summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xAPI.md47
-rw-r--r--cmd/podman/cliconfig/config.go10
-rw-r--r--cmd/podman/create.go856
-rw-r--r--cmd/podman/diff.go2
-rw-r--r--cmd/podman/events.go48
-rw-r--r--cmd/podman/exec.go7
-rw-r--r--cmd/podman/export.go3
-rw-r--r--cmd/podman/formats/formats_test.go42
-rw-r--r--cmd/podman/history.go2
-rw-r--r--cmd/podman/images.go2
-rw-r--r--cmd/podman/import.go3
-rw-r--r--cmd/podman/info.go2
-rw-r--r--cmd/podman/inspect.go2
-rw-r--r--cmd/podman/libpodruntime/runtime.go3
-rw-r--r--cmd/podman/load.go3
-rw-r--r--cmd/podman/logs.go25
-rw-r--r--cmd/podman/main.go31
-rw-r--r--cmd/podman/mount.go2
-rw-r--r--cmd/podman/play_kube.go8
-rw-r--r--cmd/podman/pod.go47
-rw-r--r--cmd/podman/pod_create.go9
-rw-r--r--cmd/podman/pod_ps.go2
-rw-r--r--cmd/podman/pod_rm.go14
-rw-r--r--cmd/podman/pod_stats.go7
-rw-r--r--cmd/podman/pod_stop.go14
-rw-r--r--cmd/podman/ps.go2
-rw-r--r--cmd/podman/rm.go79
-rw-r--r--cmd/podman/run.go3
-rw-r--r--cmd/podman/run_test.go3
-rw-r--r--cmd/podman/save.go3
-rw-r--r--cmd/podman/search.go2
-rw-r--r--cmd/podman/shared/create.go837
-rw-r--r--cmd/podman/shared/create_cli.go (renamed from cmd/podman/create_cli.go)22
-rw-r--r--cmd/podman/shared/create_cli_test.go (renamed from cmd/podman/create_cli_test.go)10
-rw-r--r--cmd/podman/shared/events.go115
-rw-r--r--cmd/podman/shared/parse/parse.go (renamed from cmd/podman/parse.go)14
-rw-r--r--cmd/podman/shared/pod.go2
-rw-r--r--cmd/podman/stats.go2
-rw-r--r--cmd/podman/trust_set_show.go2
-rw-r--r--cmd/podman/varlink/io.podman.varlink25
-rw-r--r--cmd/podman/version.go2
-rw-r--r--cmd/podman/volume_create.go5
-rw-r--r--cmd/podman/volume_ls.go2
-rw-r--r--commands.md1
-rw-r--r--completions/bash/podman17
-rw-r--r--docs/libpod.conf.5.md4
-rw-r--r--docs/podman-create.1.md3
-rw-r--r--docs/podman-events.1.md139
-rw-r--r--docs/podman-run.1.md3
-rw-r--r--docs/podman.1.md3
-rw-r--r--libpod/container_api.go34
-rw-r--r--libpod/container_commit.go2
-rw-r--r--libpod/container_internal.go6
-rw-r--r--libpod/container_internal_linux.go13
-rw-r--r--libpod/events.go81
-rw-r--r--libpod/events/events.go264
-rw-r--r--libpod/image/image.go42
-rw-r--r--libpod/image/prune.go6
-rw-r--r--libpod/image/pull.go7
-rw-r--r--libpod/networking_linux.go13
-rw-r--r--libpod/options.go15
-rw-r--r--libpod/pod_api.go13
-rw-r--r--libpod/runtime.go18
-rw-r--r--libpod/runtime_ctr.go4
-rw-r--r--libpod/runtime_img.go29
-rw-r--r--libpod/runtime_pod_linux.go5
-rw-r--r--libpod/runtime_volume.go6
-rw-r--r--libpod/runtime_volume_linux.go5
-rw-r--r--pkg/adapter/runtime.go93
-rw-r--r--pkg/adapter/runtime_remote.go75
-rw-r--r--pkg/rootless/rootless.go9
-rw-r--r--pkg/rootless/rootless_linux.go96
-rw-r--r--pkg/rootless/rootless_unsupported.go33
-rw-r--r--pkg/spec/spec.go9
-rw-r--r--pkg/util/utils.go23
-rw-r--r--pkg/varlinkapi/events.go56
-rw-r--r--pkg/varlinkapi/system.go1
-rw-r--r--test/e2e/common_test.go2
-rw-r--r--test/e2e/events_test.go116
-rw-r--r--test/e2e/libpod_suite_test.go4
-rw-r--r--test/e2e/rootless_test.go2
-rw-r--r--transfer.md2
-rw-r--r--troubleshooting.md18
-rw-r--r--vendor.conf4
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/build.go2
-rw-r--r--vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go10
-rw-r--r--vendor/github.com/containers/buildah/pkg/formats/formats.go (renamed from cmd/podman/formats/formats.go)0
-rw-r--r--vendor/github.com/containers/buildah/pkg/formats/templates.go (renamed from cmd/podman/formats/templates.go)0
-rw-r--r--vendor/github.com/containers/buildah/run.go90
-rw-r--r--vendor/github.com/containers/psgo/internal/dev/tty.go11
-rw-r--r--vendor/github.com/containers/psgo/internal/proc/status.go5
-rw-r--r--vendor/github.com/containers/psgo/internal/process/process.go13
-rw-r--r--vendor/github.com/containers/psgo/internal/types/types.go22
-rw-r--r--vendor/github.com/containers/psgo/psgo.go137
94 files changed, 2630 insertions, 1257 deletions
diff --git a/API.md b/API.md
index fc0361195..da6615de8 100755
--- a/API.md
+++ b/API.md
@@ -45,6 +45,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[func GetContainersByContext(all: bool, latest: bool, args: []string) []string](#GetContainersByContext)
+[func GetEvents(options: EventInput) Event](#GetEvents)
+
[func GetImage(id: string) Image](#GetImage)
[func GetInfo() PodmanInfo](#GetInfo)
@@ -165,6 +167,10 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[type CreateResourceConfig](#CreateResourceConfig)
+[type Event](#Event)
+
+[type EventInput](#EventInput)
+
[type IDMap](#IDMap)
[type IDMappingOptions](#IDMappingOptions)
@@ -231,8 +237,12 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[error RuntimeError](#RuntimeError)
+[error StreamEnded](#StreamEnded)
+
[error VolumeNotFound](#VolumeNotFound)
+[error WantsMoreRequired](#WantsMoreRequired)
+
## Methods
### <a name="BuildImage"></a>func BuildImage
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
@@ -469,6 +479,11 @@ method GetContainersByContext(all: [bool](https://godoc.org/builtin#bool), lates
GetContainersByContext allows you to get a list of container ids depending on all, latest, or a list of
container names. The definition of latest container means the latest by creation date. In a multi-
user environment, results might differ from what you expect.
+### <a name="GetEvents"></a>func GetEvents
+<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
+
+method GetEvents(options: [EventInput](#EventInput)) [Event](#Event)</div>
+GetEvents returns known libpod events filtered by the options provided.
### <a name="GetImage"></a>func GetImage
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
@@ -1396,6 +1411,32 @@ pids_limit [int](https://godoc.org/builtin#int)
shm_size [int](https://godoc.org/builtin#int)
ulimit [[]string](#[]string)
+### <a name="Event"></a>type Event
+
+Event describes a libpod struct
+
+id [string](https://godoc.org/builtin#string)
+
+image [string](https://godoc.org/builtin#string)
+
+name [string](https://godoc.org/builtin#string)
+
+status [string](https://godoc.org/builtin#string)
+
+time [string](https://godoc.org/builtin#string)
+
+type [string](https://godoc.org/builtin#string)
+### <a name="EventInput"></a>type EventInput
+
+EventInput describes the input to obtain libpod events
+
+filter [[]string](#[]string)
+
+since [string](https://godoc.org/builtin#string)
+
+stream [bool](https://godoc.org/builtin#bool)
+
+until [string](https://godoc.org/builtin#string)
### <a name="IDMap"></a>type IDMap
IDMap is used to describe user name spaces during container creation
@@ -1752,6 +1793,12 @@ PodNotFound means the pod could not be found by the provided name or ID in local
### <a name="RuntimeError"></a>type RuntimeError
RuntimeErrors generally means a runtime could not be found or gotten.
+### <a name="StreamEnded"></a>type StreamEnded
+
+The Podman endpoint has closed because the stream ended.
### <a name="VolumeNotFound"></a>type VolumeNotFound
VolumeNotFound means the volume could not be found by the name or ID in local storage.
+### <a name="WantsMoreRequired"></a>type WantsMoreRequired
+
+The Podman endpoint requires that you use a streaming connection.
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index 7945cb6cb..ec08eedb5 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -25,6 +25,7 @@ type MainFlags struct {
StorageOpts []string
Syslog bool
Trace bool
+ NetworkCmdPath string
Config string
CpuProfile string
@@ -52,6 +53,15 @@ type ImagesValues struct {
Sort string
}
+type EventValues struct {
+ PodmanCommand
+ Filter []string
+ Format string
+ Since string
+ Stream bool
+ Until string
+}
+
type TagValues struct {
PodmanCommand
}
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 8a5d0cf73..bceb606f6 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -1,37 +1,15 @@
package main
import (
- "context"
- "encoding/json"
"fmt"
- "io"
- "io/ioutil"
"os"
- "path/filepath"
- "strconv"
- "strings"
- "syscall"
- "github.com/containers/image/manifest"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/cmd/podman/shared"
- "github.com/containers/libpod/libpod"
- "github.com/containers/libpod/libpod/image"
- ann "github.com/containers/libpod/pkg/annotations"
- "github.com/containers/libpod/pkg/inspect"
- ns "github.com/containers/libpod/pkg/namespaces"
"github.com/containers/libpod/pkg/rootless"
- cc "github.com/containers/libpod/pkg/spec"
- "github.com/containers/libpod/pkg/util"
- "github.com/docker/docker/pkg/signal"
- "github.com/docker/go-connections/nat"
- "github.com/docker/go-units"
- spec "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/opencontainers/selinux/go-selinux/label"
- opentracing "github.com/opentracing/opentracing-go"
+ "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
- "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
@@ -53,11 +31,6 @@ var (
podman create --annotation HELLO=WORLD alpine ls
podman create -t -i --name myctr alpine ls`,
}
-
- defaultEnvVariables = map[string]string{
- "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
- "TERM": "xterm",
- }
)
func init() {
@@ -91,7 +64,7 @@ func createCmd(c *cliconfig.CreateValues) error {
}
defer runtime.Shutdown(false)
- ctr, _, err := createContainer(&c.PodmanCommand, runtime)
+ ctr, _, err := shared.CreateContainer(getContext(), &c.PodmanCommand, runtime)
if err != nil {
return err
}
@@ -115,828 +88,3 @@ func createInit(c *cliconfig.PodmanCommand) error {
return nil
}
-
-func createContainer(c *cliconfig.PodmanCommand, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) {
- var (
- hasHealthCheck bool
- healthCheck *manifest.Schema2HealthConfig
- )
- if c.Bool("trace") {
- span, _ := opentracing.StartSpanFromContext(Ctx, "createContainer")
- defer span.Finish()
- }
-
- rtc := runtime.GetConfig()
- ctx := getContext()
- rootfs := ""
- if c.Bool("rootfs") {
- rootfs = c.InputArgs[0]
- }
-
- var err error
- var cidFile *os.File
- if c.IsSet("cidfile") && os.Geteuid() == 0 {
- cidFile, err = libpod.OpenExclusiveFile(c.String("cidfile"))
- if err != nil && os.IsExist(err) {
- return nil, nil, errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", c.String("cidfile"))
- }
- if err != nil {
- return nil, nil, errors.Errorf("error opening cidfile %s", c.String("cidfile"))
- }
- defer cidFile.Close()
- defer cidFile.Sync()
- }
-
- imageName := ""
- var data *inspect.ImageData = nil
-
- if rootfs == "" && !rootless.SkipStorageSetup() {
- var writer io.Writer
- if !c.Bool("quiet") {
- writer = os.Stderr
- }
-
- newImage, err := runtime.ImageRuntime().New(ctx, c.InputArgs[0], rtc.SignaturePolicyPath, "", writer, nil, image.SigningOptions{}, false, nil)
- if err != nil {
- return nil, nil, err
- }
- data, err = newImage.Inspect(ctx)
- names := newImage.Names()
- if len(names) > 0 {
- imageName = names[0]
- } else {
- imageName = newImage.ID()
- }
-
- // add healthcheck if it exists AND is correct mediatype
- _, mediaType, err := newImage.Manifest(ctx)
- if err != nil {
- return nil, nil, errors.Wrapf(err, "unable to determine mediatype of image %s", newImage.ID())
- }
- if mediaType == manifest.DockerV2Schema2MediaType {
- healthCheck, err = newImage.GetHealthCheck(ctx)
- if err != nil {
- return nil, nil, errors.Wrapf(err, "unable to get healthcheck for %s", c.InputArgs[0])
- }
- if healthCheck != nil {
- hasHealthCheck = true
- }
- }
- }
- createConfig, err := parseCreateOpts(ctx, c, runtime, imageName, data)
- if err != nil {
- return nil, nil, err
- }
-
- // Because parseCreateOpts does derive anything from the image, we add health check
- // at this point. The rest is done by WithOptions.
- createConfig.HasHealthCheck = hasHealthCheck
- createConfig.HealthCheck = healthCheck
-
- ctr, err := createContainerFromCreateConfig(runtime, createConfig, ctx, nil)
- if err != nil {
- return nil, nil, err
- }
- if cidFile != nil {
- _, err = cidFile.WriteString(ctr.ID())
- if err != nil {
- logrus.Error(err)
- }
-
- }
-
- logrus.Debugf("New container created %q", ctr.ID())
- return ctr, createConfig, nil
-}
-
-func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
- var (
- labelOpts []string
- )
-
- if config.PidMode.IsHost() {
- labelOpts = append(labelOpts, label.DisableSecOpt()...)
- } else if config.PidMode.IsContainer() {
- ctr, err := config.Runtime.LookupContainer(config.PidMode.Container())
- if err != nil {
- return errors.Wrapf(err, "container %q not found", config.PidMode.Container())
- }
- secopts, err := label.DupSecOpt(ctr.ProcessLabel())
- if err != nil {
- return errors.Wrapf(err, "failed to duplicate label %q ", ctr.ProcessLabel())
- }
- labelOpts = append(labelOpts, secopts...)
- }
-
- if config.IpcMode.IsHost() {
- labelOpts = append(labelOpts, label.DisableSecOpt()...)
- } else if config.IpcMode.IsContainer() {
- ctr, err := config.Runtime.LookupContainer(config.IpcMode.Container())
- if err != nil {
- return errors.Wrapf(err, "container %q not found", config.IpcMode.Container())
- }
- secopts, err := label.DupSecOpt(ctr.ProcessLabel())
- if err != nil {
- return errors.Wrapf(err, "failed to duplicate label %q ", ctr.ProcessLabel())
- }
- labelOpts = append(labelOpts, secopts...)
- }
-
- for _, opt := range securityOpts {
- if opt == "no-new-privileges" {
- config.NoNewPrivs = true
- } else {
- con := strings.SplitN(opt, "=", 2)
- if len(con) != 2 {
- return fmt.Errorf("Invalid --security-opt 1: %q", opt)
- }
-
- switch con[0] {
- case "label":
- labelOpts = append(labelOpts, con[1])
- case "apparmor":
- config.ApparmorProfile = con[1]
- case "seccomp":
- config.SeccompProfilePath = con[1]
- default:
- return fmt.Errorf("Invalid --security-opt 2: %q", opt)
- }
- }
- }
-
- if config.SeccompProfilePath == "" {
- if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
- config.SeccompProfilePath = libpod.SeccompOverridePath
- } else {
- if !os.IsNotExist(err) {
- return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
- }
- if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
- if !os.IsNotExist(err) {
- return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
- }
- } else {
- config.SeccompProfilePath = libpod.SeccompDefaultPath
- }
- }
- }
- config.LabelOpts = labelOpts
- return nil
-}
-
-// isPortInPortBindings determines if an exposed host port is in user
-// provided ports
-func isPortInPortBindings(pb map[nat.Port][]nat.PortBinding, port nat.Port) bool {
- var hostPorts []string
- for _, i := range pb {
- hostPorts = append(hostPorts, i[0].HostPort)
- }
- return util.StringInSlice(port.Port(), hostPorts)
-}
-
-// isPortInImagePorts determines if an exposed host port was given to us by metadata
-// in the image itself
-func isPortInImagePorts(exposedPorts map[string]struct{}, port string) bool {
- for i := range exposedPorts {
- fields := strings.Split(i, "/")
- if port == fields[0] {
- return true
- }
- }
- return false
-}
-
-func configureEntrypoint(c *cliconfig.PodmanCommand, data *inspect.ImageData) []string {
- entrypoint := []string{}
- if c.IsSet("entrypoint") {
- // Force entrypoint to ""
- if c.String("entrypoint") == "" {
- return entrypoint
- }
- // Check if entrypoint specified is json
- if err := json.Unmarshal([]byte(c.String("entrypoint")), &entrypoint); err == nil {
- return entrypoint
- }
- // Return entrypoint as a single command
- return []string{c.String("entrypoint")}
- }
- if data != nil {
- return data.Config.Entrypoint
- }
- return entrypoint
-}
-
-func configurePod(c *cliconfig.PodmanCommand, runtime *libpod.Runtime, namespaces map[string]string, podName string) (map[string]string, error) {
- pod, err := runtime.LookupPod(podName)
- if err != nil {
- return namespaces, err
- }
- podInfraID, err := pod.InfraContainerID()
- if err != nil {
- return namespaces, err
- }
- if (namespaces["pid"] == cc.Pod) || (!c.IsSet("pid") && pod.SharesPID()) {
- namespaces["pid"] = fmt.Sprintf("container:%s", podInfraID)
- }
- if (namespaces["net"] == cc.Pod) || (!c.IsSet("net") && !c.IsSet("network") && pod.SharesNet()) {
- namespaces["net"] = fmt.Sprintf("container:%s", podInfraID)
- }
- if (namespaces["user"] == cc.Pod) || (!c.IsSet("user") && pod.SharesUser()) {
- namespaces["user"] = fmt.Sprintf("container:%s", podInfraID)
- }
- if (namespaces["ipc"] == cc.Pod) || (!c.IsSet("ipc") && pod.SharesIPC()) {
- namespaces["ipc"] = fmt.Sprintf("container:%s", podInfraID)
- }
- if (namespaces["uts"] == cc.Pod) || (!c.IsSet("uts") && pod.SharesUTS()) {
- namespaces["uts"] = fmt.Sprintf("container:%s", podInfraID)
- }
- return namespaces, nil
-}
-
-// Parses CLI options related to container creation into a config which can be
-// parsed into an OCI runtime spec
-func parseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *libpod.Runtime, imageName string, data *inspect.ImageData) (*cc.CreateConfig, error) {
- var (
- inputCommand, command []string
- memoryLimit, memoryReservation, memorySwap, memoryKernel int64
- blkioWeight uint16
- namespaces map[string]string
- )
- if c.IsSet("restart") {
- return nil, errors.Errorf("--restart option is not supported.\nUse systemd unit files for restarting containers")
- }
-
- idmappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidname"), c.String("subgidname"))
- if err != nil {
- return nil, err
- }
-
- if c.String("mac-address") != "" {
- return nil, errors.Errorf("--mac-address option not currently supported")
- }
-
- imageID := ""
-
- inputCommand = c.InputArgs[1:]
- if data != nil {
- imageID = data.ID
- }
-
- rootfs := ""
- if c.Bool("rootfs") {
- rootfs = c.InputArgs[0]
- }
-
- sysctl, err := validateSysctl(c.StringSlice("sysctl"))
- if err != nil {
- return nil, errors.Wrapf(err, "invalid value for sysctl")
- }
-
- if c.String("memory") != "" {
- memoryLimit, err = units.RAMInBytes(c.String("memory"))
- if err != nil {
- return nil, errors.Wrapf(err, "invalid value for memory")
- }
- }
- if c.String("memory-reservation") != "" {
- memoryReservation, err = units.RAMInBytes(c.String("memory-reservation"))
- if err != nil {
- return nil, errors.Wrapf(err, "invalid value for memory-reservation")
- }
- }
- if c.String("memory-swap") != "" {
- memorySwap, err = units.RAMInBytes(c.String("memory-swap"))
- if err != nil {
- return nil, errors.Wrapf(err, "invalid value for memory-swap")
- }
- }
- if c.String("kernel-memory") != "" {
- memoryKernel, err = units.RAMInBytes(c.String("kernel-memory"))
- if err != nil {
- return nil, errors.Wrapf(err, "invalid value for kernel-memory")
- }
- }
- if c.String("blkio-weight") != "" {
- u, err := strconv.ParseUint(c.String("blkio-weight"), 10, 16)
- if err != nil {
- return nil, errors.Wrapf(err, "invalid value for blkio-weight")
- }
- blkioWeight = uint16(u)
- }
- var mountList []spec.Mount
- if mountList, err = parseMounts(c.StringArray("mount")); err != nil {
- return nil, err
- }
-
- if err = parseVolumes(c.StringArray("volume")); err != nil {
- return nil, err
- }
-
- if err = parseVolumesFrom(c.StringSlice("volumes-from")); err != nil {
- return nil, err
- }
-
- tty := c.Bool("tty")
-
- if c.Flag("cpu-period").Changed && c.Flag("cpus").Changed {
- return nil, errors.Errorf("--cpu-period and --cpus cannot be set together")
- }
- if c.Flag("cpu-quota").Changed && c.Flag("cpus").Changed {
- return nil, errors.Errorf("--cpu-quota and --cpus cannot be set together")
- }
-
- // EXPOSED PORTS
- var portBindings map[nat.Port][]nat.PortBinding
- if data != nil {
- portBindings, err = cc.ExposedPorts(c.StringSlice("expose"), c.StringSlice("publish"), c.Bool("publish-all"), data.Config.ExposedPorts)
- if err != nil {
- return nil, err
- }
- }
-
- // Kernel Namespaces
- // TODO Fix handling of namespace from pod
- // Instead of integrating here, should be done in libpod
- // However, that also involves setting up security opts
- // when the pod's namespace is integrated
- namespaceNet := c.String("network")
- if c.Flag("net").Changed {
- namespaceNet = c.String("net")
- }
- namespaces = map[string]string{
- "pid": c.String("pid"),
- "net": namespaceNet,
- "ipc": c.String("ipc"),
- "user": c.String("userns"),
- "uts": c.String("uts"),
- }
-
- originalPodName := c.String("pod")
- podName := strings.Replace(originalPodName, "new:", "", 1)
- // after we strip out :new, make sure there is something left for a pod name
- if len(podName) < 1 && c.IsSet("pod") {
- return nil, errors.Errorf("new pod name must be at least one character")
- }
- if c.IsSet("pod") {
- if strings.HasPrefix(originalPodName, "new:") {
- if rootless.IsRootless() {
- // To create a new pod, we must immediately create the userns.
- became, ret, err := rootless.BecomeRootInUserNS()
- if err != nil {
- return nil, err
- }
- if became {
- os.Exit(ret)
- }
- }
- // pod does not exist; lets make it
- var podOptions []libpod.PodCreateOption
- podOptions = append(podOptions, libpod.WithPodName(podName), libpod.WithInfraContainer(), libpod.WithPodCgroups())
- if len(portBindings) > 0 {
- ociPortBindings, err := cc.NatToOCIPortBindings(portBindings)
- if err != nil {
- return nil, err
- }
- podOptions = append(podOptions, libpod.WithInfraContainerPorts(ociPortBindings))
- }
-
- podNsOptions, err := shared.GetNamespaceOptions(strings.Split(DefaultKernelNamespaces, ","))
- if err != nil {
- return nil, err
- }
- podOptions = append(podOptions, podNsOptions...)
- // make pod
- pod, err := runtime.NewPod(ctx, podOptions...)
