index 21eb54858..e2c0f74e8 100644
--- a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
+++ b/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !purego
// +build !purego
package cmp
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go
index 1daaaacc5..36062a604 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !cmp_debug
// +build !cmp_debug
package diff
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go
index 4b91dbcac..a3b97a1ad 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build cmp_debug
// +build cmp_debug
package diff
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go b/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go
deleted file mode 100644
index 82d1d7fbf..000000000
--- a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2019, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.10
-
-package flags
-
-// AtLeastGo110 reports whether the Go toolchain is at least Go 1.10.
-const AtLeastGo110 = false
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go b/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go
deleted file mode 100644
index 8646f0529..000000000
--- a/vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2019, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.10
-
-package flags
-
-// AtLeastGo110 reports whether the Go toolchain is at least Go 1.10.
-const AtLeastGo110 = true
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/name.go b/vendor/github.com/google/go-cmp/cmp/internal/value/name.go
index b6c12cefb..7b498bb2c 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/value/name.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/name.go
@@ -9,6 +9,8 @@ import (
"strconv"
)
+var anyType = reflect.TypeOf((*interface{})(nil)).Elem()
+
// TypeString is nearly identical to reflect.Type.String,
// but has an additional option to specify that full type names be used.
func TypeString(t reflect.Type, qualified bool) string {
@@ -20,6 +22,11 @@ func appendTypeName(b []byte, t reflect.Type, qualified, elideFunc bool) []byte
// of the same name and within the same package,
// but declared within the namespace of different functions.
+ // Use the "any" alias instead of "interface{}" for better readability.
+ if t == anyType {
+ return append(b, "any"...)
+ }
+
// Named type.
if t.Name() != "" {
if qualified && t.PkgPath() != "" {
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
index 44f4a5afd..1a71bfcbd 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build purego
// +build purego
package value
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
index a605953d4..16e6860af 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !purego
// +build !purego
package value
diff --git a/vendor/github.com/google/go-cmp/cmp/path.go b/vendor/github.com/google/go-cmp/cmp/path.go
index f01eff318..c71003463 100644
--- a/vendor/github.com/google/go-cmp/cmp/path.go
+++ b/vendor/github.com/google/go-cmp/cmp/path.go
@@ -178,7 +178,7 @@ type structField struct {
unexported bool
mayForce bool // Forcibly allow visibility
paddr bool // Was parent addressable?
- pvx, pvy reflect.Value // Parent values (always addressible)
+ pvx, pvy reflect.Value // Parent values (always addressable)
field reflect.StructField // Field information
}
diff --git a/vendor/github.com/google/go-cmp/cmp/report_reflect.go b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
index 33f03577f..76c04fdbd 100644
--- a/vendor/github.com/google/go-cmp/cmp/report_reflect.go
+++ b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
@@ -207,9 +207,10 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind,
// Check whether this is a []byte of text data.
if t.Elem() == reflect.TypeOf(byte(0)) {
b := v.Bytes()
- isPrintSpace := func(r rune) bool { return unicode.IsPrint(r) && unicode.IsSpace(r) }
+ isPrintSpace := func(r rune) bool { return unicode.IsPrint(r) || unicode.IsSpace(r) }
if len(b) > 0 && utf8.Valid(b) && len(bytes.TrimFunc(b, isPrintSpace)) == 0 {
out = opts.formatString("", string(b))
+ skipType = true
return opts.WithTypeMode(emitType).FormatType(t, out)
}
}
diff --git a/vendor/github.com/google/go-cmp/cmp/report_slices.go b/vendor/github.com/google/go-cmp/cmp/report_slices.go
index 2ad3bc85b..68b5c1ae1 100644
--- a/vendor/github.com/google/go-cmp/cmp/report_slices.go
+++ b/vendor/github.com/google/go-cmp/cmp/report_slices.go
@@ -80,7 +80,7 @@ func (opts formatOptions) CanFormatDiffSlice(v *valueNode) bool {
}
// Use specialized string diffing for longer slices or strings.
- const minLength = 64
+ const minLength = 32
return vx.Len() >= minLength && vy.Len() >= minLength
}
@@ -563,10 +563,10 @@ func cleanupSurroundingIdentical(groups []diffStats, eq func(i, j int) bool) []d
nx := ds.NumIdentical + ds.NumRemoved + ds.NumModified
ny := ds.NumIdentical + ds.NumInserted + ds.NumModified
var numLeadingIdentical, numTrailingIdentical int
- for i := 0; i < nx && i < ny && eq(ix+i, iy+i); i++ {
+ for j := 0; j < nx && j < ny && eq(ix+j, iy+j); j++ {
numLeadingIdentical++
}
- for i := 0; i < nx && i < ny && eq(ix+nx-1-i, iy+ny-1-i); i++ {
+ for j := 0; j < nx && j < ny && eq(ix+nx-1-j, iy+ny-1-j); j++ {
numTrailingIdentical++
}
if numIdentical := numLeadingIdentical + numTrailingIdentical; numIdentical > 0 {
diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
index 5c9e3e30e..bf221e687 100644
--- a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
+++ b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go
@@ -7,6 +7,34 @@ import (
"golang.org/x/sys/unix"
)
+// MountedFast is a method of detecting a mount point without reading
+// mountinfo from procfs. A caller can only trust the result if no error
+// and sure == true are returned. Otherwise, other methods (e.g. parsing
+// /proc/mounts) have to be used. If unsure, use Mounted instead (which
+// uses MountedFast, but falls back to parsing mountinfo if needed).
