diff options
| -rw-r--r-- | RELEASE_NOTES.md | 6 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 2 | ||||
| -rw-r--r-- | vendor/github.com/containers/buildah/imagebuildah/stage_executor.go | 16 | ||||
| -rw-r--r-- | vendor/github.com/containers/buildah/run_linux.go | 5 | ||||
| -rw-r--r-- | vendor/github.com/containers/buildah/util/util.go | 31 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
7 files changed, 61 insertions, 3 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index f2381f7e3..f813b494f 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -6,6 +6,7 @@ - The `podman ps --format=json` command now includes the ID of the image containers were created with - The `podman create` and `podman run` commands now support the `--device-cgroup-rule` flag ([#4876](https://github.com/containers/libpod/issues/4876)) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below +- The `podman create` and `podman run` commands now feature a `--no-healthcheck` flag to disable healthchecks for a container ([#5299](https://github.com/containers/libpod/issues/5299)) ### Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container @@ -28,6 +29,10 @@ - Fixed a bug where `podman commit --change` would perform incorrect validation, resulting in valid changes being rejected ([#5148](https://github.com/containers/libpod/issues/5148)) - Fixed a bug where `podman logs --tail` could take large amounts of memory when the log file for a container was large ([#5131](https://github.com/containers/libpod/issues/5131)) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using `firewalld` +- Fixed a bug where the `podman inspect` command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) +- Fixed a bug where the `--uts` flag to `podman create` and `podman run` would only allow specifying containers by full ID ([#5289](https://github.com/containers/libpod/issues/5289)) +- Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors +- Fixed a bug where the `podman port` command was incorrectly interpreting additional arguments as container names, instead of port numbers ### HTTP API - Initial support for secure connections to servers via SSH tunneling has been added @@ -48,6 +53,7 @@ - The `CreatedTime` field to `podman images --format=json` has been renamed to `CreatedAt` as part of the fix for ([#5110](https://github.com/containers/libpod/issues/5110)). Go templates using the old name should still work - The `before` filter to `podman images` has been renamed to `since` for Docker compatibility. Using `before` will still work, but documentation has been changed to use the new `since` filter - Using the `--password` flag to `podman login` now warns that passwords are being passed in plaintext +- Some common cases where Podman would deadlock have been fixed to warn the user that `podman system renumber` must be run to resolve the deadlock ## 1.8.0 ### Features @@ -8,7 +8,7 @@ require ( github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 github.com/containernetworking/plugins v0.8.5 - github.com/containers/buildah v1.14.1-0.20200225113533-39bd7e0a7a73 + github.com/containers/buildah v1.14.1-0.20200227103754-f0c3fd7c3d34 github.com/containers/common v0.4.2 // indirect github.com/containers/conmon v2.0.10+incompatible github.com/containers/image/v5 v5.2.1 @@ -76,6 +76,8 @@ github.com/containers/buildah v1.14.1-0.20200222102502-002dffb8d2cb h1:FvrlxHKZo github.com/containers/buildah v1.14.1-0.20200222102502-002dffb8d2cb/go.mod h1:tsos+87us4LpjyPwtgXQmDkOj5SYrpsMyRVcDTOQ5aA= github.com/containers/buildah v1.14.1-0.20200225113533-39bd7e0a7a73 h1:TyGEOd0O6oigg1WA+bprBTgeHH8815fNgOUYhh1I2Vs= github.com/containers/buildah v1.14.1-0.20200225113533-39bd7e0a7a73/go.mod h1:sdMVVcCTvvAj9o9dk/j6EnNJJadjxqjcI4Yy9WoWxSg= +github.com/containers/buildah v1.14.1-0.20200227103754-f0c3fd7c3d34 h1:SaK9ADT5JdVL29Z8snwl+bqmi1usnNyis+7Hd5+jJjw= +github.com/containers/buildah v1.14.1-0.20200227103754-f0c3fd7c3d34/go.mod