- if err != nil {
- return nil, err
- }
- logrus.Debugf("pod %s created by new container request", pod.ID())
-
- // The container now cannot have port bindings; so we reset the map
- portBindings = make(map[nat.Port][]nat.PortBinding)
- }
- namespaces, err = configurePod(c, runtime, namespaces, podName)
- if err != nil {
- return nil, err
- }
- }
-
- pidMode := ns.PidMode(namespaces["pid"])
- if !cc.Valid(string(pidMode), pidMode) {
- return nil, errors.Errorf("--pid %q is not valid", c.String("pid"))
- }
-
- usernsMode := ns.UsernsMode(namespaces["user"])
- if !cc.Valid(string(usernsMode), usernsMode) {
- return nil, errors.Errorf("--userns %q is not valid", namespaces["user"])
- }
-
- utsMode := ns.UTSMode(namespaces["uts"])
- if !cc.Valid(string(utsMode), utsMode) {
- return nil, errors.Errorf("--uts %q is not valid", namespaces["uts"])
- }
-
- ipcMode := ns.IpcMode(namespaces["ipc"])
- if !cc.Valid(string(ipcMode), ipcMode) {
- return nil, errors.Errorf("--ipc %q is not valid", ipcMode)
- }
-
- // Make sure if network is set to container namespace, port binding is not also being asked for
- netMode := ns.NetworkMode(namespaces["net"])
- if netMode.IsContainer() {
- if len(portBindings) > 0 {
- return nil, errors.Errorf("cannot set port bindings on an existing container network namespace")
- }
- }
-
- // USER
- user := c.String("user")
- if user == "" {
- if data == nil {
- user = "0"
- } else {
- user = data.Config.User
- }
- }
-
- // STOP SIGNAL
- stopSignal := syscall.SIGTERM
- signalString := ""
- if data != nil {
- signalString = data.Config.StopSignal
- }
- if c.IsSet("stop-signal") {
- signalString = c.String("stop-signal")
- }
- if signalString != "" {
- stopSignal, err = signal.ParseSignal(signalString)
- if err != nil {
- return nil, err
- }
- }
-
- // ENVIRONMENT VARIABLES
- env := defaultEnvVariables
- if data != nil {
- for _, e := range data.Config.Env {
- split := strings.SplitN(e, "=", 2)
- if len(split) > 1 {
- env[split[0]] = split[1]
- } else {
- env[split[0]] = ""
- }
- }
- }
- if err := readKVStrings(env, c.StringSlice("env-file"), c.StringSlice("env")); err != nil {
- return nil, errors.Wrapf(err, "unable to process environment variables")
- }
-
- // LABEL VARIABLES
- labels, err := getAllLabels(c.StringSlice("label-file"), c.StringArray("label"))
- if err != nil {
- return nil, errors.Wrapf(err, "unable to process labels")
- }
- if data != nil {
- for key, val := range data.Config.Labels {
- if _, ok := labels[key]; !ok {
- labels[key] = val
- }
- }
- }
-
- // ANNOTATIONS
- annotations := make(map[string]string)
- // First, add our default annotations
- annotations[ann.ContainerType] = "sandbox"
- annotations[ann.TTY] = "false"
- if tty {
- annotations[ann.TTY] = "true"
- }
- if data != nil {
- // Next, add annotations from the image
- for key, value := range data.Annotations {
- annotations[key] = value
- }
- }
- // Last, add user annotations
- for _, annotation := range c.StringSlice("annotation") {
- splitAnnotation := strings.SplitN(annotation, "=", 2)
- if len(splitAnnotation) < 2 {
- return nil, errors.Errorf("Annotations must be formatted KEY=VALUE")
- }
- annotations[splitAnnotation[0]] = splitAnnotation[1]
- }
-
- // WORKING DIRECTORY
- workDir := "/"
- if c.IsSet("workdir") || c.IsSet("w") {
- workDir = c.String("workdir")
- } else if data != nil && data.Config.WorkingDir != "" {
- workDir = data.Config.WorkingDir
- }
-
- entrypoint := configureEntrypoint(c, data)
- // Build the command
- // If we have an entry point, it goes first
- if len(entrypoint) > 0 {
- command = entrypoint
- }
- if len(inputCommand) > 0 {
- // User command overrides data CMD
- command = append(command, inputCommand...)
- } else if data != nil && len(data.Config.Cmd) > 0 && !c.IsSet("entrypoint") {
- // If not user command, add CMD
- command = append(command, data.Config.Cmd...)
- }
-
- if data != nil && len(command) == 0 {
- return nil, errors.Errorf("No command specified on command line or as CMD or ENTRYPOINT in this image")
- }
-
- // SHM Size
- shmSize, err := units.FromHumanSize(c.String("shm-size"))
- if err != nil {
- return nil, errors.Wrapf(err, "unable to translate --shm-size")
- }
-
- // Verify the additional hosts are in correct format
- for _, host := range c.StringSlice("add-host") {
- if _, err := validateExtraHost(host); err != nil {
- return nil, err
- }
- }
-
- // Check for . and dns-search domains
- if util.StringInSlice(".", c.StringSlice("dns-search")) && len(c.StringSlice("dns-search")) > 1 {
- return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
- }
-
- // Validate domains are good
- for _, dom := range c.StringSlice("dns-search") {
- if _, err := validateDomain(dom); err != nil {
- return nil, err
- }
- }
-
- var ImageVolumes map[string]struct{}
- if data != nil && c.String("image-volume") != "ignore" {
- ImageVolumes = data.Config.Volumes
- }
-
- var imageVolType = map[string]string{
- "bind": "",
- "tmpfs": "",
- "ignore": "",
- }
- if _, ok := imageVolType[c.String("image-volume")]; !ok {
- return nil, errors.Errorf("invalid image-volume type %q. Pick one of bind, tmpfs, or ignore", c.String("image-volume"))
- }
-
- var systemd bool
- if command != nil && c.Bool("systemd") && ((filepath.Base(command[0]) == "init") || (filepath.Base(command[0]) == "systemd")) {
- systemd = true
- if signalString == "" {
- stopSignal, err = signal.ParseSignal("RTMIN+3")
- if err != nil {
- return nil, errors.Wrapf(err, "error parsing systemd signal")
- }
- }
- }
- // This is done because cobra cannot have two aliased flags. So we have to check
- // both
- network := c.String("network")
- if c.Flag("net").Changed {
- network = c.String("net")
- }
-
- var memorySwappiness int64
- if c.Flags().Lookup("memory-swappiness") != nil {
- memorySwappiness, _ = c.Flags().GetInt64("memory-swappiness")
- }
- config := &cc.CreateConfig{
- Runtime: runtime,
- Annotations: annotations,
- BuiltinImgVolumes: ImageVolumes,
- ConmonPidFile: c.String("conmon-pidfile"),
- ImageVolumeType: c.String("image-volume"),
- CapAdd: c.StringSlice("cap-add"),
- CapDrop: c.StringSlice("cap-drop"),
- CgroupParent: c.String("cgroup-parent"),
- Command: command,
- Detach: c.Bool("detach"),
- Devices: c.StringSlice("device"),
- DNSOpt: c.StringSlice("dns-opt"),
- DNSSearch: c.StringSlice("dns-search"),
- DNSServers: c.StringSlice("dns"),
- Entrypoint: entrypoint,
- Env: env,
- //ExposedPorts: ports,
- GroupAdd: c.StringSlice("group-add"),
- Hostname: c.String("hostname"),
- HostAdd: c.StringSlice("add-host"),
- IDMappings: idmappings,
- Image: imageName,
- ImageID: imageID,
- Interactive: c.Bool("interactive"),
- //IP6Address: c.String("ipv6"), // Not implemented yet - needs CNI support for static v6
- IPAddress: c.String("ip"),
- Labels: labels,
- //LinkLocalIP: c.StringSlice("link-local-ip"), // Not implemented yet
- LogDriver: c.String("log-driver"),
- LogDriverOpt: c.StringSlice("log-opt"),
- MacAddress: c.String("mac-address"),
- Name: c.String("name"),
- Network: network,
- //NetworkAlias: c.StringSlice("network-alias"), // Not implemented - does this make sense in Podman?
- IpcMode: ipcMode,
- NetMode: netMode,
- UtsMode: utsMode,
- PidMode: pidMode,
- Pod: podName,
- Privileged: c.Bool("privileged"),
- Publish: c.StringSlice("publish"),
- PublishAll: c.Bool("publish-all"),
- PortBindings: portBindings,
- Quiet: c.Bool("quiet"),
- ReadOnlyRootfs: c.Bool("read-only"),
- Resources: cc.CreateResourceConfig{
- BlkioWeight: blkioWeight,
- BlkioWeightDevice: c.StringSlice("blkio-weight-device"),
- CPUShares: c.Uint64("cpu-shares"),
- CPUPeriod: c.Uint64("cpu-period"),
- CPUsetCPUs: c.String("cpuset-cpus"),
- CPUsetMems: c.String("cpuset-mems"),
- CPUQuota: c.Int64("cpu-quota"),
- CPURtPeriod: c.Uint64("cpu-rt-period"),
- CPURtRuntime: c.Int64("cpu-rt-runtime"),
- CPUs: c.Float64("cpus"),
- DeviceReadBps: c.StringSlice("device-read-bps"),
- DeviceReadIOps: c.StringSlice("device-read-iops"),
- DeviceWriteBps: c.StringSlice("device-write-bps"),
- DeviceWriteIOps: c.StringSlice("device-write-iops"),
- DisableOomKiller: c.Bool("oom-kill-disable"),
- ShmSize: shmSize,
- Memory: memoryLimit,
- MemoryReservation: memoryReservation,
- MemorySwap: memorySwap,
- MemorySwappiness: int(memorySwappiness),
- KernelMemory: memoryKernel,
- OomScoreAdj: c.Int("oom-score-adj"),
- PidsLimit: c.Int64("pids-limit"),
- Ulimit: c.StringSlice("ulimit"),
- },
- Rm: c.Bool("rm"),
- StopSignal: stopSignal,
- StopTimeout: c.Uint("stop-timeout"),
- Sysctl: sysctl,
- Systemd: systemd,
- Tmpfs: c.StringSlice("tmpfs"),
- Tty: tty,
- User: user,
- UsernsMode: usernsMode,
- Mounts: mountList,
- Volumes: c.StringArray("volume"),
- WorkDir: workDir,
- Rootfs: rootfs,
- VolumesFrom: c.StringSlice("volumes-from"),
- Syslog: c.GlobalFlags.Syslog,
- }
- if c.Bool("init") {
- initPath := c.String("init-path")
- if initPath == "" {
- initPath = runtime.GetConfig().InitPath
- }
- if err := config.AddContainerInitBinary(initPath); err != nil {
- return nil, err
- }
- }
-
- if config.Privileged {
- config.LabelOpts = label.DisableSecOpt()
- } else {
- if err := parseSecurityOpt(config, c.StringArray("security-opt")); err != nil {
- return nil, err
- }
- }
- config.SecurityOpts = c.StringArray("security-opt")
- warnings, err := verifyContainerResources(config, false)
- if err != nil {
- return nil, err
- }
- for _, warning := range warnings {
- fmt.Fprintln(os.Stderr, warning)
- }
- return config, nil
-}
-
-type namespace interface {
- IsContainer() bool
- Container() string
-}
-
-func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *libpod.Runtime) (bool, int, error) {
- if os.Geteuid() == 0 {
- return false, 0, nil
- }
-
- if createConfig.Pod != "" {
- pod, err := runtime.LookupPod(createConfig.Pod)
- if err != nil {
- return false, -1, err
- }
- inspect, err := pod.Inspect()
- for _, ctr := range inspect.Containers {
- prevCtr, err := runtime.LookupContainer(ctr.ID)
- if err != nil {
- return false, -1, err
- }
- s, err := prevCtr.State()
- if err != nil {
- return false, -1, err
- }
- if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused {
- continue
- }
- data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile)
- if err != nil {
- return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile)
- }
- conmonPid, err := strconv.Atoi(string(data))
- if err != nil {
- return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
- }
- return rootless.JoinDirectUserAndMountNS(uint(conmonPid))
- }
- }
-
- namespacesStr := []string{string(createConfig.IpcMode), string(createConfig.NetMode), string(createConfig.UsernsMode), string(createConfig.PidMode), string(createConfig.UtsMode)}
- for _, i := range namespacesStr {
- if cc.IsNS(i) {
- return rootless.JoinNSPath(cc.NS(i))
- }
- }
-
- namespaces := []namespace{createConfig.IpcMode, createConfig.NetMode, createConfig.UsernsMode, createConfig.PidMode, createConfig.UtsMode}
- for _, i := range namespaces {
- if i.IsContainer() {
- ctr, err := runtime.LookupContainer(i.Container())
- if err != nil {
- return false, -1, err
- }
- pid, err := ctr.PID()
- if err != nil {
- return false, -1, err
- }
- if pid == 0 {
- if createConfig.Pod != "" {
- continue
- }
- return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID())
- }
-
- data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
- if err != nil {
- return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
- }
- conmonPid, err := strconv.Atoi(string(data))
- if err != nil {
- return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
- }
- return rootless.JoinDirectUserAndMountNS(uint(conmonPid))
- }
- }
- return rootless.BecomeRootInUserNS()
-}
-
-func createContainerFromCreateConfig(r *libpod.Runtime, createConfig *cc.CreateConfig, ctx context.Context, pod *libpod.Pod) (*libpod.Container, error) {
- runtimeSpec, err := cc.CreateConfigToOCISpec(createConfig)
- if err != nil {
- return nil, err
- }
-
- options, err := createConfig.GetContainerCreateOptions(r, pod)
- if err != nil {
- return nil, err
- }
- became, ret, err := joinOrCreateRootlessUserNamespace(createConfig, r)
- if err != nil {
- return nil, err
- }
- if became {
- os.Exit(ret)
- }
-
- ctr, err := r.NewContainer(ctx, runtimeSpec, options...)
- if err != nil {
- return nil, err
- }
-
- createConfigJSON, err := json.Marshal(createConfig)
- if err != nil {
- return nil, err
- }
- if err := ctr.AddArtifact("create-config", createConfigJSON); err != nil {
- return nil, err
- }
- return ctr, nil
-}
diff --git a/cmd/podman/diff.go b/cmd/podman/diff.go
index bd3a985b7..e77e562d4 100644
--- a/cmd/podman/diff.go
+++ b/cmd/podman/diff.go
@@ -2,8 +2,8 @@ package main
import (
"fmt"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/storage/pkg/archive"
"github.com/pkg/errors"
diff --git a/cmd/podman/events.go b/cmd/podman/events.go
new file mode 100644
index 000000000..dda9a03f9
--- /dev/null
+++ b/cmd/podman/events.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+ "github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/pkg/adapter"
+ "github.com/pkg/errors"
+ "github.com/spf13/cobra"
+)
+
+var (
+ eventsCommand cliconfig.EventValues
+ eventsDescription = "Monitor podman events"
+ _eventsCommand = &cobra.Command{
+ Use: "events [flags]",
+ Short: "show podman events",
+ Long: eventsDescription,
+ RunE: func(cmd *cobra.Command, args []string) error {
+ eventsCommand.InputArgs = args
+ eventsCommand.GlobalFlags = MainGlobalOpts
+ return eventsCmd(&eventsCommand)
+ },
+ Example: `podman events
+ podman events --filter event=create
+ podman events --since 1h30s`,
+ }
+)
+
+func init() {
+ eventsCommand.Command = _eventsCommand
+ eventsCommand.SetUsageTemplate(UsageTemplate())
+ flags := eventsCommand.Flags()
+ flags.StringArrayVar(&eventsCommand.Filter, "filter", []string{}, "filter output")
+ flags.StringVar(&eventsCommand.Format, "format", "", "format the output using a Go template")
+ flags.BoolVar(&eventsCommand.Stream, "stream", true, "stream new events; for testing only")
+ flags.StringVar(&eventsCommand.Since, "since", "", "show all events created since timestamp")
+ flags.StringVar(&eventsCommand.Until, "until", "", "show all events until timestamp")
+ flags.MarkHidden("stream")
+}
+
+func eventsCmd(c *cliconfig.EventValues) error {
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
+ if err != nil {
+ return errors.Wrapf(err, "error creating libpod runtime")
+ }
+ defer runtime.Shutdown(false)
+
+ return runtime.Events(c)
+}
diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go
index e4cea1f5e..aa81edf56 100644
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -2,16 +2,17 @@ package main
import (
"fmt"
- "github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/spf13/cobra"
"io/ioutil"
"os"
"strconv"
+ "github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/cmd/podman/shared/parse"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
+ "github.com/spf13/cobra"
)
var (
@@ -130,7 +131,7 @@ func execCmd(c *cliconfig.ExecValues) error {
// ENVIRONMENT VARIABLES
env := map[string]string{}
- if err := readKVStrings(env, []string{}, c.Env); err != nil {
+ if err := parse.ReadKVStrings(env, []string{}, c.Env); err != nil {
return errors.Wrapf(err, "unable to process environment variables")
}
envs := []string{}
diff --git a/cmd/podman/export.go b/cmd/podman/export.go
index 4be2a3c86..e5dc410a7 100644
--- a/cmd/podman/export.go
+++ b/cmd/podman/export.go
@@ -4,6 +4,7 @@ import (
"os"
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared/parse"
"github.com/containers/libpod/pkg/adapter"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
@@ -70,7 +71,7 @@ func exportCmd(c *cliconfig.ExportValues) error {
}
}
- if err := validateFileName(output); err != nil {
+ if err := parse.ValidateFileName(output); err != nil {
return err
}
return runtime.Export(args[0], output)
diff --git a/cmd/podman/formats/formats_test.go b/cmd/podman/formats/formats_test.go
deleted file mode 100644
index c75109d65..000000000
--- a/cmd/podman/formats/formats_test.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package formats
-
-import (
- "bytes"
- "strings"
- "testing"
-
- "github.com/containers/libpod/pkg/inspect"
-)
-
-func TestSetJSONFormatEncoder(t *testing.T) {
- tt := []struct {
- name string
- imageData *inspect.ImageData
- expected string
- isTerminal bool
- }{
- {
- name: "HTML tags are not escaped",
- imageData: &inspect.ImageData{Author: "dave <dave@corp.io>"},
- expected: `"Author": "dave <dave@corp.io>"`,
- isTerminal: true,
- },
- {
- name: "HTML tags are escaped",
- imageData: &inspect.ImageData{Author: "dave <dave@corp.io>"},
- expected: `"Author": "dave \u003cdave@corp.io\u003e"`,
- isTerminal: false,
- },
- }
-
- for _, tc := range tt {
- buf := bytes.NewBuffer(nil)
- enc := setJSONFormatEncoder(tc.isTerminal, buf)
- if err := enc.Encode(tc.imageData); err != nil {
- t.Errorf("test %#v failed encoding: %s", tc.name, err)
- }
- if !strings.Contains(buf.String(), tc.expected) {
- t.Errorf("test %#v expected output to contain %#v. Output:\n%v\n", tc.name, tc.expected, buf.String())
- }
- }
-}
diff --git a/cmd/podman/history.go b/cmd/podman/history.go
index f6cfe91b6..4b76ef0ca 100644
--- a/cmd/podman/history.go
+++ b/cmd/podman/history.go
@@ -6,8 +6,8 @@ import (
"strings"
"time"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/adapter"
"github.com/docker/go-units"
diff --git a/cmd/podman/images.go b/cmd/podman/images.go
index f92e5d44d..6133450be 100644
--- a/cmd/podman/images.go
+++ b/cmd/podman/images.go
@@ -9,8 +9,8 @@ import (
"time"
"unicode"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/imagefilters"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/adapter"
diff --git a/cmd/podman/import.go b/cmd/podman/import.go
index c3351ab1b..f3fb7c988 100644
--- a/cmd/podman/import.go
+++ b/cmd/podman/import.go
@@ -4,6 +4,7 @@ import (
"fmt"
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared/parse"
"github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
"github.com/spf13/cobra"
@@ -67,7 +68,7 @@ func importCmd(c *cliconfig.ImportValues) error {
return errors.Errorf("too many arguments. Usage TARBALL [REFERENCE]")
}
- if err := validateFileName(source); err != nil {
+ if err := parse.ValidateFileName(source); err != nil {
return err
}
diff --git a/cmd/podman/info.go b/cmd/podman/info.go
index de20eb009..195267c7f 100644
--- a/cmd/podman/info.go
+++ b/cmd/podman/info.go
@@ -4,8 +4,8 @@ import (
"fmt"
rt "runtime"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/adapter"
"github.com/containers/libpod/version"
diff --git a/cmd/podman/inspect.go b/cmd/podman/inspect.go
index 0af96088f..e14f25c24 100644
--- a/cmd/podman/inspect.go
+++ b/cmd/podman/inspect.go
@@ -5,8 +5,8 @@ import (
"encoding/json"
"strings"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/pkg/adapter"
cc "github.com/containers/libpod/pkg/spec"
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 2b96f0c20..3faea493c 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -86,6 +86,9 @@ func getRuntime(c *cliconfig.PodmanCommand, renumber bool) (*libpod.Runtime, err
if c.Flags().Changed("tmpdir") {
options = append(options, libpod.WithTmpDir(c.GlobalFlags.TmpDir))
}
+ if c.Flags().Changed("network-cmd-path") {
+ options = append(options, libpod.WithNetworkCmdPath(c.GlobalFlags.NetworkCmdPath))
+ }
if c.Flags().Changed("cgroup-manager") {
options = append(options, libpod.WithCgroupManager(c.GlobalFlags.CGroupManager))
diff --git a/cmd/podman/load.go b/cmd/podman/load.go
index 3c71e2f61..303c23bc7 100644
--- a/cmd/podman/load.go
+++ b/cmd/podman/load.go
@@ -7,6 +7,7 @@ import (
"os"
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared/parse"
"github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
"github.com/spf13/cobra"
@@ -91,7 +92,7 @@ func loadCmd(c *cliconfig.LoadValues) error {
input = outFile.Name()
}
}
- if err := validateFileName(input); err != nil {
+ if err := parse.ValidateFileName(input); err != nil {
return err
}
diff --git a/cmd/podman/logs.go b/cmd/podman/logs.go
index 9df7281fc..c3416fe57 100644
--- a/cmd/podman/logs.go
+++ b/cmd/podman/logs.go
@@ -8,6 +8,7 @@ import (
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/logs"
+ "github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -70,7 +71,7 @@ func logsCmd(c *cliconfig.LogsValues) error {
sinceTime := time.Time{}
if c.Flag("since").Changed {
// parse time, error out if something is wrong
- since, err := parseInputTime(c.Since)
+ since, err := util.ParseInputTime(c.Since)
if err != nil {
return errors.Wrapf(err, "could not parse time: %q", c.Since)
}
@@ -112,25 +113,3 @@ func logsCmd(c *cliconfig.LogsValues) error {
}
return logs.ReadLogs(logPath, ctr, opts)
}
-
-// parseInputTime takes the users input and to determine if it is valid and
-// returns a time format and error. The input is compared to known time formats
-// or a duration which implies no-duration
-func parseInputTime(inputTime string) (time.Time, error) {
- timeFormats := []string{time.RFC3339Nano, time.RFC3339, "2006-01-02T15:04:05", "2006-01-02T15:04:05.999999999",
- "2006-01-02Z07:00", "2006-01-02"}
- // iterate the supported time formats
- for _, tf := range timeFormats {
- t, err := time.Parse(tf, inputTime)
- if err == nil {
- return t, nil
- }
- }
-
- // input might be a duration
- duration, err := time.ParseDuration(inputTime)
- if err != nil {
- return time.Time{}, errors.Errorf("unable to interpret time value")
- }
- return time.Now().Add(-duration), nil
-}
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 7d4b650a9..669860341 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -36,6 +36,7 @@ var (
// implemented.
var mainCommands = []*cobra.Command{
_buildCommand,
+ _eventsCommand,
_exportCommand,
_historyCommand,
&_imagesCommand,
@@ -65,18 +66,23 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{
_exportCommand: true,
//// `info` must be executed in an user namespace.