+//
+// If a non-existent path is specified, an appropriate error is returned.
+// In case the caller is not interested in this particular error, it should
+// be handled separately using e.g. errors.Is(err, os.ErrNotExist).
+//
+// This function is only available on Linux. When available (since kernel
+// v5.6), openat2(2) syscall is used to reliably detect all mounts. Otherwise,
+// the implementation falls back to using stat(2), which can reliably detect
+// normal (but not bind) mounts.
+func MountedFast(path string) (mounted, sure bool, err error) {
+ // Root is always mounted.
+ if path == string(os.PathSeparator) {
+ return true, true, nil
+ }
+
+ path, err = normalizePath(path)
+ if err != nil {
+ return false, false, err
+ }
+ mounted, sure, err = mountedFast(path)
+ return
+}
+
// mountedByOpenat2 is a method of detecting a mount that works for all kinds
// of mounts (incl. bind mounts), but requires a recent (v5.6+) linux kernel.
func mountedByOpenat2(path string) (bool, error) {
@@ -34,24 +62,40 @@ func mountedByOpenat2(path string) (bool, error) {
return false, &os.PathError{Op: "openat2", Path: path, Err: err}
}
-func mounted(path string) (bool, error) {
- path, err := normalizePath(path)
- if err != nil {
- return false, err
+// mountedFast is similar to MountedFast, except it expects a normalized path.
+func mountedFast(path string) (mounted, sure bool, err error) {
+ // Root is always mounted.
+ if path == string(os.PathSeparator) {
+ return true, true, nil
}
+
// Try a fast path, using openat2() with RESOLVE_NO_XDEV.
- mounted, err := mountedByOpenat2(path)
+ mounted, err = mountedByOpenat2(path)
if err == nil {
- return mounted, nil
+ return mounted, true, nil
}
+
// Another fast path: compare st.st_dev fields.
mounted, err = mountedByStat(path)
// This does not work for bind mounts, so false negative
// is possible, therefore only trust if return is true.
if mounted && err == nil {
+ return true, true, nil
+ }
+
+ return
+}
+
+func mounted(path string) (bool, error) {
+ path, err := normalizePath(path)
+ if err != nil {
+ return false, err
+ }
+ mounted, sure, err := mountedFast(path)
+ if sure && err == nil {
return mounted, nil
}
- // Fallback to parsing mountinfo
+ // Fallback to parsing mountinfo.
return mountedByMountinfo(path)
}
diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo.go b/vendor/github.com/moby/sys/mountinfo/mountinfo.go
index 9867a66dd..c7e5cb42a 100644
--- a/vendor/github.com/moby/sys/mountinfo/mountinfo.go
+++ b/vendor/github.com/moby/sys/mountinfo/mountinfo.go
@@ -13,9 +13,9 @@ func GetMounts(f FilterFunc) ([]*Info, error) {
// Mounted determines if a specified path is a mount point. In case of any
// error, false (and an error) is returned.
//
-// The non-existent path returns an error. If a caller is not interested
-// in this particular error, it should handle it separately using e.g.
-// errors.Is(err, os.ErrNotExist).
+// If a non-existent path is specified, an appropriate error is returned.
+// In case the caller is not interested in this particular error, it should
+// be handled separately using e.g. errors.Is(err, os.ErrNotExist).
func Mounted(path string) (bool, error) {
// root is always mounted
if path == string(os.PathSeparator) {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f6042a041..a40357e2d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -87,7 +87,7 @@ github.com/containernetworking/cni/pkg/version
# github.com/containernetworking/plugins v1.0.1
## explicit
github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/buildah v1.24.1
+# github.com/containers/buildah v1.24.2
## explicit
github.com/containers/buildah
github.com/containers/buildah/bind
@@ -231,7 +231,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.38.2
+# github.com/containers/storage v1.38.3-0.20220214113600-26c561f9a645
## explicit
github.com/containers/storage
github.com/containers/storage/drivers
@@ -387,7 +387,7 @@ github.com/felixge/httpsnoop
# github.com/fsnotify/fsnotify v1.5.1
## explicit
github.com/fsnotify/fsnotify
-# github.com/fsouza/go-dockerclient v1.7.7
+# github.com/fsouza/go-dockerclient v1.7.8
github.com/fsouza/go-dockerclient
# github.com/ghodss/yaml v1.0.0
## explicit
@@ -412,7 +412,7 @@ github.com/golang/protobuf/ptypes
github.com/golang/protobuf/ptypes/any
github.com/golang/protobuf/ptypes/duration
github.com/golang/protobuf/ptypes/timestamp
-# github.com/google/go-cmp v0.5.6
+# github.com/google/go-cmp v0.5.7
github.com/google/go-cmp/cmp
github.com/google/go-cmp/cmp/internal/diff
github.com/google/go-cmp/cmp/internal/flags
@@ -491,7 +491,7 @@ github.com/mistifyio/go-zfs
github.com/mitchellh/mapstructure
# github.com/moby/sys/mount v0.2.0
github.com/moby/sys/mount
-# github.com/moby/sys/mountinfo v0.5.0
+# github.com/moby/sys/mountinfo v0.6.0
github.com/moby/sys/mountinfo
# github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
## explicit