h1:sdMVVcCTvvAj9o9dk/j6EnNJJadjxqjcI4Yy9WoWxSg= github.com/containers/common v0.0.7 h1:eKYZLKfJ2d/RNDgecLDFv45cHb4imYzIcrQHx1Y029M= github.com/containers/common v0.0.7/go.mod h1:lhWV3MLhO1+KGE2x6v9+K38MxpjXGso+edmpkFnCOqI= github.com/containers/common v0.3.0 h1:9ysL/OfPcMls1Ac3jzFA4XZJVSD/JG7Dst3uQSwQtwA= diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go index 7b6abbe37..6216dac97 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go @@ -12,6 +12,7 @@ import ( "github.com/containers/buildah" buildahdocker "github.com/containers/buildah/docker" + "github.com/containers/buildah/pkg/chrootuser" "github.com/containers/buildah/util" cp "github.com/containers/image/v5/copy" "github.com/containers/image/v5/docker/reference" @@ -1248,9 +1249,22 @@ func (s *StageExecutor) EnsureContainerPath(path string) error { if err != nil { return errors.Wrapf(err, "error ensuring container path %q", path) } - _, err = os.Lstat(targetPath) + + _, err = os.Stat(targetPath) if err != nil && os.IsNotExist(err) { err = os.MkdirAll(targetPath, 0755) + if err != nil { + return errors.Wrapf(err, "error creating directory path %q", targetPath) + } + // get the uid and gid so that we can set the correct permissions on the + // working directory + uid, gid, _, err := chrootuser.GetUser(s.mountPoint, s.builder.User()) + if err != nil { + return errors.Wrapf(err, "error getting uid and gid for user %q", s.builder.User()) + } + if err = os.Chown(targetPath, int(uid), int(gid)); err != nil { + return errors.Wrapf(err, "error setting ownership on %q", targetPath) + } } if err != nil { return errors.Wrapf(err, "error ensuring container path %q", path) diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index 3695462bb..d2c0abf9b 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -678,6 +678,11 @@ func runUsingRuntime(isolation Isolation, options RunOptions, configureNetwork b runtime := options.Runtime if runtime == "" { runtime = util.Runtime() + + localRuntime := util.FindLocalRuntime(runtime) + if localRuntime != "" { + runtime = localRuntime + } } // Default to just passing down our stdio. diff --git a/vendor/github.com/containers/buildah/util/util.go b/vendor/github.com/containers/buildah/util/util.go index ac5a0f30c..05d661b58 100644 --- a/vendor/github.com/containers/buildah/util/util.go +++ b/vendor/github.com/containers/buildah/util/util.go @@ -10,6 +10,7 @@ import ( "sync" "syscall" + "github.com/containers/common/pkg/config" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/signature" @@ -432,3 +433,33 @@ var ( isUnified bool isUnifiedErr error ) + +// fileExistsAndNotADir - Check to see if a file exists +// and that it is not a directory. +func fileExistsAndNotADir(path string) bool { + file, err := os.Stat(path) + + if file == nil || err != nil || os.IsNotExist(err) { + return false + } + return !file.IsDir() +} + +// FindLocalRuntime find the local runtime of the +// system searching through the config file for +// possible locations. +func FindLocalRuntime(runtime string) string { + var localRuntime string + conf, err := config.Default() + if err != nil { + logrus.Debugf("Error loading container config when searching for local runtime.") + return localRuntime + } + for _, val := range conf.Libpod.OCIRuntimes[runtime] { + if fileExistsAndNotADir(val) { + localRuntime = val + break + } + } + return localRuntime +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 79d5cbb51..564717381 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -62,7 +62,7 @@ github.com/containernetworking/plugins/pkg/ns github.com/containernetworking/plugins/pkg/utils/hwaddr github.com/containernetworking/plugins/plugins/ipam/host-local/backend github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator -# github.com/containers/buildah v1.14.1-0.20200225113533-39bd7e0a7a73 +# github.com/containers/buildah v1.14.1-0.20200227103754-f0c3fd7c3d34 github.com/containers/buildah github.com/containers/buildah/bind github.com/containers/buildah/chroot |