//// If this change, please also update libpod.refreshRootless()
- _loginCommand: true,
- _logoutCommand: true,
- _mountCommand: true,
- _killCommand: true,
- _pauseCommand: true,
- _restartCommand: true,
- _runCommand: true,
- _unpauseCommand: true,
- _searchCommand: true,
- _statsCommand: true,
- _stopCommand: true,
- _topCommand: true,
+ _loginCommand: true,
+ _logoutCommand: true,
+ _mountCommand: true,
+ _killCommand: true,
+ _pauseCommand: true,
+ _podRmCommand: true,
+ _podKillCommand: true,
+ _podStatsCommand: true,
+ _podStopCommand: true,
+ _restartCommand: true,
+ _rmCommand: true,
+ _runCommand: true,
+ _unpauseCommand: true,
+ _searchCommand: true,
+ _statsCommand: true,
+ _stopCommand: true,
+ _topCommand: true,
}
var rootCmd = &cobra.Command{
@@ -104,6 +110,7 @@ func init() {
rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CpuProfile, "cpu-profile", "", "Path for the cpu profiling results")
rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Config, "config", "", "Path of a libpod config file detailing container server configuration options")
rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConmonPath, "conmon", "", "Path of the conmon binary")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.NetworkCmdPath, "network-cmd-path", "", "Path to the command for configuring the network")
rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CniConfigDir, "cni-config-dir", "", "Path of the configuration directory for CNI networks")
rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.DefaultMountsFile, "default-mounts-file", "", "Path to default mounts file")
rootCmd.PersistentFlags().MarkHidden("defaults-mount-file")
diff --git a/cmd/podman/mount.go b/cmd/podman/mount.go
index c5b7e2404..4381074ab 100644
--- a/cmd/podman/mount.go
+++ b/cmd/podman/mount.go
@@ -5,8 +5,8 @@ import (
"fmt"
"os"
+ of "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- of "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index a9dfee33c..44aa4776b 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -111,7 +111,7 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
podOptions = append(podOptions, libpod.WithPodName(podName))
// TODO for now we just used the default kernel namespaces; we need to add/subtract this from yaml
- nsOptions, err := shared.GetNamespaceOptions(strings.Split(DefaultKernelNamespaces, ","))
+ nsOptions, err := shared.GetNamespaceOptions(strings.Split(shared.DefaultKernelNamespaces, ","))
if err != nil {
return err
}
@@ -174,7 +174,7 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
return errors.Errorf("Directories are the only supported HostPath type")
}
}
- if err := validateVolumeHostDir(hostPath.Path); err != nil {
+ if err := shared.ValidateVolumeHostDir(hostPath.Path); err != nil {
return errors.Wrapf(err, "Error in parsing HostPath in YAML")
}
fmt.Println(volume.Name)
@@ -190,7 +190,7 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
if err != nil {
return err
}
- ctr, err := createContainerFromCreateConfig(runtime, createConfig, ctx, pod)
+ ctr, err := shared.CreateContainerFromCreateConfig(runtime, createConfig, ctx, pod)
if err != nil {
return err
}
@@ -286,7 +286,7 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
if !exists {
return nil, errors.Errorf("Volume mount %s specified for container but not configured in volumes", volume.Name)
}
- if err := validateVolumeCtrDir(volume.MountPath); err != nil {
+ if err := shared.ValidateVolumeCtrDir(volume.MountPath); err != nil {
return nil, errors.Wrapf(err, "error in parsing MountPath")
}
containerConfig.Volumes = append(containerConfig.Volumes, fmt.Sprintf("%s:%s", host_path, volume.MountPath))
diff --git a/cmd/podman/pod.go b/cmd/podman/pod.go
index 2d9bca21d..9a9c7a702 100644
--- a/cmd/podman/pod.go
+++ b/cmd/podman/pod.go
@@ -1,7 +1,12 @@
package main
import (
+ "os"
+
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/pkg/adapter"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/pkg/errors"
"github.com/spf13/cobra"
)
@@ -34,6 +39,48 @@ var podSubCommands = []*cobra.Command{
_podUnpauseCommand,
}
+func joinPodNS(runtime *adapter.LocalRuntime, all, latest bool, inputArgs []string) ([]string, bool, bool, error) {
+ if rootless.IsRootless() {
+ if os.Geteuid() == 0 {
+ return []string{rootless.Argument()}, false, false, nil
+ } else {
+ var err error
+ var pods []*adapter.Pod
+ if all {
+ pods, err = runtime.GetAllPods()
+ if err != nil {
+ return nil, false, false, errors.Wrapf(err, "unable to get pods")
+ }
+ } else if latest {
+ pod, err := runtime.GetLatestPod()
+ if err != nil {
+ return nil, false, false, errors.Wrapf(err, "unable to get latest pod")
+ }
+ pods = append(pods, pod)
+ } else {
+ for _, i := range inputArgs {
+ pod, err := runtime.LookupPod(i)
+ if err != nil {
+ return nil, false, false, errors.Wrapf(err, "unable to lookup pod %s", i)
+ }
+ pods = append(pods, pod)
+ }
+ }
+ for _, p := range pods {
+ _, ret, err := runtime.JoinOrCreateRootlessPod(p)
+ if err != nil {
+ return nil, false, false, err
+ }
+ if ret != 0 {
+ os.Exit(ret)
+ }
+ }
+ os.Exit(0)
+ }
+ }
+ return inputArgs, all, latest, nil
+}
+
func init() {
podCommand.AddCommand(podSubCommands...)
podCommand.SetHelpTemplate(HelpTemplate())
diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go
index d2b7da597..2f7a6b415 100644
--- a/cmd/podman/pod_create.go
+++ b/cmd/podman/pod_create.go
@@ -5,6 +5,7 @@ import (
"os"
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
@@ -14,8 +15,8 @@ import (
var (
// Kernel namespaces shared by default within a pod
- DefaultKernelNamespaces = "cgroup,ipc,net,uts"
- podCreateCommand cliconfig.PodCreateValues
+
+ podCreateCommand cliconfig.PodCreateValues
podCreateDescription = `After creating the pod, the pod ID is printed to stdout.
@@ -50,7 +51,7 @@ func init() {
flags.StringVarP(&podCreateCommand.Name, "name", "n", "", "Assign a name to the pod")
flags.StringVar(&podCreateCommand.PodIDFile, "pod-id-file", "", "Write the pod ID to the file")
flags.StringSliceVarP(&podCreateCommand.Publish, "publish", "p", []string{}, "Publish a container's port, or a range of ports, to the host (default [])")
- flags.StringVar(&podCreateCommand.Share, "share", DefaultKernelNamespaces, "A comma delimited list of kernel namespaces the pod will share")
+ flags.StringVar(&podCreateCommand.Share, "share", shared.DefaultKernelNamespaces, "A comma delimited list of kernel namespaces the pod will share")
}
@@ -87,7 +88,7 @@ func podCreateCmd(c *cliconfig.PodCreateValues) error {
defer podIdFile.Sync()
}
- labels, err := getAllLabels(c.LabelFile, c.Labels)
+ labels, err := shared.GetAllLabels(c.LabelFile, c.Labels)
if err != nil {
return errors.Wrapf(err, "unable to process labels")
}
diff --git a/cmd/podman/pod_ps.go b/cmd/podman/pod_ps.go
index e30a03005..a956882cf 100644
--- a/cmd/podman/pod_ps.go
+++ b/cmd/podman/pod_ps.go
@@ -8,8 +8,8 @@ import (
"strings"
"time"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/adapter"
diff --git a/cmd/podman/pod_rm.go b/cmd/podman/pod_rm.go
index a40992818..735676f8a 100644
--- a/cmd/podman/pod_rm.go
+++ b/cmd/podman/pod_rm.go
@@ -2,9 +2,11 @@ package main
import (
"fmt"
+ "os"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/pkg/adapter"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -46,11 +48,23 @@ func init() {
// podRmCmd deletes pods
func podRmCmd(c *cliconfig.PodRmValues) error {
+ if os.Geteuid() != 0 {
+ rootless.SetSkipStorageSetup(true)
+ }
runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}
defer runtime.Shutdown(false)
+
+ if rootless.IsRootless() {
+ var err error
+ c.InputArgs, c.All, c.Latest, err = joinPodNS(runtime, c.All, c.Latest, c.InputArgs)
+ if err != nil {
+ return err
+ }
+ }
+
podRmIds, podRmErrors := runtime.RemovePods(getContext(), c)
for _, p := range podRmIds {
fmt.Println(p)
diff --git a/cmd/podman/pod_stats.go b/cmd/podman/pod_stats.go
index 7dbd84525..701051938 100644
--- a/cmd/podman/pod_stats.go
+++ b/cmd/podman/pod_stats.go
@@ -11,8 +11,8 @@ import (
"encoding/json"
tm "github.com/buger/goterm"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
@@ -53,6 +53,11 @@ func init() {
}
func podStatsCmd(c *cliconfig.PodStatsValues) error {
+
+ if os.Geteuid() != 0 {
+ return errors.New("stats is not supported in rootless mode")
+ }
+
format := c.Format
all := c.All
latest := c.Latest
diff --git a/cmd/podman/pod_stop.go b/cmd/podman/pod_stop.go
index f1b0ac51f..754a3a7db 100644
--- a/cmd/podman/pod_stop.go
+++ b/cmd/podman/pod_stop.go
@@ -2,9 +2,11 @@ package main
import (
"fmt"
+ "os"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/pkg/adapter"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -46,12 +48,24 @@ func init() {
}
func podStopCmd(c *cliconfig.PodStopValues) error {
+ if os.Geteuid() != 0 {
+ rootless.SetSkipStorageSetup(true)
+ }
+
runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}
defer runtime.Shutdown(false)
+ if rootless.IsRootless() {
+ var err error
+ c.InputArgs, c.All, c.Latest, err = joinPodNS(runtime, c.All, c.Latest, c.InputArgs)
+ if err != nil {
+ return err
+ }
+ }
+
podStopIds, podStopErrors := runtime.StopPods(getContext(), c)
for _, p := range podStopIds {
fmt.Println(p)
diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go
index 6caac2406..de6966c3b 100644
--- a/cmd/podman/ps.go
+++ b/cmd/podman/ps.go
@@ -12,8 +12,8 @@ import (
"text/tabwriter"
"time"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 4230bb396..56aaae9eb 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -2,12 +2,16 @@ package main
import (
"fmt"
+ "io/ioutil"
+ "os"
+ "strconv"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/image"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -48,11 +52,39 @@ func init() {
markFlagHiddenForRemoteClient("latest", flags)
}
+func joinContainerOrCreateRootlessUserNS(runtime *libpod.Runtime, ctr *libpod.Container) (bool, int, error) {
+ if os.Geteuid() == 0 {
+ return false, 0, nil
+ }
+ s, err := ctr.State()
+ if err != nil {
+ return false, -1, err
+ }
+ opts := rootless.Opts{
+ Argument: ctr.ID(),
+ }
+ if s == libpod.ContainerStateRunning || s == libpod.ContainerStatePaused {
+ data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+ }
+ return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts)
+ }
+ return rootless.BecomeRootInUserNSWithOpts(&opts)
+}
+
// saveCmd saves the image to either docker-archive or oci
func rmCmd(c *cliconfig.RmValues) error {
var (
deleteFuncs []shared.ParallelWorkerInput
)
+ if os.Geteuid() != 0 {
+ rootless.SetSkipStorageSetup(true)
+ }
ctx := getContext()
runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
@@ -61,6 +93,53 @@ func rmCmd(c *cliconfig.RmValues) error {
}
defer runtime.Shutdown(false)
+ if rootless.IsRootless() {
+ // When running in rootless mode we cannot manage different containers and
+ // user namespaces from the same context, so be sure to re-exec once for each
+ // container we are dealing with.
+ // What we do is to first collect all the containers we want to delete, then
+ // we re-exec in each of the container namespaces and from there remove the single
+ // container.
+ var container *libpod.Container
+ if os.Geteuid() == 0 {
+ // We are in the namespace, override InputArgs with the single
+ // argument that was passed down to us.
+ c.All = false
+ c.Latest = false
+ c.InputArgs = []string{rootless.Argument()}
+ } else {
+ var containers []*libpod.Container
+ if c.All {
+ containers, err = runtime.GetContainers()
+ } else if c.Latest {
+ container, err = runtime.GetLatestContainer()
+ if err != nil {
+ return errors.Wrapf(err, "unable to get latest pod")
+ }
+ containers = append(containers, container)
+ } else {
+ for _, c := range c.InputArgs {
+ container, err = runtime.LookupContainer(c)
+ if err != nil {
+ return err
+ }
+ containers = append(containers, container)
+ }
+ }
+ // Now we really delete the containers.
+ for _, c := range containers {
+ _, ret, err := joinContainerOrCreateRootlessUserNS(runtime, c)
+ if err != nil {
+ return err
+ }
+ if ret != 0 {
+ os.Exit(ret)
+ }
+ }
+ os.Exit(0)
+ }
+ }
+
failureCnt := 0
delContainers, err := getAllOrLatestContainers(&c.PodmanCommand, runtime, -1, "all")
if err != nil {
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index ff09e670d..130c5a32c 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -10,6 +10,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/rootless"
opentracing "github.com/opentracing/opentracing-go"
@@ -66,7 +67,7 @@ func runCmd(c *cliconfig.RunValues) error {
}
defer runtime.Shutdown(false)
- ctr, createConfig, err := createContainer(&c.PodmanCommand, runtime)
+ ctr, createConfig, err := shared.CreateContainer(getContext(), &c.PodmanCommand, runtime)
if err != nil {
return err
}
diff --git a/cmd/podman/run_test.go b/cmd/podman/run_test.go
index 5ea39e457..a896f1dc7 100644
--- a/cmd/podman/run_test.go
+++ b/cmd/podman/run_test.go
@@ -5,6 +5,7 @@ import (
"testing"
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/pkg/inspect"
cc "github.com/containers/libpod/pkg/spec"
"github.com/docker/go-units"
@@ -80,7 +81,7 @@ func getRuntimeSpec(c *cliconfig.PodmanCommand) (*spec.Spec, error) {
createConfig, err := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData())
*/
ctx := getContext()
- createConfig, err := parseCreateOpts(ctx, c, nil, "alpine", generateAlpineImageData())
+ createConfig, err := shared.ParseCreateOpts(ctx, c, nil, "alpine", generateAlpineImageData())
if err != nil {
return nil, err
}
diff --git a/cmd/podman/save.go b/cmd/podman/save.go
index 494496a3d..df016b069 100644
--- a/cmd/podman/save.go
+++ b/cmd/podman/save.go
@@ -5,6 +5,7 @@ import (
"strings"
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared/parse"
"github.com/containers/libpod/pkg/adapter"
"github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
@@ -85,7 +86,7 @@ func saveCmd(c *cliconfig.SaveValues) error {
return errors.Errorf("refusing to save to terminal. Use -o flag or redirect")
}
}
- if err := validateFileName(output); err != nil {
+ if err := parse.ValidateFileName(output); err != nil {
return err
}
return runtime.SaveImage(getContext(), c)
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index e508c2bcf..25f5a98b7 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -3,9 +3,9 @@ package main
import (
"strings"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/image/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/libpod/image"
"github.com/pkg/errors"
"github.com/spf13/cobra"
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
new file mode 100644
index 000000000..bfd05d53e
--- /dev/null
+++ b/cmd/podman/shared/create.go
@@ -0,0 +1,837 @@
+package shared
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "os"
+ "path/filepath"
+ "strconv"
+ "strings"
+ "syscall"
+
+ "github.com/containers/image/manifest"
+ "github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared/parse"
+ "github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/libpod/image"
+ ann "github.com/containers/libpod/pkg/annotations"
+ "github.com/containers/libpod/pkg/inspect"
+ ns "github.com/containers/libpod/pkg/namespaces"
+ "github.com/containers/libpod/pkg/rootless"
+ cc "github.com/containers/libpod/pkg/spec"
+ "github.com/containers/libpod/pkg/util"
+ "github.com/docker/docker/pkg/signal"
+ "github.com/docker/go-connections/nat"
+ "github.com/docker/go-units"
+ spec "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/opencontainers/selinux/go-selinux/label"
+ "github.com/opentracing/opentracing-go"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+)
+
+// getContext returns a non-nil, empty context
+func getContext() context.Context {
+ return context.TODO()
+}
+
+func CreateContainer(ctx context.Context, c *cliconfig.PodmanCommand, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) {
+ var (
+ hasHealthCheck bool
+ healthCheck *manifest.Schema2HealthConfig
+ )
+ if c.Bool("trace") {
+ span, _ := opentracing.StartSpanFromContext(ctx, "createContainer")
+ defer span.Finish()
+ }
+
+ rtc := runtime.GetConfig()
+ rootfs := ""
+ if c.Bool("rootfs") {
+ rootfs = c.InputArgs[0]
+ }
+
+ var err error
+ var cidFile *os.File
+ if c.IsSet("cidfile") && os.Geteuid() == 0 {
+ cidFile, err = libpod.OpenExclusiveFile(c.String("cidfile"))
+ if err != nil && os.IsExist(err) {
+ return nil, nil, errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", c.String("cidfile"))
+ }
+ if err != nil {
+ return nil, nil, errors.Errorf("error opening cidfile %s", c.String("cidfile"))
+ }
+ defer cidFile.Close()
+ defer cidFile.Sync()
+ }
+
+ imageName := ""
+ var data *inspect.ImageData = nil
+
+ if rootfs == "" && !rootless.SkipStorageSetup() {
+ var writer io.Writer
+ if !c.Bool("quiet") {
+ writer = os.Stderr
+ }
+
+ newImage, err := runtime.ImageRuntime().New(ctx, c.InputArgs[0], rtc.SignaturePolicyPath, "", writer, nil, image.SigningOptions{}, false, nil)
+ if err != nil {
+ return nil, nil, err
+ }
+ data, err = newImage.Inspect(ctx)
+ names := newImage.Names()
+ if len(names) > 0 {
+ imageName = names[0]
+ } else {
+ imageName = newImage.ID()
+ }
+
+ // add healthcheck if it exists AND is correct mediatype
+ _, mediaType, err := newImage.Manifest(ctx)
+ if err != nil {
+ return nil, nil, errors.Wrapf(err, "unable to determine mediatype of image %s", newImage.ID())
+ }
+ if mediaType == manifest.DockerV2Schema2MediaType {
+ healthCheck, err = newImage.GetHealthCheck(ctx)
+ if err != nil {
+ return nil, nil, errors.Wrapf(err, "unable to get healthcheck for %s", c.InputArgs[0])
+ }
+ if healthCheck != nil {
+ hasHealthCheck = true
+ }
+ }
+ }
+ createConfig, err := ParseCreateOpts(ctx, c, runtime, imageName, data)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ // Because parseCreateOpts does derive anything from the image, we add health check
+ // at this point. The rest is done by WithOptions.
+ createConfig.HasHealthCheck = hasHealthCheck
+ createConfig.HealthCheck = healthCheck
+
+ ctr, err := CreateContainerFromCreateConfig(runtime, createConfig, ctx, nil)
+ if err != nil {
+ return nil, nil, err
+ }
+ if cidFile != nil {
+ _, err = cidFile.WriteString(ctr.ID())
+ if err != nil {
+ logrus.Error(err)
+ }
+
+ }
+
+ logrus.Debugf("New container created %q", ctr.ID())
+ return ctr, createConfig, nil
+}
+
+func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
+ var (
+ labelOpts []string
+ )
+
+ if config.PidMode.IsHost() {
+ labelOpts = append(labelOpts, label.DisableSecOpt()...)
+ } else if config.PidMode.IsContainer() {
+ ctr, err := config.Runtime.LookupContainer(config.PidMode.Container())
+ if err != nil {
+ return errors.Wrapf(err, "container %q not found", config.PidMode.Container())
+ }
+ secopts, err := label.DupSecOpt(ctr.ProcessLabel())
+ if err != nil {
+ return errors.Wrapf(err, "failed to duplicate label %q ", ctr.ProcessLabel())
+ }
+ labelOpts = append(labelOpts, secopts...)
+ }
+
+ if config.IpcMode.IsHost() {
+ labelOpts = append(labelOpts, label.DisableSecOpt()...)
+ } else if config.IpcMode.IsContainer() {
+ ctr, err := config.Runtime.LookupContainer(config.IpcMode.Container())
+ if err != nil {
+ return errors.Wrapf(err, "container %q not found", config.IpcMode.Container())
+ }
+ secopts, err := label.DupSecOpt(ctr.ProcessLabel())
+ if err != nil {
+ return errors.Wrapf(err, "failed to duplicate label %q ", ctr.ProcessLabel())
+ }
+ labelOpts = append(labelOpts, secopts...)
+ }
+
+ for _, opt := range securityOpts {
+ if opt == "no-new-privileges" {
+ config.NoNewPrivs = true
+ } else {
+ con := strings.SplitN(opt, "=", 2)
+ if len(con) != 2 {
+ return fmt.Errorf("Invalid --security-opt 1: %q", opt)
+ }
+
+ switch con[0] {
+ case "label":
+ labelOpts = append(labelOpts, con[1])
+ case "apparmor":
+ config.ApparmorProfile = con[1]
+ case "seccomp":
+ config.SeccompProfilePath = con[1]
+ default:
+ return fmt.Errorf("Invalid --security-opt 2: %q", opt)
+ }
+ }
+ }
+
+ if config.SeccompProfilePath == "" {
+ if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
+ config.SeccompProfilePath = libpod.SeccompOverridePath
+ } else {
+ if !os.IsNotExist(err) {
+ return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
+ }
+ if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
+ if !os.IsNotExist(err) {
+ return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
+ }
+ } else {
+ config.SeccompProfilePath = libpod.SeccompDefaultPath
+ }
+ }
+ }
+ config.LabelOpts = labelOpts
+ return nil
+}
+
+func configureEntrypoint(c *cliconfig.PodmanCommand, data *inspect.ImageData) []string {
+ entrypoint := []string{}
+ if c.IsSet("entrypoint") {
+ // Force entrypoint to ""
+ if c.String("entrypoint") == "" {
+ return entrypoint
+ }
+ // Check if entrypoint specified is json
+ if err := json.Unmarshal([]byte(c.String("entrypoint")), &entrypoint); err == nil {
+ return entrypoint
+ }
+ // Return entrypoint as a single command
+ return []string{c.String("entrypoint")}
+ }
+ if data != nil {
+ return data.Config.Entrypoint
+ }
+ return entrypoint
+}
+
+func configurePod(c *cliconfig.PodmanCommand, runtime *libpod.Runtime, namespaces map[string]string, podName string) (map[string]string, error) {
+ pod, err := runtime.LookupPod(podName)
+ if err != nil {
+ return namespaces, err
+ }
+ podInfraID, err := pod.InfraContainerID()
+ if err != nil {
+ return namespaces, err
+ }
+ if (namespaces["pid"] == cc.Pod) || (!c.IsSet("pid") && pod.SharesPID()) {
+ namespaces["pid"] = fmt.Sprintf("container:%s", podInfraID)
+ }
+ if (namespaces["net"] == cc.Pod) || (!c.IsSet("net") && !c.IsSet("network") && pod.SharesNet()) {
+ namespaces["net"] = fmt.Sprintf("container:%s", podInfraID)
+ }
+ if (namespaces["user"] == cc.Pod) || (!c.IsSet("user") && pod.SharesUser()) {
+ namespaces["user"] = fmt.Sprintf("container:%s", podInfraID)
+ }
+ if (namespaces["ipc"] == cc.Pod) || (!c.IsSet("ipc") && pod.SharesIPC()) {
+ namespaces["ipc"] = fmt.Sprintf("container:%s", podInfraID)
+ }
+ if (namespaces["uts"] == cc.Pod) || (!c.IsSet("uts") && pod.SharesUTS()) {
+ namespaces["uts"] = fmt.Sprintf("container:%s", podInfraID)
+ }
+ return namespaces, nil
+}
+
+// Parses CLI options related to container creation into a config which can be
+// parsed into an OCI runtime spec
+func ParseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *libpod.Runtime, imageName string, data *inspect.ImageData) (*cc.CreateConfig, error) {
+ var (
+ inputCommand, command []string
+ memoryLimit, memoryReservation, memorySwap, memoryKernel int64
+ blkioWeight uint16
+ namespaces map[string]string
+ )
+ if c.IsSet("restart") {
+ return nil, errors.Errorf("--restart option is not supported.\nUse systemd unit files for restarting containers")
+ }
+
+ idmappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidname"), c.String("subgidname"))
+ if err != nil {
+ return nil, err
+ }
+
+ if c.String("mac-address") != "" {
+ return nil, errors.Errorf("--mac-address option not currently supported")
+ }
+
+ imageID := ""
+
+ inputCommand = c.InputArgs[1:]
+ if data != nil {
+ imageID = data.ID
+ }
+
+ rootfs := ""
+ if c.Bool("rootfs") {
+ rootfs = c.InputArgs[0]
+ }
+
+ sysctl, err := validateSysctl(c.StringSlice("sysctl"))
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid value for sysctl")
+ }
+
+ if c.String("memory") != "" {
+ memoryLimit, err = units.RAMInBytes(c.String("memory"))
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid value for memory")
+ }
+ }
+ if c.String("memory-reservation") != "" {
+ memoryReservation, err = units.RAMInBytes(c.String("memory-reservation"))
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid value for memory-reservation")
+ }
+ }
+ if c.String("memory-swap") != "" {
+ memorySwap, err = units.RAMInBytes(c.String("memory-swap"))
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid value for memory-swap")
+ }
+ }
+ if c.String("kernel-memory") != "" {
+ memoryKernel, err = units.RAMInBytes(c.String("kernel-memory"))
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid value for kernel-memory")
+ }
+ }
+ if c.String("blkio-weight") != "" {
+ u, err := strconv.ParseUint(c.String("blkio-weight"), 10, 16)
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid value for blkio-weight")
+ }
+ blkioWeight = uint16(u)
+ }
+ var mountList []spec.Mount
+ if mountList, err = parseMounts(c.StringArray("mount")); err != nil {
+ return nil, err
+ }
+
+ if err = parseVolumes(c.StringArray("volume")); err != nil {
+ return nil, err
+ }
+
+ if err = parseVolumesFrom(c.StringSlice("volumes-from")); err != nil {
+ return nil, err
+ }
+
+ tty := c.Bool("tty")
+
+ if c.Flag("cpu-period").Changed && c.Flag("cpus").Changed {
+ return nil, errors.Errorf("--cpu-period and --cpus cannot be set together")
+ }
+ if c.Flag("cpu-quota").Changed && c.Flag("cpus").Changed {
+ return nil, errors.Errorf("--cpu-quota and --cpus cannot be set together")
+ }
+
+ // EXPOSED PORTS
+ var portBindings map[nat.Port][]nat.PortBinding
+ if data != nil {
+ portBindings, err = cc.ExposedPorts(c.StringSlice("expose"), c.StringSlice("publish"), c.Bool("publish-all"), data.Config.ExposedPorts)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ // Kernel Namespaces
+ // TODO Fix handling of namespace from pod
+ // Instead of integrating here, should be done in libpod
+ // However, that also involves setting up security opts
+ // when the pod's namespace is integrated
+ namespaceNet := c.String("network")
+ if c.Flag("net").Changed {
+ namespaceNet = c.String("net")
+ }
+ namespaces = map[string]string{
+ "pid": c.String("pid"),
+ "net": namespaceNet,
+ "ipc": c.String("ipc"),
+ "user": c.String("userns"),
+ "uts": c.String("uts"),
+ }
+
+ originalPodName := c.String("pod")
+ podName := strings.Replace(originalPodName, "new:", "", 1)
+ // after we strip out :new, make sure there is something left for a pod name
+ if len(podName) < 1 && c.IsSet("pod") {
+ return nil, errors.Errorf("new pod name must be at least one character")
+ }
+ if c.IsSet("pod") {
+ if strings.HasPrefix(originalPodName, "new:") {
+ if rootless.IsRootless() {
+ // To create a new pod, we must immediately create the userns.
