diff options
27 files changed, 808 insertions, 563 deletions
@@ -122,7 +122,6 @@ packages: - python3-varlink - python3-dateutil - python3-psutil - - https://kojipkgs.fedoraproject.org//packages/runc/1.0.0/55.dev.git578fe65.fc28/x86_64/runc-1.0.0-55.dev.git578fe65.fc28.x86_64.rpm tests: - sed 's/^expand-check.*/expand-check=0/g' -i /etc/selinux/semanage.conf diff --git a/Dockerfile.Fedora b/Dockerfile.Fedora index 51bcaeaf0..2080b597b 100644 --- a/Dockerfile.Fedora +++ b/Dockerfile.Fedora @@ -17,7 +17,7 @@ RUN dnf -y install btrfs-progs-devel \ libseccomp-devel \ libselinux-devel \ skopeo-containers \ - https://kojipkgs.fedoraproject.org//packages/runc/1.0.0/55.dev.git578fe65.fc28/x86_64/runc-1.0.0-55.dev.git578fe65.fc28.x86_64.rpm \ + runc \ make \ ostree-devel \ python \ diff --git a/cmd/podman/kube.go b/cmd/podman/kube.go index ced87e2bd..2cb407c09 100644 --- a/cmd/podman/kube.go +++ b/cmd/podman/kube.go @@ -18,5 +18,6 @@ var ( Subcommands: kubeSubCommands, UseShortOptionHandling: true, OnUsageError: usageErrorHandler, + Hidden: true, } ) diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index 83274c9a8..0b03388a2 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -184,7 +184,7 @@ var ( Usage: "Display the extended information", }, cli.BoolFlag{ - Name: "pod", + Name: "pod, p", Usage: "Print the ID and name of the pod the containers are associated with", }, cli.BoolFlag{ diff --git a/completions/bash/podman b/completions/bash/podman index c34381e2b..3cccf2192 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -5,7 +5,7 @@ __podman_previous_extglob_setting=$(shopt -p extglob) shopt -s extglob __podman_q() { - podman ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@" + podman ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@" } # __podman_containers returns a list of containers. Additional options to @@ -232,7 +232,7 @@ __podman_services() { fields='$2' # names only shift fi - __podman_q service ls "$@" | awk "NR>1 {print $fields}" + __podman_q service ls "$@" | awk "NR>1 {print $fields}" } # __podman_complete_services applies completion of services based on the current @@ -694,20 +694,20 @@ _podman_attach() { --detach-keys " local boolean_options=" - --help - -h - --latest - -l - --no-stdin - --sig-proxy + --help + -h + --latest + -l + --no-stdin + --sig-proxy " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } @@ -730,12 +730,12 @@ _podman_container_checkpoint() { --tcp-established " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } @@ -791,6 +791,8 @@ _podman_container_refresh() { local options_with_args=" " local boolean_options=" + --help + -h " _complete_ "$options_with_args" "$boolean_options" } @@ -801,23 +803,23 @@ _podman_container_restart() { _podman_container_restore() { local boolean_options=" - -a - --all - -h - --help - -k - --keep - -l - --latest - --tcp-established + -a + --all + -h + --help + -k + --keep + -l + --latest + --tcp-established " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options" -- "$cur")) - ;; - *) - __podman_complete_containers_created - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options" -- "$cur")) + ;; + *) + __podman_complete_containers_created + ;; esac } @@ -825,10 +827,6 @@ _podman_container_rm() { _podman_rm } -_podman_container_run() { - _podman_run -} - _podman_container_start() { _podman_start } @@ -931,29 +929,29 @@ _podman_commit() { _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } _podman_build() { local boolean_options=" - --force-rm - --help - -h - --layers - --no-cache - --pull - --pull-always - --quiet - -q - --rm - --squash - --tls-verify + --force-rm + --help + -h + --layers + --no-cache + --pull + --pull-always + --quiet + -q + --rm + --squash + --tls-verify " local options_with_args=" @@ -1006,18 +1004,18 @@ _podman_build() { local all_options="$options_with_args $boolean_options" case "$prev" in - --runtime) - COMPREPLY=($(compgen -W 'runc runv' -- "$cur")) - ;; - $(__podman_to_extglob "$options_with_args")) + --runtime) + COMPREPLY=($(compgen -W 'runc runv' -- "$cur")) + ;; + $(__podman_to_extglob "$options_with_args")) return ;; esac case "$cur" in -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; esac } @@ -1026,16 +1024,18 @@ _podman_diff() { --format " local boolean_options=" - " + --help + -h + " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } @@ -1047,19 +1047,21 @@ _podman_exec() { -u " local boolean_options=" - --latest - -l - --privileged - --tty - -t + --help + -h + --latest + -l + --privileged + --tty + -t " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } @@ -1069,14 +1071,16 @@ _podman_export() { -o " local boolean_options=" + --help + -h " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } @@ -1085,19 +1089,21 @@ _podman_history() { --format " local boolean_options=" - --human -H - --no-trunc - --quiet -q + --help + -h + --human -H + --no-trunc + --quiet -q " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images --id - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; esac } @@ -1118,20 +1124,20 @@ _podman_import() { _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_list_images - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_list_images + ;; esac } _podman_info() { local boolean_options=" - --help - -h - --debug + --help + -h + --debug " local options_with_args=" --format @@ -1140,12 +1146,12 @@ _podman_info() { local all_options="$options_with_args $boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_list_images - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_list_images + ;; esac } @@ -1201,7 +1207,7 @@ _podman_image() { local boolean_options=" --help -h - " + " subcommands=" build history @@ -1232,20 +1238,20 @@ _podman_image() { _podman_images() { local boolean_options=" - -a - --all - --digests - --digests - -f - --filter - -h - --help - --no-trunc - --notruncate - -n - --noheading - -q - --quiet + -a + --all + --digests + --digests + -f + --filter + -h + --help + --no-trunc + --notruncate + -n + --noheading + -q + --quiet " local options_with_args=" --format @@ -1255,22 +1261,22 @@ _podman_images() { local all_options="$options_with_args $boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images --id - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; esac } _podman_inspect() { local boolean_options=" - --help - -h - --latest - -l - " + --help + -h + --latest + -l + " local options_with_args=" --format -f @@ -1335,20 +1341,20 @@ _podman_kill() { --signal -s " local boolean_options=" - --all - -a - --help - -h - --latest - -l + --all + -a + --help + -h + --latest + -l " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } @@ -1358,22 +1364,24 @@ _podman_logs() { --tail " local boolean_options=" - --follow - -f - --latest - -l - --timestamps - -t + --follow + -f + --help + -h + --latest + -l + --timestamps + -t " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_list_containers - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_list_containers + ;; esac } @@ -1385,10 +1393,13 @@ _podman_pull() { --signature-policy " local boolean_options=" - --all-tags -a - --quiet - -q - --tls-verify + --all-tags + -a + --help + -h + --quiet + -q + --tls-verify " _complete_ "$options_with_args" "$boolean_options" } @@ -1401,7 +1412,9 @@ _podman_search() { --limit " local boolean_options=" - --no-trunc + --help + -h + --no-trunc " _complete_ "$options_with_args" "$boolean_options" } @@ -1412,56 +1425,58 @@ _podman_unmount() { _podman_umount() { local boolean_options=" - --all - -a - --force - -f - --help - -h - " + --all + -a + --help + -h + --force + -f + " local options_with_args=" - " + " local all_options="$options_with_args $boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } _podman_mount() { local boolean_options=" - --help - -h - --notruncate - " + --help + -h + --notruncate + " local options_with_args=" - --format - " + --format + " local all_options="$options_with_args $boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } _podman_push() { local boolean_options=" - --compress - --quiet - -q - --remove-signatures - --tls-verify + --compress + --help + -h + --quiet + -q + --remove-signatures + --tls-verify " local options_with_args=" @@ -1476,12 +1491,12 @@ _podman_push() { local all_options="$options_with_args $boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images --id - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; esac } @@ -1563,16 +1578,17 @@ _podman_container_run() { " local boolean_options=" - --disable-content-trust=false - --help - --init - --interactive -i - --oom-kill-disable - --privileged - --publish-all -P - --quiet - --read-only - --tty -t + --disable-content-trust=false + --help + -h + --init + --interactive -i + --oom-kill-disable + --privileged + --publish-all -P + --quiet + --read-only + --tty -t " if [ "$command" = "run" -o "$subcommand" = "run" ] ; then @@ -1593,12 +1609,13 @@ _podman_container_run() { fi case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images --id - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + return + ;; + *) + __podman_complete_images --id + ;; esac @@ -1781,33 +1798,38 @@ _podman_restart() { --timeout -t " local boolean_options=" - --all - -a - --latest - -l - --running - --timeout - -t" + --all + -a + --help + -h + --latest + -l + --running + --timeout + -t + " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } _podman_rm() { local boolean_options=" - --all - -a - --force - -f - --latest - -l - --volumes - -v + --all + -a + --force + -f + --help + -h + --latest + -l + --volumes + -v " local options_with_args=" @@ -1816,52 +1838,53 @@ _podman_rm() { local all_options="$options_with_args $boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } _podman_rmi() { local boolean_options=" - --help - -h - --force - -f - -a - --all + --all + -a + --force + -f + --help + -h " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images --id - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; esac } _podman_stats() { local boolean_options=" - --help - --all - -a - --no-stream - --format - --no-reset + --all + -a + --help + -h + --no-stream + --format + --no-reset " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } @@ -1869,49 +1892,51 @@ _podman_tag() { local options_with_args=" " local boolean_options=" + --help + -h " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images + ;; esac } __podman_top_descriptors() { - podman top --list-descriptors + podman top --list-descriptors } __podman_complete_top_descriptors() { - COMPREPLY=($(compgen -W "$(__podman_top_descriptors)" -- "$cur")) + COMPREPLY=($(compgen -W "$(__podman_top_descriptors)" -- "$cur")) } _podman_top() { local options_with_args=" " local boolean_options=" - --help - -h - --latest - -l + --help + -h + --latest + -l " # podman-top works on only *one* container, which means that when we have # three or more arguments, we can complete with top descriptors. if [[ "${COMP_CWORD}" -ge 3 ]]; then - __podman_complete_top_descriptors - return + __podman_complete_top_descriptors + return fi case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } @@ -1934,56 +1959,61 @@ _podman_save() { --format " local boolean_options=" - --compress - -q - --quiet + --compress + --help + -h + -q + --quiet " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images --id - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; esac } _podman_pause() { local boolean_options=" - -a - --all + --all + -a + --help + -h " local options_with_args=" - --help -h " local boolean_options="" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } _podman_port() { local options_with_args=" - --help -h " local boolean_options=" - --all - -a - -l - --latest" + --all + -a + --help + -h + -l + --latest + " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } @@ -1999,13 +2029,14 @@ _podman_ps() { --sort " local boolean_options=" - --all -a - --latest -l - --no-trunc - --pod - --quiet -q - --size -s - --namespace --ns + --all -a + --help -h + --latest -l + --no-trunc + --pod -p + --quiet -q + --size -s + --namespace --ns " _complete_ "$options_with_args" "$boolean_options" } @@ -2016,23 +2047,23 @@ _podman_start() { " local boolean_options=" - -h - --help - -a - --attach - -i - --interactive - --latest - -l - --sig-proxy + --attach + -a + -h + --help + -i + --interactive + --latest + -l + --sig-proxy " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } _podman_stop() { @@ -2040,64 +2071,70 @@ _podman_stop() { --timeout -t " local boolean_options=" - --all - -a - --latest - -l" + --all + -a + -h + --help + --latest + -l + " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_running - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_running + ;; esac } _podman_unpause() { local boolean_options=" - -a - --all + --all + -a + --help + -h " local options_with_args=" - --help -h " - local boolean_options="" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_containers_unpauseable - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_containers_unpauseable + ;; esac } _podman_varlink() { local options_with_args=" - --help -h --timeout -t " - local boolean_options="" + local boolean_options=" + --help + -h + " _complete_ "$options_with_args" "$boolean_options" } _podman_wait() { local options_with_args="" local boolean_options=" - --help - -h - -i + --help + -h + -i -l - --interval - --latest" + --interval + --latest + " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_container_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_container_names + ;; esac } @@ -2124,8 +2161,10 @@ _podman_load() { --signature-policy " local boolean_options=" - --quiet - -q + --help + -h + --quiet + -q " _complete_ "$options_with_args" "$boolean_options" } @@ -2139,8 +2178,8 @@ _podman_login() { --authfile " local boolean_options=" - --help - -h + --help + -h " _complete_ "$options_with_args" "$boolean_options" } @@ -2150,10 +2189,10 @@ _podman_logout() { --authfile " local boolean_options=" - --all - -a - --help - -h + --all + -a + --help + -h " _complete_ "$options_with_args" "$boolean_options" } @@ -2168,23 +2207,23 @@ _podman_container_runlabel() { " local boolean_options=" - --display - --help - -h - -p - --pull - -q - --quiet - --tls-verify + --display + --help + -h + -p + --pull + -q + --quiet + --tls-verify " case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_images --id - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images --id + ;; esac } @@ -2220,7 +2259,9 @@ _podman_pod_create() { " local boolean_options=" - --infra + --help + -h + --infra " _complete_ "$options_with_args" "$boolean_options" } @@ -2230,21 +2271,23 @@ _podman_pod_kill() { " local boolean_options=" - --all - -a - --signal - -s - --latest - -l + --all + -a + --help + -h + --signal + -s + --latest + -l " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_pod_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_pod_names + ;; esac } @@ -2257,16 +2300,18 @@ __podman_pod_ps() { " local boolean_options=" - --cgroup - --ctr-ids - --ctr-names - --ctr-status - -q - --quiet - --no-trunc - --labels - -l - --latest + --cgroup + --ctr-ids + --ctr-names + --ctr-status + --help + -h + -q + --quiet + --no-trunc + --labels + -l + --latest " _complete_ "$options_with_args" "$boolean_options" } @@ -2288,19 +2333,21 @@ _podman_pod_restart() { " local boolean_options=" - --all - -a - --latest - -l + --all + -a + --help + -h + --latest + -l " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_pod_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_pod_names + ;; esac } @@ -2309,21 +2356,23 @@ _podman_pod_rm() { " local boolean_options=" - -a - --all - -f - --force - --latest - -l + -a + --all + --help + -h + -f + --force + --latest + -l " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_pod_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_pod_names + ;; esac } @@ -2332,19 +2381,21 @@ _podman_pod_start() { " local boolean_options=" - --all - -a - --latest - -l + --all + -a + --help + -h + --latest + -l " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_pod_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_pod_names + ;; esac } @@ -2353,20 +2404,22 @@ _podman_pod_stop() { " local boolean_options=" - --all - -a - --cleanup - --latest - -l + --all + -a + --cleanup + --help + -h + --latest + -l " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_pod_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_pod_names + ;; esac } @@ -2375,19 +2428,21 @@ _podman_pod_pause() { " local boolean_options=" - --all - -a - --latest - -l + --all + -a + --help + -h + --latest + -l " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_pod_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_pod_names + ;; esac } @@ -2396,26 +2451,28 @@ _podman_pod_unpause() { " local boolean_options=" - --all - -a - --latest - -l + --all + -a + --help + -h + --latest + -l " _complete_ "$options_with_args" "$boolean_options" case "$cur" in - -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) - ;; - *) - __podman_complete_pod_names - ;; + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_pod_names + ;; esac } _podman_pod() { local boolean_options=" - --help - -h + --help + -h " subcommands=" create @@ -2438,29 +2495,31 @@ _podman_pod() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; + COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) + ;; esac } _podman_podman() { local options_with_args=" - --config -c - --cpu-profile - --root - --runroot - --storage-driver - --storage-opt - --log-level - --namespace + --config -c + --cpu-profile + --root + --runroot + --storage-driver + --storage-opt + --log-level + --namespace " local boolean_options=" - --help -h - --version -v - --syslog + --help + -h + --version + -v + --syslog " commands=" attach diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 474796a35..6fbdd0d03 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -466,9 +466,10 @@ By default, podman containers are This is because by default a container is not allowed to access any devices. A “privileged” container is given access to all devices. -When the operator executes **podman run --privileged**, podman enables access -to all devices on the host as well as set turn off most of the security measures -protecting the host from the container. +When the operator executes a privileged container, podman enables access +to all devices on the host, turns off graphdriver mount options, as well as +turning off most of the security measures protecting the host from the +container. **-p**, **--publish**=[] diff --git a/docs/podman-ps.1.md b/docs/podman-ps.1.md index 2cb77ffed..7333a1095 100644 --- a/docs/podman-ps.1.md +++ b/docs/podman-ps.1.md @@ -24,7 +24,7 @@ all the containers information. By default it lists: Show all the containers, default is only running containers -**--pod** +**--pod, -p** Display the pods the containers are associated with diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 202091b07..a6761a393 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -451,8 +451,9 @@ container is not allowed to access any devices. A “privileged” container is given access to all devices. When the operator executes **podman run --privileged**, podman enables access -to all devices on the host as well as set turn off most of the security measures -protecting the host from the container. +to all devices on the host, turns off graphdriver mount options, as well as +turning off most of the security measures protecting the host from the +container. **-p**, **--publish**=[] diff --git a/libpod/container_internal.go b/libpod/container_internal.go index b616e0a07..e31a8099c 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -273,6 +273,27 @@ func (c *Container) setupStorage(ctx context.Context) error { }, LabelOpts: c.config.LabelOpts, } + if c.config.Privileged { + privOpt := func(opt string) bool { + for _, privopt := range []string{"nodev", "nosuid", "noexec"} { + if opt == privopt { + return true + } + } + return false + } + defOptions, err := storage.GetDefaultMountOptions() + if err != nil { + return errors.Wrapf(err, "error getting default mount options") + } + var newOptions []string + for _, opt := range defOptions { + if !privOpt(opt) { + newOptions = append(newOptions, opt) + } + } + options.MountOpts = newOptions + } if c.config.Rootfs == "" { options.IDMappingOptions = c.config.IDMappings @@ -821,28 +842,22 @@ func (c *Container) mountStorage() (string, error) { return c.state.Mountpoint, nil } - if !rootless.IsRootless() { - // TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts - mounted, err := mount.Mounted(c.config.ShmDir) - if err != nil { - return "", errors.Wrapf(err, "unable to determine if %q is mounted", c.config.ShmDir) - } + mounted, err := mount.Mounted(c.config.ShmDir) + if err != nil { + return "", errors.Wrapf(err, "unable to determine if %q is mounted", c.config.ShmDir) + } + if !mounted { + shmOptions := fmt.Sprintf("mode=1777,size=%d", c.config.ShmSize) + if err := c.mountSHM(shmOptions); err != nil { + return "", err + } if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { return "", errors.Wrapf(err, "failed to chown %s", c.config.ShmDir) } - - if !mounted { - shmOptions := fmt.Sprintf("mode=1777,size=%d", c.config.ShmSize) - if err := c.mountSHM(shmOptions); err != nil { - return "", err - } - if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { - return "", errors.Wrapf(err, "failed to chown %s", c.config.ShmDir) - } - } } + // TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts mountPoint := c.config.Rootfs if mountPoint == "" { mountPoint, err = c.mount() diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 4e892d11c..fe614e911 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -28,6 +28,10 @@ var _ = Describe("Podman checkpoint", func() { if !criu.CheckForCriu() { Skip("CRIU is missing or too old.") } + hostInfo := podmanTest.Host + if hostInfo.Distribution == "fedora" && hostInfo.Version == "29" { + Skip("Checkpoint tests appear to fail on F29.") + } }) AfterEach(func() { diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go index c75910296..b15e6731b 100644 --- a/test/e2e/rootless_test.go +++ b/test/e2e/rootless_test.go @@ -56,6 +56,7 @@ var _ = Describe("Podman rootless", func() { commands := []string{"help", "version"} for _, v := range commands { env := os.Environ() + env = append(env, "USER=foo") cmd := podmanTest.PodmanAsUser([]string{v}, 1000, 1000, env) cmd.WaitWithDefaultTimeout() Expect(cmd.ExitCode()).To(Equal(0)) @@ -122,6 +123,7 @@ var _ = Describe("Podman rootless", func() { env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", xdgRuntimeDir)) env = append(env, fmt.Sprintf("HOME=%s", home)) env = append(env, "PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS=1") + env = append(env, "USER=foo") cmd := rootlessTest.PodmanAsUser([]string{"pod", "create", "--infra=false"}, 1000, 1000, env) cmd.WaitWithDefaultTimeout() @@ -152,6 +154,7 @@ var _ = Describe("Podman rootless", func() { env := os.Environ() env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", xdgRuntimeDir)) env = append(env, fmt.Sprintf("HOME=%s", home)) + env = append(env, "USER=foo") cmd := podmanTest.PodmanAsUser([]string{"search", "docker.io/busybox"}, 1000, 1000, env) cmd.WaitWithDefaultTimeout() Expect(cmd.ExitCode()).To(Equal(0)) @@ -165,6 +168,7 @@ var _ = Describe("Podman rootless", func() { env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", xdgRuntimeDir)) env = append(env, fmt.Sprintf("HOME=%s", home)) env = append(env, "PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS=1") + env = append(env, "USER=foo") allArgs := append([]string{"run"}, args...) allArgs = append(allArgs, "--rootfs", mountPath, "echo", "hello") diff --git a/vendor.conf b/vendor.conf index f9fccfdfb..be306a181 100644 --- a/vendor.conf +++ b/vendor.conf @@ -12,7 +12,7 @@ github.com/containerd/continuity master github.com/containernetworking/cni v0.7.0-alpha1 github.com/containernetworking/plugins 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1 github.com/containers/image bd10b1b53b2976f215b3f2f848fb8e7cad779aeb -github.com/containers/storage 3161726d1db0d0d4e86a9667dd476f09b997f497 +github.com/containers/storage 9d3838cd434d32042f9bdf1f9f4a2bf2d6ea8dc5 github.com/containers/psgo 5dde6da0bc8831b35243a847625bcf18183bd1ee github.com/coreos/go-systemd v14 github.com/cri-o/ocicni 2d2983e40c242322a56c22a903785e7f83eb378c diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go index 0a125331d..beaf41f39 100644 --- a/vendor/github.com/containers/storage/containers.go +++ b/vendor/github.com/containers/storage/containers.go @@ -147,6 +147,13 @@ func (c *Container) ProcessLabel() string { return "" } +func (c *Container) MountOpts() []string { + if mountOpts, ok := c.Flags["MountOpts"].([]string); ok { + return mountOpts + } + return nil +} + func (r *containerStore) Containers() ([]Container, error) { containers := make([]Container, len(r.containers)) for i := range r.containers { @@ -293,6 +300,9 @@ func (r *containerStore) Create(id string, names []string, image, layer, metadat if _, idInUse := r.byid[id]; idInUse { return nil, ErrDuplicateID } + if options.MountOpts != nil { + options.Flags["MountOpts"] = append([]string{}, options.MountOpts...) + } names = dedupeNames(names) for _, name := range names { if _, nameInUse := r.byname[name]; nameInUse { diff --git a/vendor/github.com/containers/storage/containers_ffjson.go b/vendor/github.com/containers/storage/containers_ffjson.go index 6e83808d4..aef6becfe 100644 --- a/vendor/github.com/containers/storage/containers_ffjson.go +++ b/vendor/github.com/containers/storage/containers_ffjson.go @@ -1,6 +1,5 @@ // Code generated by ffjson <https://github.com/pquerna/ffjson>. DO NOT EDIT. // source: containers.go -// package storage diff --git a/vendor/github.com/containers/storage/drivers/aufs/aufs.go b/vendor/github.com/containers/storage/drivers/aufs/aufs.go index 474c7574d..ca69816be 100644 --- a/vendor/github.com/containers/storage/drivers/aufs/aufs.go +++ b/vendor/github.com/containers/storage/drivers/aufs/aufs.go @@ -441,7 +441,7 @@ func (a *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { // If a dir does not have a parent ( no layers )do not try to mount // just return the diff path to the data if len(parents) > 0 { - if err := a.mount(id, m, options.MountLabel, parents); err != nil { + if err := a.mount(id, m, parents, options); err != nil { return "", err } } @@ -585,7 +585,7 @@ func (a *Driver) getParentLayerPaths(id string) ([]string, error) { return layers, nil } -func (a *Driver) mount(id string, target string, mountLabel string, layers []string) error { +func (a *Driver) mount(id string, target string, layers []string, options graphdriver.MountOpts) error { a.Lock() defer a.Unlock() @@ -596,7 +596,7 @@ func (a *Driver) mount(id string, target string, mountLabel string, layers []str rw := a.getDiffPath(id) - if err := a.aufsMount(layers, rw, target, mountLabel); err != nil { + if err := a.aufsMount(layers, rw, target, options); err != nil { return fmt.Errorf("error creating aufs mount to %s: %v", target, err) } return nil @@ -643,7 +643,7 @@ func (a *Driver) Cleanup() error { return mountpk.Unmount(a.root) } -func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) { +func (a *Driver) aufsMount(ro []string, rw, target string, options graphdriver.MountOpts) (err error) { defer func() { if err != nil { Unmount(target) @@ -657,7 +657,7 @@ func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err erro if useDirperm() { offset += len(",dirperm1") } - b := make([]byte, unix.Getpagesize()-len(mountLabel)-offset) // room for xino & mountLabel + b := make([]byte, unix.Getpagesize()-len(options.MountLabel)-offset) // room for xino & mountLabel bp := copy(b, fmt.Sprintf("br:%s=rw", rw)) index := 0 @@ -670,21 +670,25 @@ func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err erro } opts := "dio,xino=/dev/shm/aufs.xino" - if a.mountOptions != "" { - opts += fmt.Sprintf(",%s", a.mountOptions) + mountOptions := a.mountOptions + if len(options.Options) > 0 { + mountOptions = strings.Join(options.Options, ",") + } + if mountOptions != "" { + opts += fmt.Sprintf(",%s", mountOptions) } if useDirperm() { opts += ",dirperm1" } - data := label.FormatMountLabel(fmt.Sprintf("%s,%s", string(b[:bp]), opts), mountLabel) + data := label.FormatMountLabel(fmt.Sprintf("%s,%s", string(b[:bp]), opts), options.MountLabel) if err = mount("none", target, "aufs", 0, data); err != nil { return } for ; index < len(ro); index++ { layer := fmt.Sprintf(":%s=ro+wh", ro[index]) - data := label.FormatMountLabel(fmt.Sprintf("append%s", layer), mountLabel) + data := label.FormatMountLabel(fmt.Sprintf("append%s", layer), options.MountLabel) if err = mount("none", target, "aufs", unix.MS_REMOUNT, data); err != nil { return } diff --git a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go index adc34d209..567cda9d3 100644 --- a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go +++ b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go @@ -640,6 +640,9 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { if err != nil { return "", err } + if len(options.Options) > 0 { + return "", fmt.Errorf("btrfs driver does not support mount options") + } if !st.IsDir() { return "", fmt.Errorf("%s: not a directory", dir) diff --git a/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go b/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go index cbf67b3eb..2801dfdc5 100644 --- a/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go +++ b/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go @@ -2364,7 +2364,7 @@ func (devices *DeviceSet) xfsSetNospaceRetries(info *devInfo) error { } // MountDevice mounts the device if not already mounted. -func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error { +func (devices *DeviceSet) MountDevice(hash, path string, moptions graphdriver.MountOpts) error { info, err := devices.lookupDeviceWithLock(hash) if err != nil { return err @@ -2396,8 +2396,17 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error { options = joinMountOptions(options, "nouuid") } - options = joinMountOptions(options, devices.mountOptions) - options = joinMountOptions(options, label.FormatMountLabel("", mountLabel)) + mountOptions := devices.mountOptions + if len(moptions.Options) > 0 { + addNouuid := strings.Contains("nouuid", mountOptions) + mountOptions = strings.Join(moptions.Options, ",") + if addNouuid { + mountOptions = fmt.Sprintf("nouuid,", mountOptions) + } + } + + options = joinMountOptions(options, mountOptions) + options = joinMountOptions(options, label.FormatMountLabel("", moptions.MountLabel)) if err := mount.Mount(info.DevName(), path, fstype, options); err != nil { return fmt.Errorf("devmapper: Error mounting '%s' on '%s': %s\n%v", info.DevName(), path, err, string(dmesg.Dmesg(256))) diff --git a/vendor/github.com/containers/storage/drivers/devmapper/driver.go b/vendor/github.com/containers/storage/drivers/devmapper/driver.go index 9fc082d7d..39a4fbe2c 100644 --- a/vendor/github.com/containers/storage/drivers/devmapper/driver.go +++ b/vendor/github.com/containers/storage/drivers/devmapper/driver.go @@ -9,8 +9,6 @@ import ( "path" "strconv" - "github.com/sirupsen/logrus" - "github.com/containers/storage/drivers" "github.com/containers/storage/pkg/devicemapper" "github.com/containers/storage/pkg/idtools" @@ -18,6 +16,7 @@ import ( "github.com/containers/storage/pkg/mount" "github.com/containers/storage/pkg/system" units "github.com/docker/go-units" + "github.com/sirupsen/logrus" ) func init() { @@ -189,7 +188,7 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { } // Mount the device - if err := d.DeviceSet.MountDevice(id, mp, options.MountLabel); err != nil { + if err := d.DeviceSet.MountDevice(id, mp, options); err != nil { d.ctr.Decrement(mp) return "", err } diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go index 4569c7b59..476b55160 100644 --- a/vendor/github.com/containers/storage/drivers/driver.go +++ b/vendor/github.com/containers/storage/drivers/driver.go @@ -49,6 +49,7 @@ type MountOpts struct { // UidMaps & GidMaps are the User Namespace mappings to be assigned to content in the mount point UidMaps []idtools.IDMap GidMaps []idtools.IDMap + Options []string } // InitFunc initializes the storage driver. diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index b7e15a7f6..a165a13a3 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -743,7 +743,9 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO workDir := path.Join(dir, "work") opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(absLowers, ":"), diffDir, workDir) - if d.options.mountOptions != "" { + if len(options.Options) > 0 { + opts = fmt.Sprintf("%s,%s", strings.Join(options.Options, ","), opts) + } else if d.options.mountOptions != "" { opts = fmt.Sprintf("%s,%s", d.options.mountOptions, opts) } mountData := label.FormatMountLabel(opts, options.MountLabel) diff --git a/vendor/github.com/containers/storage/drivers/vfs/driver.go b/vendor/github.com/containers/storage/drivers/vfs/driver.go index d10fb2607..e3a67a69b 100644 --- a/vendor/github.com/containers/storage/drivers/vfs/driver.go +++ b/vendor/github.com/containers/storage/drivers/vfs/driver.go @@ -181,6 +181,9 @@ func (d *Driver) Remove(id string) error { // Get returns the directory for the given id. func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr error) { dir := d.dir(id) + if len(options.Options) > 0 { + return "", fmt.Errorf("vfs driver does not support mount options") + } if st, err := os.Stat(dir); err != nil { return "", err } else if !st.IsDir() { diff --git a/vendor/github.com/containers/storage/drivers/windows/windows.go b/vendor/github.com/containers/storage/drivers/windows/windows.go index 4ccf657dc..c6d86a4ab 100644 --- a/vendor/github.com/containers/storage/drivers/windows/windows.go +++ b/vendor/github.com/containers/storage/drivers/windows/windows.go @@ -367,6 +367,9 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, options.MountLabel) var dir string + if len(options.Options) > 0 { + return "", fmt.Errorf("windows driver does not support mount options") + } rID, err := d.resolveID(id) if err != nil { return "", err diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go index 4e27a0a6f..c3ce6e869 100644 --- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go +++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go @@ -366,8 +366,13 @@ func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { return mountpoint, nil } + mountOptions := d.options.mountOptions + if len(options.Options) > 0 { + mountOptions = strings.Join(options.Options, ",") + } + filesystem := d.zfsPath(id) - opts := label.FormatMountLabel(d.options.mountOptions, options.MountLabel) + opts := label.FormatMountLabel(mountOptions, options.MountLabel) logrus.Debugf(`[zfs] mount("%s", "%s", "%s")`, filesystem, mountpoint, opts) rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) diff --git a/vendor/github.com/containers/storage/layers_ffjson.go b/vendor/github.com/containers/storage/layers_ffjson.go index 09b5d0f33..125b5d8c9 100644 --- a/vendor/github.com/containers/storage/layers_ffjson.go +++ b/vendor/github.com/containers/storage/layers_ffjson.go @@ -1,5 +1,5 @@ // Code generated by ffjson <https://github.com/pquerna/ffjson>. DO NOT EDIT. -// source: ./layers.go +// source: layers.go package storage diff --git a/vendor/github.com/containers/storage/pkg/archive/example_changes.go b/vendor/github.com/containers/storage/pkg/archive/example_changes.go new file mode 100644 index 000000000..70f9c5564 --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/archive/example_changes.go @@ -0,0 +1,97 @@ +// +build ignore + +// Simple tool to create an archive stream from an old and new directory +// +// By default it will stream the comparison of two temporary directories with junk files +package main + +import ( + "flag" + "fmt" + "io" + "io/ioutil" + "os" + "path" + + "github.com/containers/storage/pkg/archive" + "github.com/sirupsen/logrus" +) + +var ( + flDebug = flag.Bool("D", false, "debugging output") + flNewDir = flag.String("newdir", "", "") + flOldDir = flag.String("olddir", "", "") + log = logrus.New() +) + +func main() { + flag.Usage = func() { + fmt.Println("Produce a tar from comparing two directory paths. By default a demo tar is created of around 200 files (including hardlinks)") + fmt.Printf("%s [OPTIONS]\n", os.Args[0]) + flag.PrintDefaults() + } + flag.Parse() + log.Out = os.Stderr + if (len(os.Getenv("DEBUG")) > 0) || *flDebug { + logrus.SetLevel(logrus.DebugLevel) + } + var newDir, oldDir string + + if len(*flNewDir) == 0 { + var err error + newDir, err = ioutil.TempDir("", "storage-test-newDir") + if err != nil { + log.Fatal(err) + } + defer os.RemoveAll(newDir) + if _, err := prepareUntarSourceDirectory(100, newDir, true); err != nil { + log.Fatal(err) + } + } else { + newDir = *flNewDir + } + + if len(*flOldDir) == 0 { + oldDir, err := ioutil.TempDir("", "storage-test-oldDir") + if err != nil { + log.Fatal(err) + } + defer os.RemoveAll(oldDir) + } else { + oldDir = *flOldDir + } + + changes, err := archive.ChangesDirs(newDir, oldDir) + if err != nil { + log.Fatal(err) + } + + a, err := archive.ExportChanges(newDir, changes) + if err != nil { + log.Fatal(err) + } + defer a.Close() + + i, err := io.Copy(os.Stdout, a) + if err != nil && err != io.EOF { + log.Fatal(err) + } + fmt.Fprintf(os.Stderr, "wrote archive of %d bytes", i) +} + +func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks bool) (int, error) { + fileData := []byte("fooo") + for n := 0; n < numberOfFiles; n++ { + fileName := fmt.Sprintf("file-%d", n) + if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil { + return 0, err + } + if makeLinks { + if err := os.Link(path.Join(targetPath, fileName), path.Join(targetPath, fileName+"-link")); err != nil { + return 0, err + } + } + } + totalSize := numberOfFiles * len(fileData) + return totalSize, nil +} diff --git a/vendor/github.com/containers/storage/pkg/idtools/parser.go b/vendor/github.com/containers/storage/pkg/idtools/parser.go index 9b76395c2..c56aa86a2 100644 --- a/vendor/github.com/containers/storage/pkg/idtools/parser.go +++ b/vendor/github.com/containers/storage/pkg/idtools/parser.go @@ -30,8 +30,8 @@ func parseTriple(spec []string) (container, host, size uint32, err error) { } // ParseIDMap parses idmap triples from string. -func ParseIDMap(idMapSpec, mapSetting string) (idmap []IDMap, err error) { - if len(idMapSpec) > 0 { +func ParseIDMap(mapSpec []string, mapSetting string) (idmap []IDMap, err error) { + for _, idMapSpec := range mapSpec { idSpec := strings.Fields(strings.Map(nonDigitsToWhitespace, idMapSpec)) if len(idSpec)%3 != 0 { return nil, fmt.Errorf("error initializing ID mappings: %s setting is malformed", mapSetting) diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index dfc30c43f..e0dd1b92f 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -21,6 +21,7 @@ import ( "github.com/containers/storage/pkg/directory" "github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/ioutils" + "github.com/containers/storage/pkg/parsers" "github.com/containers/storage/pkg/stringid" "github.com/containers/storage/pkg/stringutils" digest "github.com/opencontainers/go-digest" @@ -501,6 +502,7 @@ type ContainerOptions struct { IDMappingOptions LabelOpts []string Flags map[string]interface{} + MountOpts []string } type store struct { @@ -2144,21 +2146,20 @@ func (s *store) DeleteContainer(id string) error { if err = rlstore.Delete(container.LayerID); err != nil { return err } - if err = rcstore.Delete(id); err != nil { - return err - } - middleDir := s.graphDriverName + "-containers" - gcpath := filepath.Join(s.GraphRoot(), middleDir, container.ID) - if err = os.RemoveAll(gcpath); err != nil { - return err - } - rcpath := filepath.Join(s.RunRoot(), middleDir, container.ID) - if err = os.RemoveAll(rcpath); err != nil { - return err - } - return nil } - return ErrNotALayer + if err = rcstore.Delete(id); err != nil { + return err + } + middleDir := s.graphDriverName + "-containers" + gcpath := filepath.Join(s.GraphRoot(), middleDir, container.ID) + if err = os.RemoveAll(gcpath); err != nil { + return err + } + rcpath := filepath.Join(s.RunRoot(), middleDir, container.ID) + if err = os.RemoveAll(rcpath); err != nil { + return err + } + return nil } } return ErrNotAContainer @@ -2279,10 +2280,14 @@ func (s *store) Version() ([][2]string, error) { func (s *store) Mount(id, mountLabel string) (string, error) { container, err := s.Container(id) - var uidMap, gidMap []idtools.IDMap + var ( + uidMap, gidMap []idtools.IDMap + mountOpts []string + ) if err == nil { uidMap, gidMap = container.UIDMap, container.GIDMap id = container.LayerID + mountOpts = container.MountOpts() } rlstore, err := s.LayerStore() if err != nil { @@ -2298,6 +2303,7 @@ func (s *store) Mount(id, mountLabel string) (string, error) { MountLabel: mountLabel, UidMaps: uidMap, GidMaps: gidMap, + Options: mountOpts, } return rlstore.Mount(id, options) } @@ -3203,13 +3209,13 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) { storeOptions.GIDMap = mappings.GIDs() } - uidmap, err := idtools.ParseIDMap(config.Storage.Options.RemapUIDs, "remap-uids") + uidmap, err := idtools.ParseIDMap([]string{config.Storage.Options.RemapUIDs}, "remap-uids") if err != nil { fmt.Print(err) } else { storeOptions.UIDMap = append(storeOptions.UIDMap, uidmap...) } - gidmap, err := idtools.ParseIDMap(config.Storage.Options.RemapGIDs, "remap-gids") + gidmap, err := idtools.ParseIDMap([]string{config.Storage.Options.RemapGIDs}, "remap-gids") if err != nil { fmt.Print(err) } else { @@ -3233,3 +3239,23 @@ func init() { ReloadConfigurationFile(defaultConfigFile, &DefaultStoreOptions) } + +func GetDefaultMountOptions() ([]string, error) { + mountOpts := []string{ + ".mountopt", + fmt.Sprintf("%s.mountopt", DefaultStoreOptions.GraphDriverName), + } + for _, option := range DefaultStoreOptions.GraphDriverOptions { + key, val, err := parsers.ParseKeyValueOpt(option) + if err != nil { + return nil, err + } + key = strings.ToLower(key) + for _, m := range mountOpts { + if m == key { + return strings.Split(val, ","), nil + } + } + } + return nil, nil +} |