+ became, ret, err := rootless.BecomeRootInUserNS()
+ if err != nil {
+ return nil, err
+ }
+ if became {
+ os.Exit(ret)
+ }
+ }
+ // pod does not exist; lets make it
+ var podOptions []libpod.PodCreateOption
+ podOptions = append(podOptions, libpod.WithPodName(podName), libpod.WithInfraContainer(), libpod.WithPodCgroups())
+ if len(portBindings) > 0 {
+ ociPortBindings, err := cc.NatToOCIPortBindings(portBindings)
+ if err != nil {
+ return nil, err
+ }
+ podOptions = append(podOptions, libpod.WithInfraContainerPorts(ociPortBindings))
+ }
+
+ podNsOptions, err := GetNamespaceOptions(strings.Split(DefaultKernelNamespaces, ","))
+ if err != nil {
+ return nil, err
+ }
+ podOptions = append(podOptions, podNsOptions...)
+ // make pod
+ pod, err := runtime.NewPod(ctx, podOptions...)
+ if err != nil {
+ return nil, err
+ }
+ logrus.Debugf("pod %s created by new container request", pod.ID())
+
+ // The container now cannot have port bindings; so we reset the map
+ portBindings = make(map[nat.Port][]nat.PortBinding)
+ }
+ namespaces, err = configurePod(c, runtime, namespaces, podName)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ pidMode := ns.PidMode(namespaces["pid"])
+ if !cc.Valid(string(pidMode), pidMode) {
+ return nil, errors.Errorf("--pid %q is not valid", c.String("pid"))
+ }
+
+ usernsMode := ns.UsernsMode(namespaces["user"])
+ if !cc.Valid(string(usernsMode), usernsMode) {
+ return nil, errors.Errorf("--userns %q is not valid", namespaces["user"])
+ }
+
+ utsMode := ns.UTSMode(namespaces["uts"])
+ if !cc.Valid(string(utsMode), utsMode) {
+ return nil, errors.Errorf("--uts %q is not valid", namespaces["uts"])
+ }
+
+ ipcMode := ns.IpcMode(namespaces["ipc"])
+ if !cc.Valid(string(ipcMode), ipcMode) {
+ return nil, errors.Errorf("--ipc %q is not valid", ipcMode)
+ }
+
+ // Make sure if network is set to container namespace, port binding is not also being asked for
+ netMode := ns.NetworkMode(namespaces["net"])
+ if netMode.IsContainer() {
+ if len(portBindings) > 0 {
+ return nil, errors.Errorf("cannot set port bindings on an existing container network namespace")
+ }
+ }
+
+ // USER
+ user := c.String("user")
+ if user == "" {
+ if data == nil {
+ user = "0"
+ } else {
+ user = data.Config.User
+ }
+ }
+
+ // STOP SIGNAL
+ stopSignal := syscall.SIGTERM
+ signalString := ""
+ if data != nil {
+ signalString = data.Config.StopSignal
+ }
+ if c.IsSet("stop-signal") {
+ signalString = c.String("stop-signal")
+ }
+ if signalString != "" {
+ stopSignal, err = signal.ParseSignal(signalString)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ // ENVIRONMENT VARIABLES
+ env := defaultEnvVariables
+ if data != nil {
+ for _, e := range data.Config.Env {
+ split := strings.SplitN(e, "=", 2)
+ if len(split) > 1 {
+ env[split[0]] = split[1]
+ } else {
+ env[split[0]] = ""
+ }
+ }
+ }
+ if err := parse.ReadKVStrings(env, c.StringSlice("env-file"), c.StringSlice("env")); err != nil {
+ return nil, errors.Wrapf(err, "unable to process environment variables")
+ }
+
+ // LABEL VARIABLES
+ labels, err := GetAllLabels(c.StringSlice("label-file"), c.StringArray("label"))
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to process labels")
+ }
+ if data != nil {
+ for key, val := range data.Config.Labels {
+ if _, ok := labels[key]; !ok {
+ labels[key] = val
+ }
+ }
+ }
+
+ // ANNOTATIONS
+ annotations := make(map[string]string)
+ // First, add our default annotations
+ annotations[ann.ContainerType] = "sandbox"
+ annotations[ann.TTY] = "false"
+ if tty {
+ annotations[ann.TTY] = "true"
+ }
+ if data != nil {
+ // Next, add annotations from the image
+ for key, value := range data.Annotations {
+ annotations[key] = value
+ }
+ }
+ // Last, add user annotations
+ for _, annotation := range c.StringSlice("annotation") {
+ splitAnnotation := strings.SplitN(annotation, "=", 2)
+ if len(splitAnnotation) < 2 {
+ return nil, errors.Errorf("Annotations must be formatted KEY=VALUE")
+ }
+ annotations[splitAnnotation[0]] = splitAnnotation[1]
+ }
+
+ // WORKING DIRECTORY
+ workDir := "/"
+ if c.IsSet("workdir") || c.IsSet("w") {
+ workDir = c.String("workdir")
+ } else if data != nil && data.Config.WorkingDir != "" {
+ workDir = data.Config.WorkingDir
+ }
+
+ entrypoint := configureEntrypoint(c, data)
+ // Build the command
+ // If we have an entry point, it goes first
+ if len(entrypoint) > 0 {
+ command = entrypoint
+ }
+ if len(inputCommand) > 0 {
+ // User command overrides data CMD
+ command = append(command, inputCommand...)
+ } else if data != nil && len(data.Config.Cmd) > 0 && !c.IsSet("entrypoint") {
+ // If not user command, add CMD
+ command = append(command, data.Config.Cmd...)
+ }
+
+ if data != nil && len(command) == 0 {
+ return nil, errors.Errorf("No command specified on command line or as CMD or ENTRYPOINT in this image")
+ }
+
+ // SHM Size
+ shmSize, err := units.FromHumanSize(c.String("shm-size"))
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to translate --shm-size")
+ }
+
+ // Verify the additional hosts are in correct format
+ for _, host := range c.StringSlice("add-host") {
+ if _, err := parse.ValidateExtraHost(host); err != nil {
+ return nil, err
+ }
+ }
+
+ // Check for . and dns-search domains
+ if util.StringInSlice(".", c.StringSlice("dns-search")) && len(c.StringSlice("dns-search")) > 1 {
+ return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
+ }
+
+ // Validate domains are good
+ for _, dom := range c.StringSlice("dns-search") {
+ if _, err := parse.ValidateDomain(dom); err != nil {
+ return nil, err
+ }
+ }
+
+ var ImageVolumes map[string]struct{}
+ if data != nil && c.String("image-volume") != "ignore" {
+ ImageVolumes = data.Config.Volumes
+ }
+
+ var imageVolType = map[string]string{
+ "bind": "",
+ "tmpfs": "",
+ "ignore": "",
+ }
+ if _, ok := imageVolType[c.String("image-volume")]; !ok {
+ return nil, errors.Errorf("invalid image-volume type %q. Pick one of bind, tmpfs, or ignore", c.String("image-volume"))
+ }
+
+ var systemd bool
+ if command != nil && c.Bool("systemd") && ((filepath.Base(command[0]) == "init") || (filepath.Base(command[0]) == "systemd")) {
+ systemd = true
+ if signalString == "" {
+ stopSignal, err = signal.ParseSignal("RTMIN+3")
+ if err != nil {
+ return nil, errors.Wrapf(err, "error parsing systemd signal")
+ }
+ }
+ }
+ // This is done because cobra cannot have two aliased flags. So we have to check
+ // both
+ network := c.String("network")
+ if c.Flag("net").Changed {
+ network = c.String("net")
+ }
+
+ var memorySwappiness int64
+ if c.Flags().Lookup("memory-swappiness") != nil {
+ memorySwappiness, _ = c.Flags().GetInt64("memory-swappiness")
+ }
+ config := &cc.CreateConfig{
+ Runtime: runtime,
+ Annotations: annotations,
+ BuiltinImgVolumes: ImageVolumes,
+ ConmonPidFile: c.String("conmon-pidfile"),
+ ImageVolumeType: c.String("image-volume"),
+ CapAdd: c.StringSlice("cap-add"),
+ CapDrop: c.StringSlice("cap-drop"),
+ CgroupParent: c.String("cgroup-parent"),
+ Command: command,
+ Detach: c.Bool("detach"),
+ Devices: c.StringSlice("device"),
+ DNSOpt: c.StringSlice("dns-opt"),
+ DNSSearch: c.StringSlice("dns-search"),
+ DNSServers: c.StringSlice("dns"),
+ Entrypoint: entrypoint,
+ Env: env,
+ //ExposedPorts: ports,
+ GroupAdd: c.StringSlice("group-add"),
+ Hostname: c.String("hostname"),
+ HostAdd: c.StringSlice("add-host"),
+ IDMappings: idmappings,
+ Image: imageName,
+ ImageID: imageID,
+ Interactive: c.Bool("interactive"),
+ //IP6Address: c.String("ipv6"), // Not implemented yet - needs CNI support for static v6
+ IPAddress: c.String("ip"),
+ Labels: labels,
+ //LinkLocalIP: c.StringSlice("link-local-ip"), // Not implemented yet
+ LogDriver: c.String("log-driver"),
+ LogDriverOpt: c.StringSlice("log-opt"),
+ MacAddress: c.String("mac-address"),
+ Name: c.String("name"),
+ Network: network,
+ //NetworkAlias: c.StringSlice("network-alias"), // Not implemented - does this make sense in Podman?
+ IpcMode: ipcMode,
+ NetMode: netMode,
+ UtsMode: utsMode,
+ PidMode: pidMode,
+ Pod: podName,
+ Privileged: c.Bool("privileged"),
+ Publish: c.StringSlice("publish"),
+ PublishAll: c.Bool("publish-all"),
+ PortBindings: portBindings,
+ Quiet: c.Bool("quiet"),
+ ReadOnlyRootfs: c.Bool("read-only"),
+ Resources: cc.CreateResourceConfig{
+ BlkioWeight: blkioWeight,
+ BlkioWeightDevice: c.StringSlice("blkio-weight-device"),
+ CPUShares: c.Uint64("cpu-shares"),
+ CPUPeriod: c.Uint64("cpu-period"),
+ CPUsetCPUs: c.String("cpuset-cpus"),
+ CPUsetMems: c.String("cpuset-mems"),
+ CPUQuota: c.Int64("cpu-quota"),
+ CPURtPeriod: c.Uint64("cpu-rt-period"),
+ CPURtRuntime: c.Int64("cpu-rt-runtime"),
+ CPUs: c.Float64("cpus"),
+ DeviceReadBps: c.StringSlice("device-read-bps"),
+ DeviceReadIOps: c.StringSlice("device-read-iops"),
+ DeviceWriteBps: c.StringSlice("device-write-bps"),
+ DeviceWriteIOps: c.StringSlice("device-write-iops"),
+ DisableOomKiller: c.Bool("oom-kill-disable"),
+ ShmSize: shmSize,
+ Memory: memoryLimit,
+ MemoryReservation: memoryReservation,
+ MemorySwap: memorySwap,
+ MemorySwappiness: int(memorySwappiness),
+ KernelMemory: memoryKernel,
+ OomScoreAdj: c.Int("oom-score-adj"),
+ PidsLimit: c.Int64("pids-limit"),
+ Ulimit: c.StringSlice("ulimit"),
+ },
+ Rm: c.Bool("rm"),
+ StopSignal: stopSignal,
+ StopTimeout: c.Uint("stop-timeout"),
+ Sysctl: sysctl,
+ Systemd: systemd,
+ Tmpfs: c.StringSlice("tmpfs"),
+ Tty: tty,
+ User: user,
+ UsernsMode: usernsMode,
+ Mounts: mountList,
+ Volumes: c.StringArray("volume"),
+ WorkDir: workDir,
+ Rootfs: rootfs,
+ VolumesFrom: c.StringSlice("volumes-from"),
+ Syslog: c.GlobalFlags.Syslog,
+ }
+ if c.Bool("init") {
+ initPath := c.String("init-path")
+ if initPath == "" {
+ initPath = runtime.GetConfig().InitPath
+ }
+ if err := config.AddContainerInitBinary(initPath); err != nil {
+ return nil, err
+ }
+ }
+
+ if config.Privileged {
+ config.LabelOpts = label.DisableSecOpt()
+ } else {
+ if err := parseSecurityOpt(config, c.StringArray("security-opt")); err != nil {
+ return nil, err
+ }
+ }
+ config.SecurityOpts = c.StringArray("security-opt")
+ warnings, err := verifyContainerResources(config, false)
+ if err != nil {
+ return nil, err
+ }
+ for _, warning := range warnings {
+ fmt.Fprintln(os.Stderr, warning)
+ }
+ return config, nil
+}
+
+type namespace interface {
+ IsContainer() bool
+ Container() string
+}
+
+func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *libpod.Runtime) (bool, int, error) {
+ if os.Geteuid() == 0 {
+ return false, 0, nil
+ }
+
+ if createConfig.Pod != "" {
+ pod, err := runtime.LookupPod(createConfig.Pod)
+ if err != nil {
+ return false, -1, err
+ }
+ inspect, err := pod.Inspect()
+ for _, ctr := range inspect.Containers {
+ prevCtr, err := runtime.LookupContainer(ctr.ID)
+ if err != nil {
+ return false, -1, err
+ }
+ s, err := prevCtr.State()
+ if err != nil {
+ return false, -1, err
+ }
+ if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused {
+ continue
+ }
+ data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile)
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+ }
+ return rootless.JoinDirectUserAndMountNS(uint(conmonPid))
+ }
+ }
+
+ namespacesStr := []string{string(createConfig.IpcMode), string(createConfig.NetMode), string(createConfig.UsernsMode), string(createConfig.PidMode), string(createConfig.UtsMode)}
+ for _, i := range namespacesStr {
+ if cc.IsNS(i) {
+ return rootless.JoinNSPath(cc.NS(i))
+ }
+ }
+
+ namespaces := []namespace{createConfig.IpcMode, createConfig.NetMode, createConfig.UsernsMode, createConfig.PidMode, createConfig.UtsMode}
+ for _, i := range namespaces {
+ if i.IsContainer() {
+ ctr, err := runtime.LookupContainer(i.Container())
+ if err != nil {
+ return false, -1, err
+ }
+ pid, err := ctr.PID()
+ if err != nil {
+ return false, -1, err
+ }
+ if pid == 0 {
+ if createConfig.Pod != "" {
+ continue
+ }
+ return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID())
+ }
+ return rootless.JoinNS(uint(pid), 0)
+ }
+ }
+ return rootless.BecomeRootInUserNS()
+}
+
+func CreateContainerFromCreateConfig(r *libpod.Runtime, createConfig *cc.CreateConfig, ctx context.Context, pod *libpod.Pod) (*libpod.Container, error) {
+ runtimeSpec, err := cc.CreateConfigToOCISpec(createConfig)
+ if err != nil {
+ return nil, err
+ }
+
+ options, err := createConfig.GetContainerCreateOptions(r, pod)
+ if err != nil {
+ return nil, err
+ }
+ became, ret, err := joinOrCreateRootlessUserNamespace(createConfig, r)
+ if err != nil {
+ return nil, err
+ }
+ if became {
+ os.Exit(ret)
+ }
+
+ ctr, err := r.NewContainer(ctx, runtimeSpec, options...)
+ if err != nil {
+ return nil, err
+ }
+
+ createConfigJSON, err := json.Marshal(createConfig)
+ if err != nil {
+ return nil, err
+ }
+ if err := ctr.AddArtifact("create-config", createConfigJSON); err != nil {
+ return nil, err
+ }
+ return ctr, nil
+}
+
+var defaultEnvVariables = map[string]string{
+ "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "TERM": "xterm",
+}
diff --git a/cmd/podman/create_cli.go b/cmd/podman/shared/create_cli.go
index ae0549687..4f9cb1699 100644
--- a/cmd/podman/create_cli.go
+++ b/cmd/podman/shared/create_cli.go
@@ -1,4 +1,4 @@
-package main
+package shared
import (
"fmt"
@@ -6,6 +6,7 @@ import (
"path/filepath"
"strings"
+ "github.com/containers/libpod/cmd/podman/shared/parse"
cc "github.com/containers/libpod/pkg/spec"
"github.com/containers/libpod/pkg/sysinfo"
"github.com/docker/go-units"
@@ -19,9 +20,10 @@ const (
linuxMinMemory = 4194304
)
-func getAllLabels(labelFile, inputLabels []string) (map[string]string, error) {
+// GetAllLabels ...
+func GetAllLabels(labelFile, inputLabels []string) (map[string]string, error) {
labels := make(map[string]string)
- labelErr := readKVStrings(labels, labelFile, inputLabels)
+ labelErr := parse.ReadKVStrings(labels, labelFile, inputLabels)
if labelErr != nil {
return labels, errors.Wrapf(labelErr, "unable to process labels from --label and label-file")
}
@@ -149,12 +151,12 @@ func parseMounts(mounts []string) ([]spec.Mount, error) {
if mountInfo.Type == "tmpfs" {
return nil, errors.Errorf("cannot use src= on a tmpfs file system")
}
- if err := validateVolumeHostDir(kv[1]); err != nil {
+ if err := ValidateVolumeHostDir(kv[1]); err != nil {
return nil, err
}
mountInfo.Source = kv[1]
case "target", "dst", "destination":
- if err := validateVolumeCtrDir(kv[1]); err != nil {
+ if err := ValidateVolumeCtrDir(kv[1]); err != nil {
return nil, err
}
mountInfo.Destination = kv[1]
@@ -173,10 +175,10 @@ func parseVolumes(volumes []string) error {
if len(arr) < 2 {
return errors.Errorf("incorrect volume format %q, should be host-dir:ctr-dir[:option]", volume)
}
- if err := validateVolumeHostDir(arr[0]); err != nil {
+ if err := ValidateVolumeHostDir(arr[0]); err != nil {
return err
}
- if err := validateVolumeCtrDir(arr[1]); err != nil {
+ if err := ValidateVolumeCtrDir(arr[1]); err != nil {
return err
}
if len(arr) > 2 {
@@ -203,7 +205,8 @@ func parseVolumesFrom(volumesFrom []string) error {
return nil
}
-func validateVolumeHostDir(hostDir string) error {
+// ValidateVolumeHostDir ...
+func ValidateVolumeHostDir(hostDir string) error {
if len(hostDir) == 0 {
return errors.Errorf("host directory cannot be empty")
}
@@ -217,7 +220,8 @@ func validateVolumeHostDir(hostDir string) error {
return nil
}
-func validateVolumeCtrDir(ctrDir string) error {
+// ValidateVolumeCtrDir ...
+func ValidateVolumeCtrDir(ctrDir string) error {
if len(ctrDir) == 0 {
return errors.Errorf("container directory cannot be empty")
}
diff --git a/cmd/podman/create_cli_test.go b/cmd/podman/shared/create_cli_test.go
index 9db007ff3..fea1a2390 100644
--- a/cmd/podman/create_cli_test.go
+++ b/cmd/podman/shared/create_cli_test.go
@@ -1,4 +1,4 @@
-package main
+package shared
import (
"io/ioutil"
@@ -42,20 +42,20 @@ func TestValidateSysctlBadSysctl(t *testing.T) {
func TestGetAllLabels(t *testing.T) {
fileLabels := []string{}
- labels, _ := getAllLabels(fileLabels, Var1)
+ labels, _ := GetAllLabels(fileLabels, Var1)
assert.Equal(t, len(labels), 2)
}
func TestGetAllLabelsBadKeyValue(t *testing.T) {
inLabels := []string{"=badValue", "="}
fileLabels := []string{}
- _, err := getAllLabels(fileLabels, inLabels)
+ _, err := GetAllLabels(fileLabels, inLabels)
assert.Error(t, err, assert.AnError)
}
func TestGetAllLabelsBadLabelFile(t *testing.T) {
fileLabels := []string{"/foobar5001/be"}
- _, err := getAllLabels(fileLabels, Var1)
+ _, err := GetAllLabels(fileLabels, Var1)
assert.Error(t, err, assert.AnError)
}
@@ -65,6 +65,6 @@ func TestGetAllLabelsFile(t *testing.T) {
defer os.Remove(tFile)
assert.NoError(t, err)
fileLabels := []string{tFile}
- result, _ := getAllLabels(fileLabels, Var1)
+ result, _ := GetAllLabels(fileLabels, Var1)
assert.Equal(t, len(result), 3)
}
diff --git a/cmd/podman/shared/events.go b/cmd/podman/shared/events.go
new file mode 100644
index 000000000..c62044271
--- /dev/null
+++ b/cmd/podman/shared/events.go
@@ -0,0 +1,115 @@
+package shared
+
+import (
+ "fmt"
+ "strings"
+ "time"
+
+ "github.com/containers/libpod/libpod/events"
+ "github.com/containers/libpod/pkg/util"
+ "github.com/pkg/errors"
+)
+
+func generateEventFilter(filter, filterValue string) (func(e *events.Event) bool, error) {
+ switch strings.ToUpper(filter) {
+ case "CONTAINER":
+ return func(e *events.Event) bool {
+ if e.Type != events.Container {
+ return false
+ }
+ if e.Name == filterValue {
+ return true
+ }
+ return strings.HasPrefix(e.ID, filterValue)
+ }, nil
+ case "EVENT", "STATUS":
+ return func(e *events.Event) bool {
+ return fmt.Sprintf("%s", e.Status) == filterValue
+ }, nil
+ case "IMAGE":
+ return func(e *events.Event) bool {
+ if e.Type != events.Image {
+ return false
+ }
+ if e.Name == filterValue {
+ return true
+ }
+ return strings.HasPrefix(e.ID, filterValue)
+ }, nil
+ case "POD":
+ return func(e *events.Event) bool {
+ if e.Type != events.Pod {
+ return false
+ }
+ if e.Name == filterValue {
+ return true
+ }
+ return strings.HasPrefix(e.ID, filterValue)
+ }, nil
+ case "VOLUME":
+ return func(e *events.Event) bool {
+ if e.Type != events.Volume {
+ return false
+ }
+ return strings.HasPrefix(e.ID, filterValue)
+ }, nil
+ case "TYPE":
+ return func(e *events.Event) bool {
+ return fmt.Sprintf("%s", e.Type) == filterValue
+ }, nil
+ }
+ return nil, errors.Errorf("%s is an invalid filter", filter)
+}
+
+func generateEventSinceOption(timeSince time.Time) func(e *events.Event) bool {
+ return func(e *events.Event) bool {
+ return e.Time.After(timeSince)
+ }
+}
+
+func generateEventUntilOption(timeUntil time.Time) func(e *events.Event) bool {
+ return func(e *events.Event) bool {
+ return e.Time.Before(timeUntil)
+
+ }
+}
+
+func parseFilter(filter string) (string, string, error) {
+ filterSplit := strings.Split(filter, "=")
+ if len(filterSplit) != 2 {
+ return "", "", errors.Errorf("%s is an invalid filter", filter)
+ }
+ return filterSplit[0], filterSplit[1], nil
+}
+
+func GenerateEventOptions(filters []string, since, until string) ([]events.EventFilter, error) {
+ var options []events.EventFilter
+ for _, filter := range filters {
+ key, val, err := parseFilter(filter)
+ if err != nil {
+ return nil, err
+ }
+ funcFilter, err := generateEventFilter(key, val)
+ if err != nil {
+ return nil, err
+ }
+ options = append(options, funcFilter)
+ }
+
+ if len(since) > 0 {
+ timeSince, err := util.ParseInputTime(since)
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to convert since time of %s", since)
+ }
+ options = append(options, generateEventSinceOption(timeSince))
+ }
+
+ if len(until) > 0 {
+ timeUntil, err := util.ParseInputTime(until)
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to convert until time of %s", until)
+ }
+ options = append(options, generateEventUntilOption(timeUntil))
+ }
+ return options, nil
+}
diff --git a/cmd/podman/parse.go b/cmd/podman/shared/parse/parse.go
index 2e4959656..a3751835b 100644
--- a/cmd/podman/parse.go
+++ b/cmd/podman/shared/parse/parse.go
@@ -1,7 +1,7 @@
//nolint
// most of these validate and parse functions have been taken from projectatomic/docker
// and modified for cri-o
-package main
+package parse
import (
"bufio"
@@ -50,7 +50,7 @@ var (
// validateExtraHost validates that the specified string is a valid extrahost and returns it.
// ExtraHost is in the form of name:ip where the ip has to be a valid ip (ipv4 or ipv6).
// for add-host flag
-func validateExtraHost(val string) (string, error) { //nolint
+func ValidateExtraHost(val string) (string, error) { //nolint
// allow for IPv6 addresses in extra hosts by only splitting on first ":"
arr := strings.SplitN(val, ":", 2)
if len(arr) != 2 || len(arr[0]) == 0 {
@@ -140,10 +140,10 @@ func validateDNSSearch(val string) (string, error) { //nolint
if val = strings.Trim(val, " "); val == "." {
return val, nil
}
- return validateDomain(val)
+ return ValidateDomain(val)
}
-func validateDomain(val string) (string, error) {
+func ValidateDomain(val string) (string, error) {
if alphaRegexp.FindString(val) == "" {
return "", fmt.Errorf("%s is not a valid domain", val)
}
@@ -181,7 +181,7 @@ func doesEnvExist(name string) bool {
// reads a file of line terminated key=value pairs, and overrides any keys
// present in the file with additional pairs specified in the override parameter
// for env-file and labels-file flags
-func readKVStrings(env map[string]string, files []string, override []string) error {
+func ReadKVStrings(env map[string]string, files []string, override []string) error {
for _, ef := range files {
if err := parseEnvFile(env, ef); err != nil {
return err
@@ -494,9 +494,9 @@ func stringSlicetoUint32Slice(inputSlice []string) ([]uint32, error) {
return outputSlice, nil
}
-// validateFileName returns an error if filename contains ":"
+// ValidateFileName returns an error if filename contains ":"
// as it is currently not supported
-func validateFileName(filename string) error {
+func ValidateFileName(filename string) error {
if strings.Contains(filename, ":") {
return errors.Errorf("invalid filename (should not contain ':') %q", filename)
}
diff --git a/cmd/podman/shared/pod.go b/cmd/podman/shared/pod.go
index 5f65c40ac..4d936d61c 100644
--- a/cmd/podman/shared/pod.go
+++ b/cmd/podman/shared/pod.go
@@ -136,3 +136,5 @@ func CreatePortBindings(ports []string) ([]ocicni.PortMapping, error) {
}
return portBindings, nil
}
+
+var DefaultKernelNamespaces = "cgroup,ipc,net,uts"
diff --git a/cmd/podman/stats.go b/cmd/podman/stats.go
index 3e2e114a9..d379dbad7 100644
--- a/cmd/podman/stats.go
+++ b/cmd/podman/stats.go
@@ -8,8 +8,8 @@ import (
"time"
tm "github.com/buger/goterm"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
"github.com/docker/go-units"
diff --git a/cmd/podman/trust_set_show.go b/cmd/podman/trust_set_show.go
index 5a70c21cc..d7a4ea6d6 100644
--- a/cmd/podman/trust_set_show.go
+++ b/cmd/podman/trust_set_show.go
@@ -7,9 +7,9 @@ import (
"sort"
"strings"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/image/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/trust"
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index 6109bd290..791790e2e 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -435,6 +435,23 @@ type Runlabel(
opts: [string]string
)
+# Event describes a libpod struct
+type Event(
+ # TODO: make status and type a enum at some point?
+ # id is the container, volume, pod, image ID
+ id: string,
+ # image is the image name where applicable
+ image: string,
+ # name is the name of the pod, container, image
+ name: string,
+ # status describes the event that happened (i.e. create, remove, ...)
+ status: string,
+ # time the event happened
+ time: string,
+ # type describes object the event happened with (image, container...)
+ type: string
+)
+
# GetVersion returns version and build information of the podman service
method GetVersion() -> (
version: string,
@@ -656,7 +673,7 @@ method RemoveContainer(name: string, force: bool, removeVolumes: bool) -> (conta
method DeleteStoppedContainers() -> (containers: []string)
# ListImages returns information about the images that are currently in storage.
-# See also [InspectImage](InspectImage).
+# See also [InspectImage](#InspectImage).
method ListImages() -> (images: []Image)
# GetImage returns information about a single image in storage.
@@ -1123,6 +1140,9 @@ method GetPodsByContext(all: bool, latest: bool, args: []string) -> (pods: []str
# LoadImage allows you to load an image into local storage from a tarball.
method LoadImage(name: string, inputFile: string, quiet: bool, deleteFile: bool) -> (reply: MoreResponse)
+# GetEvents returns known libpod events filtered by the options provided.
+method GetEvents(filter: []string, since: string, stream: bool, until: string) -> (events: Event)
+
# ImageNotFound means the image could not be found by the provided name or ID in local storage.
error ImageNotFound (id: string, reason: string)
@@ -1152,3 +1172,6 @@ error ErrorOccurred (reason: string)
# RuntimeErrors generally means a runtime could not be found or gotten.
error RuntimeError (reason: string)
+
+# The Podman endpoint requires that you use a streaming connection.
+error WantsMoreRequired (reason: string)
diff --git a/cmd/podman/version.go b/cmd/podman/version.go
index b3615ce23..336be892e 100644
--- a/cmd/podman/version.go
+++ b/cmd/podman/version.go
@@ -6,8 +6,8 @@ import (
"text/tabwriter"
"time"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/libpod"
"github.com/pkg/errors"
"github.com/spf13/cobra"
diff --git a/cmd/podman/volume_create.go b/cmd/podman/volume_create.go
index d873f9806..8f6237272 100644
--- a/cmd/podman/volume_create.go
+++ b/cmd/podman/volume_create.go
@@ -4,6 +4,7 @@ import (
"fmt"
"github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
"github.com/spf13/cobra"
@@ -50,12 +51,12 @@ func volumeCreateCmd(c *cliconfig.VolumeCreateValues) error {
return errors.Errorf("too many arguments, create takes at most 1 argument")
}
- labels, err := getAllLabels([]string{}, c.Label)
+ labels, err := shared.GetAllLabels([]string{}, c.Label)
if err != nil {
return errors.Wrapf(err, "unable to process labels")
}
- opts, err := getAllLabels([]string{}, c.Opt)
+ opts, err := shared.GetAllLabels([]string{}, c.Opt)
if err != nil {
return errors.Wrapf(err, "unable to process options")
}
diff --git a/cmd/podman/volume_ls.go b/cmd/podman/volume_ls.go
index 5a36f4f7d..2f35462a3 100644
--- a/cmd/podman/volume_ls.go
+++ b/cmd/podman/volume_ls.go
@@ -4,8 +4,8 @@ import (
"reflect"
"strings"
+ "github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
"github.com/spf13/cobra"
diff --git a/commands.md b/commands.md
index 3fd27ad5d..6c5fad2f6 100644
--- a/commands.md
+++ b/commands.md
@@ -19,6 +19,7 @@
| [podman-cp(1)](/docs/podman-cp.1.md) | Copy files/folders between a container and the local filesystem ||
| [podman-create(1)](/docs/podman-create.1.md) | Create a new container ||
| [podman-diff(1)](/docs/podman-diff.1.md) | Inspect changes on a container or image's filesystem |[![...](/docs/play.png)](https://asciinema.org/a/FXfWB9CKYFwYM4EfqW3NSZy1G)|
+| [podman-events(1)](/docs/podman-events.1.md) | Monitor Podman events ||
| [podman-exec(1)](/docs/podman-exec.1.md) | Execute a command in a running container
| [podman-export(1)](/docs/podman-export.1.md) | Export container's filesystem contents as a tar archive |[![...](/docs/play.png)](https://asciinema.org/a/913lBIRAg5hK8asyIhhkQVLtV)|
| [podman-generate(1)](/docs/podman-generate.1.md) | Generate structured output based on Podman containers and pods | |
diff --git a/completions/bash/podman b/completions/bash/podman
index a6445e14e..d8354fa80 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -2438,6 +2438,22 @@ _podman_play_kube() {
esac
}
+_podman_events() {
+ local options_with_args="
+ --help
+ --h
+ --filter
+ --format
+ --since
+ --until
+ "
+ case "$cur" in
+ -*)
+ COMPREPLY=($(compgen -W "$options_with_args" -- "$cur"))
+ ;;
+ esac
+}
+
_podman_container_runlabel() {
local options_with_args="
--authfile
@@ -3027,6 +3043,7 @@ _podman_podman() {
cp
create
diff
+ events
exec
export
generate
diff --git a/docs/libpod.conf.5.md b/docs/libpod.conf.5.md
index 9a19e1224..777edeacb 100644
--- a/docs/libpod.conf.5.md
+++ b/docs/libpod.conf.5.md
@@ -91,6 +91,10 @@ libpod to manage containers.
Directory where named volumes will be created in using the default volume driver.
By default this will be configured relative to where containers/storage stores containers.
+**network_cmd_path**=""
+ Path to the command binary to use for setting up a network. It is currently only used for setting up
+ a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable.
+
## FILES
`/usr/share/containers/libpod.conf`, default libpod configuration path
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 342ef59c3..4de79b07e 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -164,8 +164,7 @@ Detached mode: run the container in the background and print the new container I
At any time you can run **podman ps** in
the other shell to view a list of the running containers. You can reattach to a
-detached container with **podman attach**. If you choose to run a container in
-the detached mode, then you cannot use the **-rm** option.
+detached container with **podman attach**.
When attached in the tty mode, you can detach from the container (and leave it
running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`.
diff --git a/docs/podman-events.1.md b/docs/podman-events.1.md
new file mode 100644
index 000000000..b4ebe7649
--- /dev/null
+++ b/docs/podman-events.1.md
@@ -0,0 +1,139 @@
+% podman-events(1)
+
+## NAME
+podman\-events- Monitor Podman events
+
+## SYNOPSIS
+**podman events** [*options*]
+
+## DESCRIPTION
+
+Monitor and print events that occur in Podman. Each event will include a timestamp,
+a type, a status, name (if applicable), and image (if applicable).
+
+The *container* event type will report the follow statuses:
+ * attach
+ * checkpoint
+ * cleanup
+ * commit
+ * create
+ * exec
+ * export
+ * import
+ * init
+ * kill
+ * mount
+ * pause
+ * prune
+ * remove
+ * restore
+ * start
+ * stop
+ * sync
+ * unmount
+ * unpause
+ * wait
+
+The *pod* event type will report the follow statuses:
+ * create
+ * kill
+ * pause
+ * remove
+ * start
+ * stop
+ * unpause
+
+The *image* event type will report the following statuses:
+ * prune
+ * pull
+ * push
+ * remove
+ * save
+ * tag
+ * untag
+
+The *volume* type will report the following statuses:
+ * create
+ * prune
+ * remove
+
+
+## OPTIONS
+
+**--help**
+
+Print usage statement.
+
+**--format**
+
+Format the output using the given Go template. An output value of *json* is not supported.
+
+
+**--filter**=[]
+
+Filter events that are displayed. They must be in the format of "filter=value". The following
+filters are supported:
+ * container=name_or_id
+ * event=event_status (described above)
+ * image=name_or_id
+ * pod=name_or_id
+ * volume=name_or_id
+ * type=event_type (described above)
+
+In the case where an ID is used, the ID may be in its full or shortened form.
+
+**--since**=[]
+
+Show all events created since the given timestamp
+
+
+**--until**=[]
+
+Show all events created until the given timestamp
+
+The *since* and *until* values can be RFC3339Nano time stamps or a Go duration string such as 10m, 5h. If no
+*since* or *until* values are provided, only new events will be shown.
+
+## EXAMPLES
+
+Showing podman events
+```
+$ podman events
+2019-03-02 10:33:42.312377447 -0600 CST container create 34503c192940 (image=docker.io/library/alpine:latest, name=friendly_allen)
+2019-03-02 10:33:46.958768077 -0600 CST container init 34503c192940 (image=docker.io/library/alpine:latest, name=friendly_allen)
+2019-03-02 10:33:46.973661968 -0600 CST container start 34503c192940 (image=docker.io/library/alpine:latest, name=friendly_allen)
+2019-03-02 10:33:50.833761479 -0600 CST container stop 34503c192940 (image=docker.io/library/alpine:latest, name=friendly_allen)
+2019-03-02 10:33:51.047104966 -0600 CST container cleanup 34503c192940 (image=docker.io/library/alpine:latest, name=friendly_allen)
+```
+
+Show only podman create events
+```
+$ podman events --filter event=create
+2019-03-02 10:36:01.375685062 -0600 CST container create 20dc581f6fbf (image=docker.io/library/alpine:latest, name=sharp_morse)
+2019-03-02 10:36:08.561188337 -0600 CST container create 58e7e002344c (image=k8s.gcr.io/pause:3.1, name=3e701f270d54-infra)
+2019-03-02 10:36:13.146899437 -0600 CST volume create cad6dc50e087 (image=, name=cad6dc50e0879568e7d656bd004bd343d6035e7fc4024e1711506fe2fd459e6f)
+2019-03-02 10:36:29.978806894 -0600 CST container create d81e30f1310f (image=docker.io/library/busybox:latest, name=musing_newton)
+```
+
+Show only podman pod create events
+```
+$ podman events --filter event=create --filter type=pod
+2019-03-02 10:44:29.601746633 -0600 CST pod create 1df5ebca7b44 (image=, name=confident_hawking)
+2019-03-02 10:44:42.374637304 -0600 CST pod create ca731231718e (image=, name=webapp)
+2019-03-02 10:44:47.486759133 -0600 CST pod create 71e807fc3a8e (image=, name=reverent_swanson)
+```
+
+Show only podman events created in the last five minutes:
+```
+$ sudo podman events --since 5m
+2019-03-02 10:44:29.598835409 -0600 CST container create b629d10d3831 (image=k8s.gcr.io/pause:3.1, name=1df5ebca7b44-infra)
+2019-03-02 10:44:29.601746633 -0600 CST pod create 1df5ebca7b44 (image=, name=confident_hawking)
+2019-03-02 10:44:42.371100253 -0600 CST container create 170a0f457d00 (image=k8s.gcr.io/pause:3.1, name=ca731231718e-infra)
+2019-03-02 10:44:42.374637304 -0600 CST pod create ca731231718e (image=, name=webapp)
+```
+
+## SEE ALSO
+podman(1)
+
+## HISTORY
+March 2019, Originally compiled by Brent Baude <bbaude@redhat.com>
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index bbf10a2ce..b5fa0ed4c 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -170,8 +170,7 @@ Detached mode: run the container in the background and print the new container I
At any time you can run **podman ps** in
the other shell to view a list of the running containers. You can reattach to a
-detached container with **podman attach**. If you choose to run a container in
-the detached mode, then you cannot use the **-rm** option.
+detached container with **podman attach**.
When attached in the tty mode, you can detach from the container (and leave it
running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`.
diff --git a/docs/podman.1.md b/docs/podman.1.md
index 5c930995c..0182690d0 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -72,6 +72,9 @@ Default state dir is configured in /etc/containers/storage.conf.
Name of the OCI runtime as specified in libpod.conf or absolute path to the OCI compatible binary used to run containers.
+**--network-cmd-path**=**path**
+Path to the command binary to use for setting up a network. It is currently only used for setting up a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable.
+
**--storage-driver**=**value**
Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for non-root users when *fuse-overlayfs* is not available. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all.
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 4a76e1434..3698a15ec 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -10,6 +10,7 @@ import (
"time"
"github.com/containers/libpod/libpod/driver"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/lookup"
"github.com/containers/storage/pkg/stringid"
@@ -88,6 +89,7 @@ func (c *Container) Start(ctx context.Context, recursive bool) (err error) {
}
// Start the container
+ defer c.newContainerEvent(events.Start)
return c.start()
}
@@ -125,7 +127,8 @@ func (c *Container) StartAndAttach(ctx context.Context, streams *AttachStreams,
}
close(attachChan)
}()
-
+ c.newContainerEvent(events.Start)
+ c.newContainerEvent(events.Attach)
return attachChan, nil
}
@@ -180,7 +183,7 @@ func (c *Container) StopWithTimeout(timeout uint) error {
c.state.State == ContainerStateExited {
return ErrCtrStopped
}
-
+ defer c.newContainerEvent(events.Stop)
return c.stop(timeout)
}
@@ -198,7 +201,7 @@ func (c *Container) Kill(signal uint) error {
if c.state.State != ContainerStateRunning {
return errors.Wrapf(ErrCtrStateInvalid, "can only kill running containers")
}
-
+ defer c.newContainerEvent(events.Kill)
return c.runtime.ociRuntime.killContainer(c, signal)
}
@@ -321,7 +324,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
// TODO handle this better
return errors.Wrapf(err, "error saving exec sessions %s for container %s", sessionID, c.ID())
}
-
+ c.newContainerEvent(events.Exec)
logrus.Debugf("Successfully started exec session %s in container %s", sessionID, c.ID())
// Unlock so other processes can use the container
@@ -351,7 +354,6 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
if err := c.save(); err != nil {
logrus.Errorf("Error removing exec session %s from container %s state: %v", sessionID, c.ID(), err)
}
-
return waitErr
}
@@ -390,7 +392,7 @@ func (c *Container) Attach(streams *AttachStreams, keys string, resize <-chan re
c.state.State != ContainerStateExited {
return errors.Wrapf(ErrCtrStateInvalid, "can only attach to created or running containers")
}
-
+ defer c.newContainerEvent(events.Attach)
return c.attach(streams, keys, resize, false)
}
@@ -405,7 +407,7 @@ func (c *Container) Mount() (string, error) {
return "", err
}
}
-
+ defer c.newContainerEvent(events.Mount)
return c.mount()
}
@@ -435,6 +437,7 @@ func (c *Container) Unmount(force bool) error {
return errors.Wrapf(ErrInternal, "can't unmount %s last mount, it is still in use", c.ID())
}
}
+ defer c.newContainerEvent(events.Unmount)
return c.unmount(force)
}
@@ -455,7 +458,7 @@ func (c *Container) Pause() error {
if c.state.State != ContainerStateRunning {
return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, can't pause", c.state.State)
}
-
+ defer c.newContainerEvent(events.Pause)
return c.pause()
}
@@ -473,7 +476,7 @@ func (c *Container) Unpause() error {
if c.state.State != ContainerStatePaused {
return errors.Wrapf(ErrCtrStateInvalid, "%q is not paused, can't unpause", c.ID())
}
-
+ defer c.newContainerEvent(events.Unpause)
return c.unpause()
}
@@ -488,7 +491,7 @@ func (c *Container) Export(path string) error {
return err
}
}
-
+ defer c.newContainerEvent(events.Export)
return c.export(path)
}
@@ -542,7 +545,6 @@ func (c *Container) Inspect(size bool) (*inspect.ContainerInspectData, error) {
if err != nil {
return nil, errors.Wrapf(err, "error getting graph driver info %q", c.ID())
}
-
return c.getContainerInspectData(size, driverData)
}
@@ -574,6 +576,7 @@ func (c *Container) WaitWithInterval(waitTimeout time.Duration) (int32, error) {
return 0, err
}
exitCode := c.state.ExitCode
+ c.newContainerEvent(events.Wait)
return exitCode, nil
}
@@ -597,7 +600,7 @@ func (c *Container) Cleanup(ctx context.Context) error {
if len(c.state.ExecSessions) != 0 {
return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID())
}
-
+ defer c.newContainerEvent(events.Cleanup)
return c.cleanup(ctx)
}
@@ -667,7 +670,7 @@ func (c *Container) Sync() error {
}
}
}
-
+ defer c.newContainerEvent(events.Sync)
return nil
}
@@ -772,7 +775,6 @@ func (c *Container) Refresh(ctx context.Context) error {
return err
}
}
-
return nil
}
@@ -800,7 +802,7 @@ func (c *Container) Checkpoint(ctx context.Context, options ContainerCheckpointO
return err
}
}
-
+ defer c.newContainerEvent(events.Checkpoint)
return c.checkpoint(ctx, options)
}
@@ -815,6 +817,6 @@ func (c *Container) Restore(ctx context.Context, options ContainerCheckpointOpti
return err
}
}
-
+ defer c.newContainerEvent(events.Restore)
return c.restore(ctx, options)
}
diff --git a/libpod/container_commit.go b/libpod/container_commit.go
index 5c4fd1a31..0604a550b 100644
--- a/libpod/container_commit.go
+++ b/libpod/container_commit.go
@@ -8,6 +8,7 @@ import (
"github.com/containers/buildah"
"github.com/containers/buildah/util"
is "github.com/containers/image/storage"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/libpod/image"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -177,5 +178,6 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai
if err != nil {
return nil, err
}
+ defer c.newContainerEvent(events.Commit)
return c.runtime.imageRuntime.NewFromLocal(id)
}
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index d86062e38..330745314 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -12,6 +12,7 @@ import (
"strings"
"time"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/pkg/ctime"
"github.com/containers/libpod/pkg/hooks"
"github.com/containers/libpod/pkg/hooks/exec"
@@ -824,7 +825,7 @@ func (c *Container) init(ctx context.Context) error {
if err := c.save(); err != nil {
return err
}
-
+ defer c.newContainerEvent(events.Init)
return c.completeNetworkSetup()
}
@@ -1022,7 +1023,6 @@ func (c *Container) restartWithTimeout(ctx context.Context, timeout uint) (err e
return err
}
}
-
return c.start()
}
@@ -1086,7 +1086,7 @@ func (c *Container) cleanupStorage() error {
// error
// We still want to be able to kick the container out of the
// state
- if err == storage.ErrNotAContainer || err == storage.ErrContainerUnknown {
+ if errors.Cause(err) == storage.ErrNotAContainer || errors.Cause(err) == storage.ErrContainerUnknown {
logrus.Errorf("Storage for container %s has been removed", c.ID())
return nil
}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 8ba5272b7..a7b4aed9f 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -26,6 +26,7 @@ import (
"github.com/containers/libpod/pkg/resolvconf"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage/pkg/idtools"
+ "github.com/cyphar/filepath-securejoin"
"github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
@@ -366,6 +367,18 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// For private volumes any root propagation value should work.
rootPropagation := ""
for _, m := range mounts {
+ // We need to remove all symlinks from tmpfs mounts.
+ // Runc and other runtimes may choke on them.
+ // Easy solution: use securejoin to do a scoped evaluation of
+ // the links, then trim off the mount prefix.
+ if m.Type == "tmpfs" {
+ finalPath, err := securejoin.SecureJoin(c.state.Mountpoint, m.Destination)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error resolving symlinks for mount destination %s", m.Destination)
+ }
+ trimmedPath := strings.TrimPrefix(finalPath, strings.TrimSuffix(c.state.Mountpoint, "/"))
+ m.Destination = trimmedPath
+ }
g.AddMount(m)
for _, opt := range m.Options {
switch opt {
diff --git a/libpod/events.go b/libpod/events.go
new file mode 100644
index 000000000..9806c117b
--- /dev/null
+++ b/libpod/events.go
@@ -0,0 +1,81 @@
+package libpod
+
+import (
+ "github.com/containers/libpod/libpod/events"
+ "github.com/hpcloud/tail"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+)
+
+// newContainerEvent creates a new event based on a container
+func (c *Container) newContainerEvent(status events.Status) {
+ e := events.NewEvent(status)
+ e.ID = c.ID()
+ e.Name = c.Name()
+ e.Image = c.config.RootfsImageName
+ e.Type = events.Container
+ if err := e.Write(c.runtime.config.EventsLogFilePath); err != nil {
+ logrus.Errorf("unable to write event to %s", c.runtime.config.EventsLogFilePath)
+ }
+}
+
+// newPodEvent creates a new event for a libpod pod
+func (p *Pod) newPodEvent(status events.Status) {
+ e := events.NewEvent(status)
+ e.ID = p.ID()
+ e.Name = p.Name()
+ e.Type = events.Pod
+ if err := e.Write(p.runtime.config.EventsLogFilePath); err != nil {
+ logrus.Errorf("unable to write event to %s", p.runtime.config.EventsLogFilePath)
+ }
+}
+
+// newVolumeEvent creates a new event for a libpod volume
+func (v *Volume) newVolumeEvent(status events.Status) {
+ e := events.NewEvent(status)
+ e.Name = v.Name()
+ e.Type = events.Volume
+ if err := e.Write(v.runtime.config.EventsLogFilePath); err != nil {
+ logrus.Errorf("unable to write event to %s", v.runtime.config.EventsLogFilePath)
+ }
+}
+
+// Events is a wrapper function for everyone to begin tailing the events log
+// with options
+func (r *Runtime) Events(fromStart, stream bool, options []events.EventFilter, eventChannel chan *events.Event) error {
+ t, err := r.getTail(fromStart, stream)
+ if err != nil {
+ return err
+ }
+ for line := range t.Lines {
+ event, err := events.NewEventFromString(line.Text)
+ if err != nil {
+ return err
+ }
+ switch event.Type {
+ case events.Image, events.Volume, events.Pod, events.Container:
+ // no-op
+ default:
+ return errors.Errorf("event type %s is not valid in %s", event.Type.String(), r.GetConfig().EventsLogFilePath)
+ }
+ include := true
+ for _, filter := range options {
+ include = include && filter(event)
+ }
+ if include {
+ eventChannel <- event
+ }
+ }
+ close(eventChannel)
+ return nil
+}
+
+func (r *Runtime) getTail(fromStart, stream bool) (*tail.Tail, error) {
+ reopen := true
+ seek := tail.SeekInfo{Offset: 0, Whence: 2}
+ if fromStart || !stream {
+ seek.Whence = 0
+ reopen = false
+ }
+ return tail.TailFile(r.config.EventsLogFilePath, tail.Config{ReOpen: reopen, Follow: stream, Location: &seek})
+}
diff --git a/libpod/events/events.go b/libpod/events/events.go
new file mode 100644
index 000000000..186790500
--- /dev/null
+++ b/libpod/events/events.go
@@ -0,0 +1,264 @@
+package events
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "time"
+
+ "github.com/pkg/errors"
+)
+
+// Event describes the attributes of a libpod event
+type Event struct {
+ // ContainerExitCode is for storing the exit code of a container which can
+ // be used for "internal" event notification
+ ContainerExitCode int
+ // ID can be for the container, image, volume, etc
+ ID string
+ // Image used where applicable
+ Image string
+ // Name where applicable
+ Name string
+ // Status describes the event that occurred
+ Status Status
+ // Time the event occurred
+ Time time.Time
+ // Type of event that occurred
+ Type Type
+}
+
+// Type of event that occurred (container, volume, image, pod, etc)
+type Type string
+
+// Status describes the actual event action (stop, start, create, kill)
+type Status string
+
+const (
+ // If you add or subtract any values to the following lists, make sure you also update
+ // the switch statements below and the enums for EventType or EventStatus in the
+ // varlink description file.
+
+ // Container - event is related to containers
+ Container Type = "container"
+ // Image - event is related to images
+ Image Type = "image"
+ // Pod - event is related to pods
+ Pod Type = "pod"
+ // Volume - event is related to volumes
+ Volume Type = "volume"
+
+ // Attach ...
+ Attach Status = "attach"
+ // Checkpoint ...
+ Checkpoint Status = "checkpoint"
+ // Cleanup ...
+ Cleanup Status = "cleanup"
+ // Commit ...
+ Commit Status = "commit"
+ // Create ...
+ Create Status = "create"
+ // Exec ...
+ Exec Status = "exec"
+ // Export ...
+ Export Status = "export"
+ // History ...
+ History Status = "history"
+ // Import ...
+ Import Status = "import"
+ // Init ...
+ Init Status = "init"
+ // Kill ...
+ Kill Status = "kill"
+ // LoadFromArchive ...
+ LoadFromArchive Status = "status"
+ // Mount ...
+ Mount Status = "mount"
+ // Pause ...
+ Pause Status = "pause"
+ // Prune ...
+ Prune Status = "prune"
+ // Pull ...
+ Pull Status = "pull"
+ // Push ...
+ Push Status = "push"
+ // Remove ...
+ Remove Status = "remove"
+ // Restore ...
+ Restore Status = "restore"
+ // Save ...
+ Save Status = "save"
+ // Start ...
+ Start Status = "start"
+ // Stop ...
+ Stop Status = "stop"
+ // Sync ...
+ Sync Status = "sync"
+ // Tag ...
+ Tag Status = "tag"
+ // Unmount ...
+ Unmount Status = "unmount"
+ // Unpause ...
+ Unpause Status = "unpause"
+ // Untag ...
+ Untag Status = "untag"
+ // Wait ...
+ Wait Status = "wait"
+)
+
+// EventFilter for filtering events
+type EventFilter func(*Event) bool
+
+// NewEvent creates a event struct and populates with
+// the given status and time.
+func NewEvent(status Status) Event {
+ return Event{
+ Status: status,
+ Time: time.Now(),
+ }
+}
+
+// Write will record the event to the given path
+func (e *Event) Write(path string) error {
+ f, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0700)
+ if err != nil {
+ return err
+ }
+ defer f.Close()
+ eventJSONString, err := e.ToJSONString()
+ if err != nil {
+ return err
+ }
+ if _, err := f.WriteString(fmt.Sprintf("%s\n", eventJSONString)); err != nil {
+ return err
+ }
+ return nil
+}
+
+// Recycle checks if the event log has reach a limit and if so
+// renames the current log and starts a new one. The remove bool
+// indicates the old log file should be deleted.
+func (e *Event) Recycle(path string, remove bool) error {
+ return errors.New("not implemented")
+}
+
+// ToJSONString returns the event as a json'ified string
+func (e *Event) ToJSONString() (string, error) {
+ b, err := json.Marshal(e)
+ return string(b), err
+}
+
+// ToHumanReadable returns human readable event as a formatted string
+func (e *Event) ToHumanReadable() string {
+ var humanFormat string
+ switch e.Type {
+ case Container, Pod:
+ humanFormat = fmt.Sprintf("%s %s %s %s (image=%s, name=%s)", e.Time, e.Type, e.Status, e.ID, e.Image, e.Name)
+ case Image:
+ humanFormat = fmt.Sprintf("%s %s %s %s %s", e.Time, e.Type, e.Status, e.ID, e.Name)
+ case Volume:
+ humanFormat = fmt.Sprintf("%s %s %s %s", e.Time, e.Type, e.Status, e.Name)
+ }
+ return humanFormat
+}
+
+// NewEventFromString takes stringified json and converts
+// it to an event
+func NewEventFromString(event string) (*Event, error) {
+ e := Event{}
+ if err := json.Unmarshal([]byte(event), &e); err != nil {
+ return nil, err
+ }
+ return &e, nil
+
+}
+
+// ToString converts a Type to a string
+func (t Type) String() string {
+ return string(t)
+}
+
+// ToString converts a status to a string
+func (s Status) String() string {
+ return string(s)
+}
+
+// StringToType converts string to an EventType
+func StringToType(name string) (Type, error) {
+ switch name {
+ case Container.String():
+ return Container, nil
+ case Image.String():
+ return Image, nil
+ case Pod.String():
+ return Pod, nil
+ case Volume.String():
+ return Volume, nil
+ }
+ return "", errors.Errorf("unknown event type %s", name)
+}
+
+// StringToStatus converts a string to an Event Status
+// TODO if we add more events, we might consider a go-generator to
+// create the switch statement
+func StringToStatus(name string) (Status, error) {
+ switch name {
+ case Attach.String():
+ return Attach, nil
+ case Checkpoint.String():
+ return Checkpoint, nil
+ case Restore.String():
+ return Restore, nil
+ case Cleanup.String():
+ return Cleanup, nil
+ case Commit.String():
+ return Commit, nil
+ case Create.String():
+ return Create, nil
+ case Exec.String():
+ return Exec, nil
+ case Export.String():
+ return Export, nil
+ case History.String():
+ return History, nil
+ case Import.String():
+ return Import, nil
+ case Init.String():
+ return Init, nil
+ case Kill.String():
+ return Kill, nil
+ case LoadFromArchive.String():
+ return LoadFromArchive, nil
+ case Mount.String():
+ return Mount, nil
+ case Pause.String():
+ return Pause, nil
+ case Prune.String():
+ return Prune, nil
+ case Pull.String():
+ return Pull, nil
+ case Push.String():
+ return Push, nil
+ case Remove.String():
+ return Remove, nil
+ case Save.String():
+ return Save, nil
+ case Start.String():
+ return Start, nil
+ case Stop.String():
+ return Stop, nil
+ case Sync.String():
+ return Sync, nil
+ case Tag.String():
+ return Tag, nil
+ case Unmount.String():
+ return Unmount, nil
+ case Unpause.String():
+ return Unpause, nil
+ case Untag.String():
+ return Untag, nil
+ case Wait.String():
+ return Wait, nil
+ }
+ return "", errors.Errorf("unknown event status %s", name)
+}
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 8c98de3d3..72f07dad1 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -24,12 +24,13 @@ import (
"github.com/containers/image/types"
"github.com/containers/libpod/libpod/common"
"github.com/containers/libpod/libpod/driver"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/registries"
"github.com/containers/libpod/pkg/util"
"github.com/containers/storage"
"github.com/containers/storage/pkg/reexec"
- digest "github.com/opencontainers/go-digest"
+ "github.com/opencontainers/go-digest"
imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
ociv1 "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/opentracing/opentracing-go"
@@ -64,6 +65,7 @@ type Image struct {
type Runtime struct {
store storage.Store
SignaturePolicyPath string
+ EventsLogFilePath string
}
// ErrRepoTagNotFound is the error returned when the image id given doesn't match a rep tag in store
@@ -195,7 +197,7 @@ func (ir *Runtime) LoadFromArchiveReference(ctx context.Context, srcRef types.Im
newImage.image = img
newImages = append(newImages, &newImage)
}
-
+ ir.newImageEvent(events.LoadFromArchive, "")
return newImages, nil
}
@@ -371,6 +373,7 @@ func (i *Image) Remove(force bool) error {
}
parent = nextParent
}
+ defer i.newImageEvent(events.Remove)
return nil
}
@@ -494,6 +497,7 @@ func (i *Image) TagImage(tag string) error {
return err
}
i.reloadImage()
+ defer i.newImageEvent(events.Tag)
return nil
}
@@ -514,6 +518,7 @@ func (i *Image) UntagImage(tag string) error {
return err
}
i.reloadImage()
+ defer i.newImageEvent(events.Untag)
return nil
}
@@ -562,6 +567,7 @@ func (i *Image) PushImageToReference(ctx context.Context, dest types.ImageRefere
if err != nil {
return errors.Wrapf(err, "Error copying image to the remote destination")
}
+ defer i.newImageEvent(events.Push)
return nil
}
@@ -711,7 +717,6 @@ func (i *Image) History(ctx context.Context) ([]*History, error) {
Comment: oci.History[i].Comment,
})
}
-
return allHistory, nil
}
@@ -927,7 +932,11 @@ func (ir *Runtime) Import(ctx context.Context, path, reference string, writer io
if err != nil {
return nil, err
}
- return ir.NewFromLocal(reference)
+ newImage, err := ir.NewFromLocal(reference)
+ if err == nil {
+ defer newImage.newImageEvent(events.Import)
+ }
+ return newImage, err
}
// MatchRepoTag takes a string and tries to match it against an
@@ -1148,7 +1157,7 @@ func (i *Image) Save(ctx context.Context, source, format, output string, moreTag
}
return errors.Wrapf(err, "unable to save %q", source)
}
-
+ defer i.newImageEvent(events.Save)
return nil
}
@@ -1180,3 +1189,26 @@ func (i *Image) GetHealthCheck(ctx context.Context) (*manifest.Schema2HealthConf
}
return configBlob.ContainerConfig.Healthcheck, nil
}
+
+// newImageEvent creates a new event based on an image
+func (ir *Runtime) newImageEvent(status events.Status, name string) {
+ e := events.NewEvent(status)
+ e.Type = events.Image
+ e.Name = name
+ if err := e.Write(ir.EventsLogFilePath); err != nil {
+ logrus.Infof("unable to write event to %s", ir.EventsLogFilePath)
+ }
+}
+
+// newImageEvent creates a new event based on an image
+func (i *Image) newImageEvent(status events.Status) {
+ e := events.NewEvent(status)
+ e.ID = i.ID()
+ e.Type = events.Image
+ if len(i.Names()) > 0 {
+ e.Name = i.Names()[0]
+ }
+ if err := e.Write(i.imageruntime.EventsLogFilePath); err != nil {
+ logrus.Infof("unable to write event to %s", i.imageruntime.EventsLogFilePath)
+ }
+}
diff --git a/libpod/image/prune.go b/libpod/image/prune.go
index 8602c222c..5bd3c2c99 100644
--- a/libpod/image/prune.go
+++ b/libpod/image/prune.go
@@ -1,6 +1,9 @@
package image
-import "github.com/pkg/errors"
+import (
+ "github.com/containers/libpod/libpod/events"
+ "github.com/pkg/errors"
+)
// GetPruneImages returns a slice of images that have no names/unused
func (ir *Runtime) GetPruneImages(all bool) ([]*Image, error) {
@@ -41,6 +44,7 @@ func (ir *Runtime) PruneImages(all bool) ([]string, error) {
if err := p.Remove(true); err != nil {
return nil, errors.Wrap(err, "failed to prune image")
}
+ defer p.newImageEvent(events.Prune)
prunedCids = append(prunedCids, p.ID())
}
return prunedCids, nil
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index 6b9f7fc67..a3b716e65 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -17,6 +17,7 @@ import (
"github.com/containers/image/transports"
"github.com/containers/image/transports/alltransports"
"github.com/containers/image/types"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/pkg/registries"
multierror "github.com/hashicorp/go-multierror"
opentracing "github.com/opentracing/opentracing-go"
@@ -267,12 +268,13 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
_, err = cp.Image(ctx, policyContext, imageInfo.dstRef, imageInfo.srcRef, copyOptions)
if err != nil {
pullErrors = multierror.Append(pullErrors, err)
- logrus.Debugf("Error pulling image ref %s: %v", imageInfo.srcRef.StringWithinTransport(), err)
+ logrus.Errorf("Error pulling image ref %s: %v", imageInfo.srcRef.StringWithinTransport(), err)
if writer != nil {
io.WriteString(writer, "Failed\n")
}
} else {
if !goal.pullAllPairs {
+ ir.newImageEvent(events.Pull, "")
return []string{imageInfo.image}, nil
}
images = append(images, imageInfo.image)
@@ -293,6 +295,9 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
}
return nil, pullErrors
}
+ if len(images) > 0 {
+ defer ir.newImageEvent(events.Pull, images[0])
+ }
return images, nil
}
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index f9caf26d1..80d7d8213 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -139,10 +139,15 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
defer ctr.rootlessSlirpSyncR.Close()
defer ctr.rootlessSlirpSyncW.Close()
- path, err := exec.LookPath("slirp4netns")
- if err != nil {
- logrus.Errorf("could not find slirp4netns, the network namespace won't be configured: %v", err)
- return nil
+ path := r.config.NetworkCmdPath
+
+ if path == "" {
+ var err error
+ path, err = exec.LookPath("slirp4netns")
+ if err != nil {
+ logrus.Errorf("could not find slirp4netns, the network namespace won't be configured: %v", err)
+ return nil
+ }
}
syncR, syncW, err := os.Pipe()
diff --git a/libpod/options.go b/libpod/options.go
index 5ad2824d9..1bf3ff9e6 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -193,6 +193,20 @@ func WithConmonEnv(environment []string) RuntimeOption {
}
}
+// WithNetworkCmdPath specifies the path to the slirp4netns binary which manages the
+// runtime.
+func WithNetworkCmdPath(path string) RuntimeOption {
+ return func(rt *Runtime) error {
+ if rt.valid {
+ return ErrRuntimeFinalized
+ }
+
+ rt.config.NetworkCmdPath = path
+
+ return nil
+ }
+}
+
// WithCgroupManager specifies the manager implementation name which is used to
// handle cgroups for containers.
// Current valid values are "cgroupfs" and "systemd".
@@ -272,7 +286,6 @@ func WithTmpDir(dir string) RuntimeOption {
if rt.valid {
return ErrRuntimeFinalized
}
-
rt.config.TmpDir = dir
rt.configuredFrom.libpodTmpDirSet = true
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index cbac2420f..b9a11000e 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -3,6 +3,7 @@ package libpod
import (
"context"
+ "github.com/containers/libpod/libpod/events"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/ulule/deepcopier"
@@ -58,7 +59,7 @@ func (p *Pod) Start(ctx context.Context) (map[string]error, error) {
if len(ctrErrors) > 0 {
return ctrErrors, errors.Wrapf(ErrCtrExists, "error starting some containers")
}
-
+ defer p.newPodEvent(events.Start)
return nil, nil
}
@@ -138,7 +139,7 @@ func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (m
if len(ctrErrors) > 0 {
return ctrErrors, errors.Wrapf(ErrCtrExists, "error stopping some containers")
}
-
+ defer p.newPodEvent(events.Stop)
return nil, nil
}
@@ -197,7 +198,7 @@ func (p *Pod) Pause() (map[string]error, error) {
if len(ctrErrors) > 0 {
return ctrErrors, errors.Wrapf(ErrCtrExists, "error pausing some containers")
}
-
+ defer p.newPodEvent(events.Pause)
return nil, nil
}
@@ -257,6 +258,7 @@ func (p *Pod) Unpause() (map[string]error, error) {
return ctrErrors, errors.Wrapf(ErrCtrExists, "error unpausing some containers")
}
+ defer p.newPodEvent(events.Unpause)
return nil, nil
}
@@ -309,7 +311,8 @@ func (p *Pod) Restart(ctx context.Context) (map[string]error, error) {
if len(ctrErrors) > 0 {
return ctrErrors, errors.Wrapf(ErrCtrExists, "error stopping some containers")
}
-
+ p.newPodEvent(events.Stop)
+ p.newPodEvent(events.Start)
return nil, nil
}
@@ -367,7 +370,7 @@ func (p *Pod) Kill(signal uint) (map[string]error, error) {
if len(ctrErrors) > 0 {
return ctrErrors, errors.Wrapf(ErrCtrExists, "error killing some containers")
}
-
+ defer p.newPodEvent(events.Kill)
return nil, nil
}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 9667abfe6..fa208a2ca 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -217,10 +217,15 @@ type RuntimeConfig struct {
EnablePortReservation bool `toml:"enable_port_reservation"`
// EnableLabeling indicates wether libpod will support container labeling
EnableLabeling bool `toml:"label"`
+ // NetworkCmdPath is the path to the slirp4netns binary
+ NetworkCmdPath string `toml:"network_cmd_path"`
// NumLocks is the number of locks to make available for containers and
// pods.
NumLocks uint32 `toml:"num_locks,omitempty"`
+
+ // EventsLogFilePath is where the events log is stored.
+ EventsLogFilePath string `toml:-"events_logfile_path"`
}
// runtimeConfiguredFrom is a struct used during early runtime init to help
@@ -457,7 +462,6 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
}
}
}
-
return runtime, nil
}
@@ -533,6 +537,7 @@ func NewRuntimeFromConfig(configPath string, options ...RuntimeOption) (runtime
// Make a new runtime based on the given configuration
// Sets up containers/storage, state store, OCI runtime
func makeRuntime(runtime *Runtime) (err error) {
+ runtime.config.EventsLogFilePath = filepath.Join(runtime.config.TmpDir, "events", "events.log")
// Backward compatibility for `runtime_path`
if runtime.config.RuntimePath != nil {
@@ -734,6 +739,9 @@ func makeRuntime(runtime *Runtime) (err error) {
// Setting signaturepolicypath
ir.SignaturePolicyPath = runtime.config.SignaturePolicyPath
+ // Set logfile path for events
+ ir.EventsLogFilePath = runtime.config.EventsLogFilePath
+
defer func() {
if err != nil && store != nil {
// Don't forcibly shut down
@@ -766,6 +774,14 @@ func makeRuntime(runtime *Runtime) (err error) {
}
}
+ // Create events log dir
+ if err := os.MkdirAll(filepath.Dir(runtime.config.EventsLogFilePath), 0700); err != nil {
+ // The directory is allowed to exist
+ if !os.IsExist(err) {
+ return errors.Wrapf(err, "error creating events dirs %s", filepath.Dir(runtime.config.EventsLogFilePath))
+ }
+ }
+
// Make an OCI runtime to perform container operations
ociRuntime, err := newOCIRuntime(runtime.ociRuntimePath,
runtime.conmonPath, runtime.config.ConmonEnvVars,
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index cfa4f9654..c6f119913 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -10,6 +10,7 @@ import (
"strings"
"time"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
@@ -228,6 +229,7 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
return nil, err
}
}
+ ctr.newContainerEvent(events.Create)
return ctr, nil
}
@@ -239,7 +241,6 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
func (r *Runtime) RemoveContainer(ctx context.Context, c *Container, force bool, removeVolume bool) error {
r.lock.Lock()
defer r.lock.Unlock()
-
return r.removeContainer(ctx, c, force, removeVolume)
}
@@ -430,6 +431,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
}
}
+ c.newContainerEvent(events.Remove)
return cleanupErr
}
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index 451c2ebe7..02f925fc6 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/libpod/pkg/util"
"github.com/containers/storage"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
"github.com/containers/image/directory"
dockerarchive "github.com/containers/image/docker/archive"
@@ -183,6 +184,15 @@ func (r *Runtime) Import(ctx context.Context, source string, reference string, c
defer os.Remove(file)
source = file
}
+ // if it's stdin, buffer it, too
+ if source == "-" {
+ file, err := downloadFromFile(os.Stdin)
+ if err != nil {
+ return "", err
+ }
+ defer os.Remove(file)
+ source = file
+ }
newImage, err := r.imageRuntime.Import(ctx, source, reference, writer, image.SigningOptions{}, config)
if err != nil {
@@ -216,6 +226,25 @@ func downloadFromURL(source string) (string, error) {
return outFile.Name(), nil
}
+// donwloadFromFile reads all of the content from the reader and temporarily
+// saves in it /var/tmp/importxyz, which is deleted after the image is imported
+func downloadFromFile(reader *os.File) (string, error) {
+ outFile, err := ioutil.TempFile("/var/tmp", "import")
+ if err != nil {
+ return "", errors.Wrap(err, "error creating file")
+ }
+ defer outFile.Close()
+
+ logrus.Debugf("saving %s to %s", reader.Name(), outFile.Name())
+
+ _, err = io.Copy(outFile, reader)
+ if err != nil {
+ return "", errors.Wrapf(err, "error saving %s to %s", reader.Name(), outFile.Name())
+ }
+
+ return outFile.Name(), nil
+}
+
// LoadImage loads a container image into local storage
func (r *Runtime) LoadImage(ctx context.Context, name, inputFile string, writer io.Writer, signaturePolicy string) (string, error) {
var newImages []*image.Image
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 9063390bd..0011c771a 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -10,6 +10,7 @@ import (
"strings"
"github.com/containerd/cgroups"
+ "github.com/containers/libpod/libpod/events"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -121,7 +122,7 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod,
return nil, err
}
}
-
+ pod.newPodEvent(events.Create)
return pod, nil
}
@@ -307,6 +308,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
// Mark pod invalid
p.valid = false
-
+ p.newPodEvent(events.Remove)
return nil
}
diff --git a/libpod/runtime_volume.go b/libpod/runtime_volume.go
index 11f37ad4b..68c6c107e 100644
--- a/libpod/runtime_volume.go
+++ b/libpod/runtime_volume.go
@@ -2,9 +2,11 @@ package libpod
import (
"context"
+ "strings"
+
+ "github.com/containers/libpod/libpod/events"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- "strings"
)
// Contains the public Runtime API for volumes
@@ -34,7 +36,6 @@ func (r *Runtime) RemoveVolume(ctx context.Context, v *Volume, force bool) error
return nil
}
}
-
return r.removeVolume(ctx, v, force)
}
@@ -171,6 +172,7 @@ func (r *Runtime) PruneVolumes(ctx context.Context) ([]string, []error) {
}
continue
}
+ vol.newVolumeEvent(events.Prune)
prunedIDs = append(prunedIDs, vol.Name())
}
return prunedIDs, pruneErrors
diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go
index 838c0167a..b51bb8213 100644
--- a/libpod/runtime_volume_linux.go
+++ b/libpod/runtime_volume_linux.go
@@ -8,6 +8,7 @@ import (
"path/filepath"
"strings"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/storage/pkg/stringid"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
@@ -73,7 +74,7 @@ func (r *Runtime) newVolume(ctx context.Context, options ...VolumeCreateOption)
if err := r.state.AddVolume(volume); err != nil {
return nil, errors.Wrapf(err, "error adding volume to state")
}
-
+ defer volume.newVolumeEvent(events.Create)
return volume, nil
}
@@ -118,7 +119,7 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool) error
return errors.Wrapf(err, "error cleaning up volume storage for %q", v.Name())
}
+ defer v.newVolumeEvent(events.Remove)
logrus.Debugf("Removed volume %s", v.Name())
-
return nil
}
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go
index 732b89530..a0951f677 100644
--- a/pkg/adapter/runtime.go
+++ b/pkg/adapter/runtime.go
@@ -3,11 +3,13 @@
package adapter
import (
+ "bufio"
"context"
"io"
"io/ioutil"
"os"
"strconv"
+ "text/template"
"github.com/containers/buildah"
"github.com/containers/buildah/imagebuildah"
@@ -16,7 +18,9 @@ import (
"github.com/containers/image/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
@@ -337,3 +341,92 @@ func IsImageNotFound(err error) bool {
func (r *LocalRuntime) HealthCheck(c *cliconfig.HealthCheckValues) (libpod.HealthCheckStatus, error) {
return r.Runtime.HealthCheck(c.InputArgs[0])
}
+
+// JoinOrCreateRootlessPod joins the specified pod if it is running or it creates a new user namespace
+// if the pod is stopped
+func (r *LocalRuntime) JoinOrCreateRootlessPod(pod *Pod) (bool, int, error) {
+ if os.Geteuid() == 0 {
+ return false, 0, nil
+ }
+ opts := rootless.Opts{
+ Argument: pod.ID(),
+ }
+
+ inspect, err := pod.Inspect()
+ if err != nil {
+ return false, 0, err
+ }
+ for _, ctr := range inspect.Containers {
+ prevCtr, err := r.LookupContainer(ctr.ID)
+ if err != nil {
+ return false, -1, err
+ }
+ s, err := prevCtr.State()
+ if err != nil {
+ return false, -1, err
+ }
+ if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused {
+ continue
+ }
+ data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile)
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+ }
+ return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts)
+ }
+
+ return rootless.BecomeRootInUserNSWithOpts(&opts)
+}
+
+// Events is a wrapper to libpod to obtain libpod/podman events
+func (r *LocalRuntime) Events(c *cliconfig.EventValues) error {
+ var (
+ fromStart bool
+ eventsError error
+ )
+ options, err := shared.GenerateEventOptions(c.Filter, c.Since, c.Until)
+ if err != nil {
+ return errors.Wrapf(err, "unable to generate event options")
+ }
+ tmpl, err := template.New("events").Parse(c.Format)
+ if err != nil {
+ return err
+ }
+ if len(c.Since) > 0 || len(c.Until) > 0 {
+ fromStart = true
+ }
+ eventChannel := make(chan *events.Event)
+ go func() {
+ eventsError = r.Runtime.Events(fromStart, c.Stream, options, eventChannel)
+ }()
+
+ if eventsError != nil {
+ return eventsError
+ }
+ if err != nil {
+ return errors.Wrapf(err, "unable to tail the events log")
+ }
+ w := bufio.NewWriter(os.Stdout)
+ for event := range eventChannel {
+ if len(c.Format) > 0 {
+ if err := tmpl.Execute(w, event); err != nil {
+ return err
+ }
+ } else {
+ if _, err := w.Write([]byte(event.ToHumanReadable())); err != nil {
+ return err
+ }
+ }
+ if _, err := w.Write([]byte("\n")); err != nil {
+ return err
+ }
+ if err := w.Flush(); err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index 10c25c3f3..01f774dbd 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -10,6 +10,7 @@ import (
"io/ioutil"
"os"
"strings"
+ "text/template"
"time"
"github.com/containers/buildah/imagebuildah"
@@ -18,6 +19,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/varlink"
"github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/utils"
"github.com/containers/storage/pkg/archive"
@@ -751,3 +753,76 @@ func IsImageNotFound(err error) bool {
func (r *LocalRuntime) HealthCheck(c *cliconfig.HealthCheckValues) (libpod.HealthCheckStatus, error) {
return -1, libpod.ErrNotImplemented
}
+
+// JoinOrCreateRootlessPod joins the specified pod if it is running or it creates a new user namespace
+// if the pod is stopped
+func (r *LocalRuntime) JoinOrCreateRootlessPod(pod *Pod) (bool, int, error) {
+ // Nothing to do in the remote case
+ return true, 0, nil
+}
+
+// Events monitors libpod/podman events over a varlink connection
+func (r *LocalRuntime) Events(c *cliconfig.EventValues) error {
+ reply, err := iopodman.GetEvents().Send(r.Conn, uint64(varlink.More), c.Filter, c.Since, c.Stream, c.Until)
+ if err != nil {
+ return errors.Wrapf(err, "unable to obtain events")
+ }
+
+ w := bufio.NewWriter(os.Stdout)
+ tmpl, err := template.New("events").Parse(c.Format)
+ if err != nil {
+ return err
+ }
+
+ for {
+ returnedEvent, flags, err := reply()
+ if err != nil {
+ // When the error handling is back into podman, we can flip this to a better way to check
+ // for problems. For now, this works.
+ return err
+ }
+ if returnedEvent.Time == "" && returnedEvent.Status == "" && returnedEvent.Type == "" {
+ // We got a blank event return, signals end of stream in certain cases
+ break
+ }
+ eTime, err := time.Parse(time.RFC3339Nano, returnedEvent.Time)
+ if err != nil {
+ return errors.Wrapf(err, "unable to parse time of event %s", returnedEvent.Time)
+ }
+ eType, err := events.StringToType(returnedEvent.Type)
+ if err != nil {
+ return err
+ }
+ eStatus, err := events.StringToStatus(returnedEvent.Status)
+ if err != nil {
+ return err
+ }
+ event := events.Event{
+ ID: returnedEvent.Id,
+ Image: returnedEvent.Image,
+ Name: returnedEvent.Name,
+ Status: eStatus,
+ Time: eTime,
+ Type: eType,
+ }
+ if len(c.Format) > 0 {
+ if err := tmpl.Execute(w, event); err != nil {
+ return err
+ }
+ } else {
+ if _, err := w.Write([]byte(event.ToHumanReadable())); err != nil {
+ return err
+ }
+ }
+ if _, err := w.Write([]byte("\n")); err != nil {
+ return err
+ }
+ if err := w.Flush(); err != nil {
+ return err
+ }
+ if flags&varlink.Continues == 0 {
+ break
+ }
+ }
+ return nil
+}
diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go
new file mode 100644
index 000000000..a531e43ce
--- /dev/null
+++ b/pkg/rootless/rootless.go
@@ -0,0 +1,9 @@
+package rootless
+
+// Opts allows to customize how re-execing to a rootless process is done
+type Opts struct {
+ // Argument overrides the arguments on the command line
+ // for the re-execed process. The process in the namespace
+ // must use rootless.Argument() to read its value.
+ Argument string
+}
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 933cfa2c2..b2677f7d9 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -11,7 +11,6 @@ import (
"os/user"
"runtime"
"strconv"
- "strings"
"sync"
"syscall"
"unsafe"
@@ -61,6 +60,11 @@ func SkipStorageSetup() bool {
return skipStorageSetup
}
+// Argument returns the argument that was set for the rootless session.
+func Argument() string {
+ return os.Getenv("_LIBPOD_ROOTLESS_ARG")
+}
+
// GetRootlessUID returns the UID of the user in the parent userNS
func GetRootlessUID() int {
uidEnv := os.Getenv("_LIBPOD_ROOTLESS_UID")
@@ -135,8 +139,16 @@ func JoinNS(pid uint, preserveFDs int) (bool, int, error) {
// JoinDirectUserAndMountNS re-exec podman in a new userNS and join the user and mount
// namespace of the specified PID without looking up its parent. Useful to join directly
-// the conmon process.
+// the conmon process. It is a convenience function for JoinDirectUserAndMountNSWithOpts
+// with a default configuration.
func JoinDirectUserAndMountNS(pid uint) (bool, int, error) {
+ return JoinDirectUserAndMountNSWithOpts(pid, nil)
+}
+
+// JoinDirectUserAndMountNSWithOpts re-exec podman in a new userNS and join the user and
+// mount namespace of the specified PID without looking up its parent. Useful to join
+// directly the conmon process.
+func JoinDirectUserAndMountNSWithOpts(pid uint, opts *Opts) (bool, int, error) {
if os.Geteuid() == 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != "" {
return false, -1, nil
}
@@ -153,6 +165,12 @@ func JoinDirectUserAndMountNS(pid uint) (bool, int, error) {
}
defer userNS.Close()
+ if opts != nil && opts.Argument != "" {
+ if err := os.Setenv("_LIBPOD_ROOTLESS_ARG", opts.Argument); err != nil {
+ return false, -1, err
+ }
+ }
+
pidC := C.reexec_userns_join(C.int(userNS.Fd()), C.int(mountNS.Fd()))
if int(pidC) < 0 {
return false, -1, errors.Errorf("cannot re-exec process")
@@ -192,27 +210,19 @@ func JoinNSPath(path string) (bool, int, error) {
return true, int(ret), nil
}
-const defaultMinimumMappings = 65536
-
-func getMinimumIDs(p string) int {
- content, err := ioutil.ReadFile(p)
- if err != nil {
- logrus.Debugf("error reading data from %q, use a default value of %d", p, defaultMinimumMappings)
- return defaultMinimumMappings
- }
- ret, err := strconv.Atoi(strings.TrimSuffix(string(content), "\n"))
- if err != nil {
- logrus.Debugf("error reading data from %q, use a default value of %d", p, defaultMinimumMappings)
- return defaultMinimumMappings
- }
- return ret + 1
-}
-
// BecomeRootInUserNS re-exec podman in a new userNS. It returns whether podman was re-executed
// into a new user namespace and the return code from the re-executed podman process.
// If podman was re-executed the caller needs to propagate the error code returned by the child
-// process.
+// process. It is a convenience function for BecomeRootInUserNSWithOpts with a default configuration.
func BecomeRootInUserNS() (bool, int, error) {
+ return BecomeRootInUserNSWithOpts(nil)
+}
+
+// BecomeRootInUserNSWithOpts re-exec podman in a new userNS. It returns whether podman was
+// re-execute into a new user namespace and the return code from the re-executed podman process.
+// If podman was re-executed the caller needs to propagate the error code returned by the child
+// process.
+func BecomeRootInUserNSWithOpts(opts *Opts) (bool, int, error) {
if os.Geteuid() == 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != "" {
if os.Getenv("_LIBPOD_USERNS_CONFIGURED") == "init" {
return false, 0, runInUser()
@@ -231,53 +241,30 @@ func BecomeRootInUserNS() (bool, int, error) {
defer w.Close()
defer w.Write([]byte("0"))
+ if opts != nil && opts.Argument != "" {
+ if err := os.Setenv("_LIBPOD_ROOTLESS_ARG", opts.Argument); err != nil {
+ return false, -1, err
+ }
+ }
+
pidC := C.reexec_in_user_namespace(C.int(r.Fd()))
pid := int(pidC)
if pid < 0 {
return false, -1, errors.Errorf("cannot re-exec process")
}
- allowSingleIDMapping := os.Getenv("PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS") != ""
-
var uids, gids []idtools.IDMap
username := os.Getenv("USER")
if username == "" {
user, err := user.LookupId(fmt.Sprintf("%d", os.Getuid()))
- if err != nil && !allowSingleIDMapping {
- if os.IsNotExist(err) {
- return false, 0, errors.Wrapf(err, "/etc/subuid or /etc/subgid does not exist, see subuid/subgid man pages for information on these files")
- }
- return false, 0, errors.Wrapf(err, "could not find user by UID nor USER env was set")
- }
if err == nil {
username = user.Username
}
}
mappings, err := idtools.NewIDMappings(username, username)
- if !allowSingleIDMapping {
- if err != nil {
- return false, -1, err
- }
-
- availableGIDs, availableUIDs := 0, 0
- for _, i := range mappings.UIDs() {
- availableUIDs += i.Size
- }
-
- minUIDs := getMinimumIDs("/proc/sys/kernel/overflowuid")
- if availableUIDs < minUIDs {
- return false, 0, fmt.Errorf("not enough UIDs available for the user, at least %d are needed", minUIDs)
- }
-
- for _, i := range mappings.GIDs() {
- availableGIDs += i.Size
- }
- minGIDs := getMinimumIDs("/proc/sys/kernel/overflowgid")
- if availableGIDs < minGIDs {
- return false, 0, fmt.Errorf("not enough GIDs available for the user, at least %d are needed", minGIDs)
- }
- }
- if err == nil {
+ if err != nil {
+ logrus.Warnf("cannot find mappings for user %s: %v", username, err)
+ } else {
uids = mappings.UIDs()
gids = mappings.GIDs()
}
@@ -285,12 +272,10 @@ func BecomeRootInUserNS() (bool, int, error) {
uidsMapped := false
if mappings != nil && uids != nil {
err := tryMappingTool("newuidmap", pid, os.Getuid(), uids)
- if !allowSingleIDMapping && err != nil {
- return false, 0, err
- }
uidsMapped = err == nil
}
if !uidsMapped {
+ logrus.Warnf("using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding subids")
setgroups := fmt.Sprintf("/proc/%d/setgroups", pid)
err = ioutil.WriteFile(setgroups, []byte("deny\n"), 0666)
if err != nil {
@@ -307,9 +292,6 @@ func BecomeRootInUserNS() (bool, int, error) {
gidsMapped := false
if mappings != nil && gids != nil {
err := tryMappingTool("newgidmap", pid, os.Getgid(), gids)
- if !allowSingleIDMapping && err != nil {
- return false, 0, err
- }
gidsMapped = err == nil
}
if !gidsMapped {
diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go
index 1823c023e..54e70961b 100644
--- a/pkg/rootless/rootless_unsupported.go
+++ b/pkg/rootless/rootless_unsupported.go
@@ -11,10 +11,18 @@ func IsRootless() bool {
return false
}
+// BecomeRootInUserNS re-exec podman in a new userNS. It returns whether podman was re-executed
+// into a new user namespace and the return code from the re-executed podman process.
+// If podman was re-executed the caller needs to propagate the error code returned by the child
+// process. It is a convenience function for BecomeRootInUserNSWithOpts with a default configuration.
+func BecomeRootInUserNS() (bool, int, error) {
+ return false, -1, errors.New("this function is not supported on this os")
+}
+
// BecomeRootInUserNS is a stub function that always returns false and an
// error on unsupported OS's
-func BecomeRootInUserNS() (bool, int, error) {
- return false, -1, errors.New("this function is not supported on this os1")
+func BecomeRootInUserNSWithOpts(opts *Opts) (bool, int, error) {
+ return false, -1, errors.New("this function is not supported on this os")
}
// GetRootlessUID returns the UID of the user in the parent userNS
@@ -34,18 +42,31 @@ func SkipStorageSetup() bool {
// JoinNS re-exec podman in a new userNS and join the user namespace of the specified
// PID.
func JoinNS(pid uint) (bool, int, error) {
- return false, -1, errors.New("this function is not supported on this os2")
+ return false, -1, errors.New("this function is not supported on this os")
}
// JoinNSPath re-exec podman in a new userNS and join the owner user namespace of the
// specified path.
func JoinNSPath(path string) (bool, int, error) {
- return false, -1, errors.New("this function is not supported on this os3")
+ return false, -1, errors.New("this function is not supported on this os")
+}
+
+// JoinDirectUserAndMountNSWithOpts re-exec podman in a new userNS and join the user and
+// mount namespace of the specified PID without looking up its parent. Useful to join
+// directly the conmon process.
+func JoinDirectUserAndMountNSWithOpts(pid uint, opts *Opts) (bool, int, error) {
+ return false, -1, errors.New("this function is not supported on this os")
}
// JoinDirectUserAndMountNS re-exec podman in a new userNS and join the user and mount
// namespace of the specified PID without looking up its parent. Useful to join directly
-// the conmon process.
+// the conmon process. It is a convenience function for JoinDirectUserAndMountNSWithOpts
+// with a default configuration.
func JoinDirectUserAndMountNS(pid uint) (bool, int, error) {
- return false, -1, errors.New("this function is not supported on this os4")
+ return false, -1, errors.New("this function is not supported on this os")
+}
+
+// Argument returns the argument that was set for the rootless session.
+func Argument() string {
+ return ""
}
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 28a636fa6..32d47732b 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -454,10 +454,6 @@ func findMount(target string, mounts []*pmount.Info) (*pmount.Info, error) {
}
func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
- if config.PidMode.IsHost() && rootless.IsRootless() {
- return
- }
-
if !config.Privileged {
for _, mp := range []string{
"/proc/acpi",
@@ -469,10 +465,15 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware",
+ "/sys/fs/selinux",
} {
g.AddLinuxMaskedPaths(mp)
}
+ if config.PidMode.IsHost() && rootless.IsRootless() {
+ return
+ }
+
for _, rp := range []string{
"/proc/asound",
"/proc/bus",
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index a4576191b..d7e1ddd38 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -7,6 +7,7 @@ import (
"path/filepath"
"strings"
"syscall"
+ "time"
"github.com/BurntSushi/toml"
"github.com/containers/image/types"
@@ -347,3 +348,25 @@ func StorageConfigFile() string {
}
return storage.DefaultConfigFile
}
+
+// ParseInputTime takes the users input and to determine if it is valid and
+// returns a time format and error. The input is compared to known time formats
+// or a duration which implies no-duration
+func ParseInputTime(inputTime string) (time.Time, error) {
+ timeFormats := []string{time.RFC3339Nano, time.RFC3339, "2006-01-02T15:04:05", "2006-01-02T15:04:05.999999999",
+ "2006-01-02Z07:00", "2006-01-02"}
+ // iterate the supported time formats
+ for _, tf := range timeFormats {
+ t, err := time.Parse(tf, inputTime)
+ if err == nil {
+ return t, nil
+ }
+ }
+
+ // input might be a duration
+ duration, err := time.ParseDuration(inputTime)
+ if err != nil {
+ return time.Time{}, errors.Errorf("unable to interpret time value")
+ }
+ return time.Now().Add(-duration), nil
+}
diff --git a/pkg/varlinkapi/events.go b/pkg/varlinkapi/events.go
new file mode 100644
index 000000000..d3fe3d65f
--- /dev/null
+++ b/pkg/varlinkapi/events.go
@@ -0,0 +1,56 @@
+package varlinkapi
+
+import (
+ "fmt"
+ "time"
+
+ "github.com/containers/libpod/cmd/podman/shared"
+ "github.com/containers/libpod/cmd/podman/varlink"
+ "github.com/containers/libpod/libpod/events"
+)
+
+// GetEvents is a remote endpoint to get events from the event log
+func (i *LibpodAPI) GetEvents(call iopodman.VarlinkCall, filter []string, since string, stream bool, until string) error {
+ var (
+ fromStart bool
+ eventsError error
+ event *events.Event
+ )
+ if call.WantsMore() {
+ call.Continues = true
+ }
+ filters, err := shared.GenerateEventOptions(filter, since, until)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ if len(since) > 0 || len(until) > 0 {
+ fromStart = true
+ }
+ eventChannel := make(chan *events.Event)
+ go func() {
+ eventsError = i.Runtime.Events(fromStart, stream, filters, eventChannel)
+ }()
+ if eventsError != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ for {
+ event = <-eventChannel
+ if event == nil {
+ call.Continues = false
+ break
+ }
+ call.ReplyGetEvents(iopodman.Event{
+ Id: event.ID,
+ Image: event.Image,
+ Name: event.Name,
+ Status: fmt.Sprintf("%s", event.Status),
+ Time: event.Time.Format(time.RFC3339Nano),
+ Type: fmt.Sprintf("%s", event.Type),
+ })
+ if !call.Continues {
+ // For a one-shot on events, we break out here
+ break
+ }
+ }
+ return call.ReplyGetEvents(iopodman.Event{})
+}
diff --git a/pkg/varlinkapi/system.go b/pkg/varlinkapi/system.go
index 3f32615ec..816143e9f 100644
--- a/pkg/varlinkapi/system.go
+++ b/pkg/varlinkapi/system.go
@@ -52,6 +52,7 @@ func (i *LibpodAPI) GetInfo(call iopodman.VarlinkCall) error {
Mem_free: host["MemFree"].(int64),
Mem_total: host["MemTotal"].(int64),
Swap_free: host["SwapFree"].(int64),
+ Swap_total: host["SwapTotal"].(int64),
Arch: host["arch"].(string),
Cpus: int64(host["cpus"].(int)),
Hostname: host["hostname"].(string),
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index ecd6d812f..afd6d3cf3 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -45,6 +45,7 @@ type PodmanTestIntegration struct {
CgroupManager string
Host HostOS
Timings []string
+ TmpDir string
}
var LockTmpDir string
@@ -245,6 +246,7 @@ func PodmanTestCreateUtil(tempDir string, remote bool) *PodmanTestIntegration {
},
ConmonBinary: conmonBinary,
CrioRoot: filepath.Join(tempDir, "crio"),
+ TmpDir: tempDir,
CNIConfigDir: CNIConfigDir,
OCIRuntime: ociRuntime,
RunRoot: filepath.Join(tempDir, "crio-run"),
diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go
new file mode 100644
index 000000000..321d93757
--- /dev/null
+++ b/test/e2e/events_test.go
@@ -0,0 +1,116 @@
+package integration
+
+import (
+ "fmt"
+ "os"
+ "strings"
+
+ . "github.com/containers/libpod/test/utils"
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+)
+
+var _ = Describe("Podman events", func() {
+ var (
+ tempdir string
+ err error
+ podmanTest *PodmanTestIntegration
+ )
+
+ BeforeEach(func() {
+ tempdir, err = CreateTempDirInTempDir()
+ if err != nil {
+ os.Exit(1)
+ }
+ podmanTest = PodmanTestCreate(tempdir)
+ podmanTest.RestoreAllArtifacts()
+ })
+
+ AfterEach(func() {
+ podmanTest.Cleanup()
+ f := CurrentGinkgoTestDescription()
+ timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds())
+ GinkgoWriter.Write([]byte(timedResult))
+
+ })
+
+ // For most, all, of these tests we do not "live" test following a log because it may make a fragile test
+ // system more complex. Instead we run the "events" and then verify that the events are processed correctly.
+ // Perhaps a future version of this test would put events in a go func and send output back over a channel
+ // while events occur.
+ It("podman events", func() {
+ _, ec, _ := podmanTest.RunLsContainer("")
+ Expect(ec).To(Equal(0))
+ result := podmanTest.Podman([]string{"events", "--stream=false"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(BeZero())
+ })
+
+ It("podman events with an event filter", func() {
+ SkipIfRemote()
+ _, ec, _ := podmanTest.RunLsContainer("")
+ Expect(ec).To(Equal(0))
+ result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "event=start"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(Equal(0))
+ Expect(len(result.OutputToStringArray())).To(Equal(1))
+ })
+
+ It("podman events with an event filter and container=cid", func() {
+ SkipIfRemote()
+ _, ec, cid := podmanTest.RunLsContainer("")
+ Expect(ec).To(Equal(0))
+ _, ec2, cid2 := podmanTest.RunLsContainer("")
+ Expect(ec2).To(Equal(0))
+ result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "event=start", "--filter", fmt.Sprintf("container=%s", cid)})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(Equal(0))
+ Expect(len(result.OutputToStringArray())).To(Equal(1))
+ Expect(!strings.Contains(result.OutputToString(), cid2))
+ })
+
+ It("podman events with a type", func() {
+ SkipIfRemote()
+ _, ec, _ := podmanTest.RunLsContainer("")
+ Expect(ec).To(Equal(0))
+ result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "type=pod"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(Equal(0))
+ Expect(len(result.OutputToStringArray())).To(Equal(0))
+ })
+
+ It("podman events with a type", func() {
+ SkipIfRemote()
+ setup := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:foobar", ALPINE, "top"})
+ setup.WaitWithDefaultTimeout()
+ stop := podmanTest.Podman([]string{"pod", "stop", "foobar"})
+ stop.WaitWithDefaultTimeout()
+ Expect(stop.ExitCode()).To(Equal(0))
+ Expect(setup.ExitCode()).To(Equal(0))
+ result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "type=pod"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(Equal(0))
+ fmt.Println(result.OutputToStringArray())
+ Expect(len(result.OutputToStringArray())).To(Equal(2))
+ })
+
+ It("podman events --since", func() {
+ _, ec, _ := podmanTest.RunLsContainer("")
+ Expect(ec).To(Equal(0))
+ result := podmanTest.Podman([]string{"events", "--stream=false", "--since", "1m"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(BeZero())
+ })
+
+ It("podman events --until", func() {
+ _, ec, _ := podmanTest.RunLsContainer("")
+ Expect(ec).To(Equal(0))
+ test := podmanTest.Podman([]string{"events", "--help"})
+ test.WaitWithDefaultTimeout()
+ fmt.Println(test.OutputToStringArray())
+ result := podmanTest.Podman([]string{"events", "--stream=false", "--since", "1h"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(BeZero())
+ })
+
+})
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go
index 33e05b872..1a3f37e23 100644
--- a/test/e2e/libpod_suite_test.go
+++ b/test/e2e/libpod_suite_test.go
@@ -206,8 +206,8 @@ func PodmanTestCreate(tempDir string) *PodmanTestIntegration {
//MakeOptions assembles all the podman main options
func (p *PodmanTestIntegration) makeOptions(args []string) []string {
- podmanOptions := strings.Split(fmt.Sprintf("--root %s --runroot %s --runtime %s --conmon %s --cni-config-dir %s --cgroup-manager %s",
- p.CrioRoot, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.CNIConfigDir, p.CgroupManager), " ")
+ podmanOptions := strings.Split(fmt.Sprintf("--root %s --runroot %s --runtime %s --conmon %s --cni-config-dir %s --cgroup-manager %s --tmpdir %s",
+ p.CrioRoot, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.CNIConfigDir, p.CgroupManager, p.TmpDir), " ")
if os.Getenv("HOOK_OPTION") != "" {
podmanOptions = append(podmanOptions, os.Getenv("HOOK_OPTION"))
}
diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go
index 908c459da..cd771e2ba 100644
--- a/test/e2e/rootless_test.go
+++ b/test/e2e/rootless_test.go
@@ -126,7 +126,6 @@ var _ = Describe("Podman rootless", func() {
env := os.Environ()
env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", xdgRuntimeDir))
env = append(env, fmt.Sprintf("HOME=%s", home))
- env = append(env, "PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS=1")
env = append(env, "USER=foo")
cmd := rootlessTest.PodmanAsUser([]string{"pod", "create", "--infra=false"}, 1000, 1000, "", env)
@@ -171,7 +170,6 @@ var _ = Describe("Podman rootless", func() {
env := os.Environ()
env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", xdgRuntimeDir))
env = append(env, fmt.Sprintf("HOME=%s", home))
- env = append(env, "PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS=1")
env = append(env, "USER=foo")
allArgs := append([]string{"run"}, args...)
diff --git a/transfer.md b/transfer.md
index eec63d146..998a0a9e7 100644
--- a/transfer.md
+++ b/transfer.md
@@ -44,6 +44,7 @@ There are other equivalents for these tools
| `docker container`|[`podman container`](./docs/podman-container.1.md) |
| `docker create` | [`podman create`](./docs/podman-create.1.md) |
| `docker diff` | [`podman diff`](./docs/podman-diff.1.md) |
+| `docker events` | [`podman events`](./docs/podman-events.1.md) |
| `docker export` | [`podman export`](./docs/podman-export.1.md) |
| `docker history` | [`podman history`](./docs/podman-history.1.md) |
| `docker image` | [`podman image`](./docs/podman-image.1.md) |
@@ -89,7 +90,6 @@ Those Docker commands currently do not have equivalents in `podman`:
| Missing command | Description|
| :--- | :--- |
-| `docker events` ||
| `docker network` ||
| `docker node` ||
| `docker plugin` | podman does not support plugins. We recommend you use alternative OCI Runtimes or OCI Runtime Hooks to alter behavior of podman.|
diff --git a/troubleshooting.md b/troubleshooting.md
index 33434cdbb..74b2e76df 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -293,3 +293,21 @@ tells SELinux to apply the labels to the actual content.
Now all new content created in these directories will automatically be created
with the correct label.
+
+### 12) Running Podman inside a container causes container crashes and inconsistent states
+
+Running Podman in a container and forwarding some, but not all, of the required host directories can cause inconsistent container behavior.
+
+#### Symptom
+
+After creating a container with Podman's storage directories mounted in from the host and running Podman inside a container, all containers show their state as "configured" or "created", even if they were running or stopped.
+
+#### Solution
+
+When running Podman inside a container, it is recommended to mount at a minimum `/var/lib/containers/storage/` as a volume.
+Typically, you will not mount in the host version of the directory, but if you wish to share containers with the host, you can do so.
+If you do mount in the host's `/var/lib/containers/storage`, however, you must also mount in the host's `/var/run/libpod` and `/var/run/containers/storage` directories.
+Not doing this will cause Podman in the container to detect that temporary files have been cleared, leading it to assume a system restart has taken place.
+This can cause Podman to reset container states and lose track of running containers.
+
+For running containers on the host from inside a container, we also recommend the [Podman remote client](remote_client.md), which only requires a single socket to be mounted into the container.
diff --git a/vendor.conf b/vendor.conf
index e7aec5e35..08590bfe9 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -20,7 +20,7 @@ github.com/vbauerster/mpb v3.3.4
github.com/mattn/go-isatty v0.0.4
github.com/VividCortex/ewma v1.1.1
github.com/containers/storage v1.10
-github.com/containers/psgo v1.1
+github.com/containers/psgo v1.2
github.com/coreos/go-systemd v14
github.com/cri-o/ocicni 2d2983e40c242322a56c22a903785e7f83eb378c
github.com/cyphar/filepath-securejoin v0.2.1
@@ -93,7 +93,7 @@ k8s.io/apimachinery kubernetes-1.10.13-beta.0 https://github.com/kubernetes/apim
k8s.io/client-go kubernetes-1.10.13-beta.0 https://github.com/kubernetes/client-go
github.com/mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7
github.com/varlink/go 3ac79db6fd6aec70924193b090962f92985fe199
-github.com/containers/buildah 11dd2197dfffedb40687de1d667e6c9fb0708de9
+github.com/containers/buildah 345ffc2b29b4255a83cfa763db88799d8ec9c569 https://github.com/QiWang19/buildah
# TODO: Gotty has not been updated since 2012. Can we find replacement?
github.com/Nvveen/Gotty cd527374f1e5bff4938207604a14f2e38a9cf512
# do not go beyond the below commit as the next one requires a more recent
diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go
index d69eab52f..4f0ffac1c 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/build.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/build.go
@@ -293,7 +293,7 @@ func (b *Executor) Preserve(path string) error {
// Try and resolve the symlink (if one exists)
// Set archivedPath and path based on whether a symlink is found or not
- if symLink, err := ResolveSymLink(b.mountPoint, path); err == nil {
+ if symLink, err := resolveSymlink(b.mountPoint, path); err == nil {
archivedPath = filepath.Join(b.mountPoint, symLink)
path = symLink
} else {
diff --git a/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go b/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go
index 6feedf6a5..86bf7653b 100644
--- a/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go
@@ -24,9 +24,7 @@ func init() {
reexec.Register(symlinkModifiedTime, resolveSymlinkTimeModified)
}
-// main() for grandparent subprocess. Its main job is to shuttle stdio back
-// and forth, managing a pseudo-terminal if we want one, for our child, the
-// parent subprocess.
+// main() for resolveSymlink()'s subprocess.
func resolveChrootedSymlinks() {
status := 0
flag.Parse()
@@ -57,9 +55,9 @@ func resolveChrootedSymlinks() {
os.Exit(status)
}
-// ResolveSymLink (in the grandparent process) resolves any symlink in filename
+// resolveSymlink uses a child subprocess to resolve any symlinks in filename
// in the context of rootdir.
-func ResolveSymLink(rootdir, filename string) (string, error) {
+func resolveSymlink(rootdir, filename string) (string, error) {
// The child process expects a chroot and one path that
// will be consulted relative to the chroot directory and evaluated
// for any symbolic links present.
@@ -253,7 +251,7 @@ func hasSymlink(path string) (bool, string, error) {
}
// if the symlink points to a relative path, prepend the path till now to the resolved path
if !filepath.IsAbs(targetDir) {
- targetDir = filepath.Join(path, targetDir)
+ targetDir = filepath.Join(filepath.Dir(path), targetDir)
}
// run filepath.Clean to remove the ".." from relative paths
return true, filepath.Clean(targetDir), nil
diff --git a/cmd/podman/formats/formats.go b/vendor/github.com/containers/buildah/pkg/formats/formats.go
index 37f9b8a20..37f9b8a20 100644
--- a/cmd/podman/formats/formats.go
+++ b/vendor/github.com/containers/buildah/pkg/formats/formats.go
diff --git a/cmd/podman/formats/templates.go b/vendor/github.com/containers/buildah/pkg/formats/templates.go
index c2582552a..c2582552a 100644
--- a/cmd/podman/formats/templates.go
+++ b/vendor/github.com/containers/buildah/pkg/formats/templates.go
diff --git a/vendor/github.com/containers/buildah/run.go b/vendor/github.com/containers/buildah/run.go
index 4d6d28380..f56ce30b1 100644
--- a/vendor/github.com/containers/buildah/run.go
+++ b/vendor/github.com/containers/buildah/run.go
@@ -1,7 +1,6 @@
package buildah
import (
- "bufio"
"bytes"
"encoding/json"
"fmt"
@@ -272,36 +271,6 @@ func addRlimits(ulimit []string, g *generate.Generator) error {
return nil
}
-func addHosts(hosts []string, w io.Writer) error {
- buf := bufio.NewWriter(w)
- for _, host := range hosts {
- values := strings.SplitN(host, ":", 2)
- if len(values) != 2 {
- return errors.Errorf("unable to parse host entry %q: incorrect format", host)
- }
- if values[0] == "" {
- return errors.Errorf("hostname in host entry %q is empty", host)
- }
- if values[1] == "" {
- return errors.Errorf("IP address in host entry %q is empty", host)
- }
- fmt.Fprintf(buf, "%s\t%s\n", values[1], values[0])
- }
- return buf.Flush()
-}
-
-func addHostsToFile(hosts []string, filename string) error {
- if len(hosts) == 0 {
- return nil
- }
- file, err := os.OpenFile(filename, os.O_APPEND|os.O_WRONLY, os.ModeAppend)
- if err != nil {
- return errors.Wrapf(err, "error creating hosts file %q", filename)
- }
- defer file.Close()
- return addHosts(hosts, file)
-}
-
func addCommonOptsToSpec(commonOpts *CommonBuildOptions, g *generate.Generator) error {
// Resources - CPU
if commonOpts.CPUPeriod != 0 {
@@ -638,6 +607,59 @@ func (b *Builder) addNetworkConfig(rdir, hostPath string, chownOpts *idtools.IDP
return cfile, nil
}
+// generateHosts creates a containers hosts file
+func (b *Builder) generateHosts(rdir, hostname string, addHosts []string, chownOpts *idtools.IDPair) (string, error) {
+ hostPath := "/etc/hosts"
+ stat, err := os.Stat(hostPath)
+ if err != nil {
+ return "", errors.Wrapf(err, "error statting %q for container %q", hostPath, b.ContainerID)
+ }
+
+ hosts := bytes.NewBufferString("# Generated by Buildah\n")
+ orig, err := ioutil.ReadFile(hostPath)
+ if err != nil {
+ return "", errors.Wrapf(err, "unable to read %s", hostPath)
+ }
+ hosts.Write(orig)
+ for _, host := range addHosts {
+ // verify the host format
+ values := strings.SplitN(host, ":", 2)
+ if len(values) != 2 {
+ return "", errors.Errorf("unable to parse host entry %q: incorrect format", host)
+ }
+ if values[0] == "" {
+ return "", errors.Errorf("hostname in host entry %q is empty", host)
+ }
+ if values[1] == "" {
+ return "", errors.Errorf("IP address in host entry %q is empty", host)
+ }
+ hosts.Write([]byte(fmt.Sprintf("%s\t%s\n", values[1], values[0])))
+ }
+
+ if hostname != "" {
+ hosts.Write([]byte(fmt.Sprintf("127.0.0.1 %s\n", hostname)))
+ hosts.Write([]byte(fmt.Sprintf("::1 %s\n", hostname)))
+ }
+ cfile := filepath.Join(rdir, filepath.Base(hostPath))
+ if err = ioutils.AtomicWriteFile(cfile, hosts.Bytes(), stat.Mode().Perm()); err != nil {
+ return "", errors.Wrapf(err, "error writing /etc/hosts into the container")
+ }
+ uid := int(stat.Sys().(*syscall.Stat_t).Uid)
+ gid := int(stat.Sys().(*syscall.Stat_t).Gid)
+ if chownOpts != nil {
+ uid = chownOpts.UID
+ gid = chownOpts.GID
+ }
+ if err = os.Chown(cfile, uid, gid); err != nil {
+ return "", errors.Wrapf(err, "error chowning file %q for container %q", cfile, b.ContainerID)
+ }
+ if err := label.Relabel(cfile, b.MountLabel, false); err != nil {
+ return "", errors.Wrapf(err, "error relabeling %q in container %q", cfile, b.ContainerID)
+ }
+
+ return cfile, nil
+}
+
func setupMaskedPaths(g *generate.Generator) {
for _, mp := range []string{
"/proc/acpi",
@@ -1081,15 +1103,11 @@ func (b *Builder) Run(command []string, options RunOptions) error {
volumes := b.Volumes()
if !contains(volumes, "/etc/hosts") {
- hostFile, err := b.addNetworkConfig(path, "/etc/hosts", rootIDPair)
+ hostFile, err := b.generateHosts(path, spec.Hostname, b.CommonBuildOpts.AddHost, rootIDPair)
if err != nil {
return err
}
bindFiles["/etc/hosts"] = hostFile
-
- if err := addHostsToFile(b.CommonBuildOpts.AddHost, hostFile); err != nil {
- return err
- }
}
if !contains(volumes, "/etc/resolv.conf") {
diff --git a/vendor/github.com/containers/psgo/internal/dev/tty.go b/vendor/github.com/containers/psgo/internal/dev/tty.go
index cc7d0a422..b7d6f28ac 100644
--- a/vendor/github.com/containers/psgo/internal/dev/tty.go
+++ b/vendor/github.com/containers/psgo/internal/dev/tty.go
@@ -31,12 +31,9 @@ type TTY struct {
Path string
}
-// cache TTYs to avoid redundant lookups
-var devices *[]TTY
-
// FindTTY return the corresponding TTY to the ttyNr or nil of non could be
// found.
-func FindTTY(ttyNr uint64) (*TTY, error) {
+func FindTTY(ttyNr uint64, devices *[]TTY) (*TTY, error) {
// (man 5 proc) The minor device number is contained in the combination
// of bits 31 to 20 and 7 to 0; the major device number is in bits 15
// to 8.
@@ -44,7 +41,7 @@ func FindTTY(ttyNr uint64) (*TTY, error) {
min := (ttyNr & 0xFF) | ((ttyNr >> 20) & 0xFFF)
if devices == nil {
- devs, err := getTTYs()
+ devs, err := TTYs()
if err != nil {
return nil, err
}
@@ -70,8 +67,8 @@ func minDevNum(rdev uint64) uint64 {
return (rdev & 0xff) | ((rdev >> 12) & 0xfff00)
}
-// getTTYs parses /dev for tty and pts devices.
-func getTTYs() (*[]TTY, error) {
+// TTYs parses /dev for tty and pts devices.
+func TTYs() (*[]TTY, error) {
devDir, err := os.Open("/dev/")
if err != nil {
return nil, err
diff --git a/vendor/github.com/containers/psgo/internal/proc/status.go b/vendor/github.com/containers/psgo/internal/proc/status.go
index 68e2acff6..29d059361 100644
--- a/vendor/github.com/containers/psgo/internal/proc/status.go
+++ b/vendor/github.com/containers/psgo/internal/proc/status.go
@@ -21,7 +21,6 @@ import (
"os/exec"
"strings"
- "github.com/containers/psgo/internal/types"
"github.com/pkg/errors"
)
@@ -207,11 +206,11 @@ func readStatusDefault(pid string) ([]string, error) {
}
// ParseStatus parses the /proc/$pid/status file and returns a *Status.
-func ParseStatus(ctx *types.PsContext, pid string) (*Status, error) {
+func ParseStatus(pid string, joinUserNS bool) (*Status, error) {
var lines []string
var err error
- if ctx.JoinUserNS {
+ if joinUserNS {
lines, err = readStatusUserNS(pid)
} else {
lines, err = readStatusDefault(pid)
diff --git a/vendor/github.com/containers/psgo/internal/process/process.go b/vendor/github.com/containers/psgo/internal/process/process.go
index 0afbf721d..2aebfe9cc 100644
--- a/vendor/github.com/containers/psgo/internal/process/process.go
+++ b/vendor/github.com/containers/psgo/internal/process/process.go
@@ -21,7 +21,6 @@ import (
"github.com/containers/psgo/internal/host"
"github.com/containers/psgo/internal/proc"
- "github.com/containers/psgo/internal/types"
"github.com/opencontainers/runc/libcontainer/user"
"github.com/pkg/errors"
)
@@ -76,13 +75,13 @@ func LookupUID(uid string) (string, error) {
// New returns a new Process with the specified pid and parses the relevant
// data from /proc and /dev.
-func New(ctx *types.PsContext, pid string) (*Process, error) {
+func New(pid string, joinUserNS bool) (*Process, error) {
p := Process{Pid: pid}
if err := p.parseStat(); err != nil {
return nil, err
}
- if err := p.parseStatus(ctx); err != nil {
+ if err := p.parseStatus(joinUserNS); err != nil {
return nil, err
}
if err := p.parseCmdLine(); err != nil {
@@ -103,10 +102,10 @@ func New(ctx *types.PsContext, pid string) (*Process, error) {
}
// FromPIDs creates a new Process for each pid.
-func FromPIDs(ctx *types.PsContext, pids []string) ([]*Process, error) {
+func FromPIDs(pids []string, joinUserNS bool) ([]*Process, error) {
processes := []*Process{}
for _, pid := range pids {
- p, err := New(ctx, pid)
+ p, err := New(pid, joinUserNS)
if err != nil {
if os.IsNotExist(errors.Cause(err)) {
// proc parsing is racy
@@ -131,8 +130,8 @@ func (p *Process) parseStat() error {
}
// parseStatus parses /proc/$pid/status.
-func (p *Process) parseStatus(ctx *types.PsContext) error {
- s, err := proc.ParseStatus(ctx, p.Pid)
+func (p *Process) parseStatus(joinUserNS bool) error {
+ s, err := proc.ParseStatus(p.Pid, joinUserNS)
if err != nil {
return err
}
diff --git a/vendor/github.com/containers/psgo/internal/types/types.go b/vendor/github.com/containers/psgo/internal/types/types.go
deleted file mode 100644
index 1f6fe0eaa..000000000
--- a/vendor/github.com/containers/psgo/internal/types/types.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2018 psgo authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package types
-
-// PsContext controls some internals of the psgo library.
-type PsContext struct {
- // JoinUserNS will force /proc and /dev parsing from within each PIDs
- // user namespace.
- JoinUserNS bool
-}
diff --git a/vendor/github.com/containers/psgo/psgo.go b/vendor/github.com/containers/psgo/psgo.go
index 47a50264f..e0f102735 100644
--- a/vendor/github.com/containers/psgo/psgo.go
+++ b/vendor/github.com/containers/psgo/psgo.go
@@ -39,14 +39,22 @@ import (
"github.com/containers/psgo/internal/dev"
"github.com/containers/psgo/internal/proc"
"github.com/containers/psgo/internal/process"
- "github.com/containers/psgo/internal/types"
"github.com/pkg/errors"
"golang.org/x/sys/unix"
)
+type psContext struct {
+ // Processes in the container.
+ containersProcesses []*process.Process
+ // Processes on the host. Used to map those to the ones running in the container.
+ hostProcesses []*process.Process
+ // tty and pty devices.
+ ttys *[]dev.TTY
+}
+
// processFunc is used to map a given aixFormatDescriptor to a corresponding
// function extracting the desired data from a process.
-type processFunc func(*process.Process) (string, error)
+type processFunc func(*process.Process, *psContext) (string, error)
// aixFormatDescriptor as mentioned in the ps(1) manpage. A given descriptor
// can either be specified via its code (e.g., "%C") or its normal representation
@@ -99,13 +107,6 @@ var (
// ErrUnkownDescriptor is returned when an unknown descriptor is parsed.
ErrUnkownDescriptor = errors.New("unknown descriptor")
- // hostProcesses are the processes on the host. It should only be used
- // in the context of containers and is meant to display data of the
- // container processes from the host's (i.e., calling process) view.
- // Currently, all host processes contain only the required data from
- // /proc/$pid/status.
- hostProcesses []*process.Process
-
aixFormatDescriptors = []aixFormatDescriptor{
{
code: "%C",
@@ -282,11 +283,16 @@ func JoinNamespaceAndProcessInfo(pid string, descriptors []string) ([][]string,
return nil, err
}
+ ctx := new(psContext)
+
// extract data from host processes only on-demand / when at least one
// of the specified descriptors requires host data
for _, d := range aixDescriptors {
if d.onHost {
- setHostProcesses(pid)
+ ctx.hostProcesses, err = hostProcesses(pid)
+ if err != nil {
+ return nil, err
+ }
break
}
}
@@ -330,18 +336,17 @@ func JoinNamespaceAndProcessInfo(pid string, descriptors []string) ([][]string,
return
}
- ctx := types.PsContext{
- // join the user NS if the pid's user NS is different
- // to the caller's user NS.
- JoinUserNS: currentUserNs != pidUserNs,
- }
- processes, err := process.FromPIDs(&ctx, pids)
+ // join the user NS if the pid's user NS is different
+ // to the caller's user NS.
+ joinUserNS := currentUserNs != pidUserNs
+
+ ctx.containersProcesses, err = process.FromPIDs(pids, joinUserNS)
if err != nil {
dataErr = err
return
}
- data, dataErr = processDescriptors(aixDescriptors, processes)
+ data, dataErr = processDescriptors(aixDescriptors, ctx)
}()
wg.Wait()
@@ -417,43 +422,41 @@ func ProcessInfoByPids(pids []string, descriptors []string) ([][]string, error)
return nil, err
}
- ctx := types.PsContext{JoinUserNS: false}
- processes, err := process.FromPIDs(&ctx, pids)
+ ctx := new(psContext)
+ ctx.containersProcesses, err = process.FromPIDs(pids, false)
if err != nil {
return nil, err
}
- return processDescriptors(aixDescriptors, processes)
+ return processDescriptors(aixDescriptors, ctx)
}
-// setHostProcesses sets `hostProcesses`.
-func setHostProcesses(pid string) error {
+// hostProcesses returns all processes running in the current namespace.
+func hostProcesses(pid string) ([]*process.Process, error) {
// get processes
pids, err := proc.GetPIDsFromCgroup(pid)
if err != nil {
- return err
+ return nil, err
}
- ctx := types.PsContext{JoinUserNS: false}
- processes, err := process.FromPIDs(&ctx, pids)
+ processes, err := process.FromPIDs(pids, false)
if err != nil {
- return err
+ return nil, err
}
// set the additional host data
for _, p := range processes {
if err := p.SetHostData(); err != nil {
- return err
+ return nil, err
}
}
- hostProcesses = processes
- return nil
+ return processes, nil
}
// processDescriptors calls each `procFn` of all formatDescriptors on each
// process and returns an array of tab-separated strings.
-func processDescriptors(formatDescriptors []aixFormatDescriptor, processes []*process.Process) ([][]string, error) {
+func processDescriptors(formatDescriptors []aixFormatDescriptor, ctx *psContext) ([][]string, error) {
data := [][]string{}
// create header
header := []string{}
@@ -463,10 +466,10 @@ func processDescriptors(formatDescriptors []aixFormatDescriptor, processes []*pr
data = append(data, header)
// dispatch all descriptor functions on each process
- for _, proc := range processes {
+ for _, proc := range ctx.containersProcesses {
pData := []string{}
for _, desc := range formatDescriptors {
- dataStr, err := desc.procFn(proc)
+ dataStr, err := desc.procFn(proc, ctx)
if err != nil {
return nil, err
}
@@ -480,8 +483,8 @@ func processDescriptors(formatDescriptors []aixFormatDescriptor, processes []*pr
// findHostProcess returns the corresponding process from `hostProcesses` or
// nil if non is found.
-func findHostProcess(p *process.Process) *process.Process {
- for _, hp := range hostProcesses {
+func findHostProcess(p *process.Process, ctx *psContext) *process.Process {
+ for _, hp := range ctx.hostProcesses {
// We expect the host process to be in another namespace, so
// /proc/$pid/status.NSpid must have at least two entries.
if len(hp.Status.NSpid) < 2 {
@@ -499,78 +502,78 @@ func findHostProcess(p *process.Process) *process.Process {
// processGROUP returns the effective group ID of the process. This will be
// the textual group ID, if it can be optained, or a decimal representation
// otherwise.
-func processGROUP(p *process.Process) (string, error) {
+func processGROUP(p *process.Process, ctx *psContext) (string, error) {
return process.LookupGID(p.Status.Gids[1])
}
// processRGROUP returns the real group ID of the process. This will be
// the textual group ID, if it can be optained, or a decimal representation
// otherwise.
-func processRGROUP(p *process.Process) (string, error) {
+func processRGROUP(p *process.Process, ctx *psContext) (string, error) {
return process.LookupGID(p.Status.Gids[0])
}
// processPPID returns the parent process ID of process p.
-func processPPID(p *process.Process) (string, error) {
+func processPPID(p *process.Process, ctx *psContext) (string, error) {
return p.Status.PPid, nil
}
// processUSER returns the effective user name of the process. This will be
// the textual user ID, if it can be optained, or a decimal representation
// otherwise.
-func processUSER(p *process.Process) (string, error) {
+func processUSER(p *process.Process, ctx *psContext) (string, error) {
return process.LookupUID(p.Status.Uids[1])
}
// processRUSER returns the effective user name of the process. This will be
// the textual user ID, if it can be optained, or a decimal representation
// otherwise.
-func processRUSER(p *process.Process) (string, error) {
+func processRUSER(p *process.Process, ctx *psContext) (string, error) {
return process.LookupUID(p.Status.Uids[0])
}
// processName returns the name of process p in the format "[$name]".
-func processName(p *process.Process) (string, error) {
+func processName(p *process.Process, ctx *psContext) (string, error) {
return fmt.Sprintf("[%s]", p.Status.Name), nil
}
// processARGS returns the command of p with all its arguments.
-func processARGS(p *process.Process) (string, error) {
+func processARGS(p *process.Process, ctx *psContext) (string, error) {
// ps (1) returns "[$name]" if command/args are empty
if p.CmdLine[0] == "" {
- return processName(p)
+ return processName(p, ctx)
}
return strings.Join(p.CmdLine, " "), nil
}
// processCOMM returns the command name (i.e., executable name) of process p.
-func processCOMM(p *process.Process) (string, error) {
+func processCOMM(p *process.Process, ctx *psContext) (string, error) {
// ps (1) returns "[$name]" if command/args are empty
if p.CmdLine[0] == "" {
- return processName(p)
+ return processName(p, ctx)
}
spl := strings.Split(p.CmdLine[0], "/")
return spl[len(spl)-1], nil
}
// processNICE returns the nice value of process p.
-func processNICE(p *process.Process) (string, error) {
+func processNICE(p *process.Process, ctx *psContext) (string, error) {
return p.Stat.Nice, nil
}
// processPID returns the process ID of process p.
-func processPID(p *process.Process) (string, error) {
+func processPID(p *process.Process, ctx *psContext) (string, error) {
return p.Pid, nil
}
// processPGID returns the process group ID of process p.
-func processPGID(p *process.Process) (string, error) {
+func processPGID(p *process.Process, ctx *psContext) (string, error) {
return p.Stat.Pgrp, nil
}
// processPCPU returns how many percent of the CPU time process p uses as
// a three digit float as string.
-func processPCPU(p *process.Process) (string, error) {
+func processPCPU(p *process.Process, ctx *psContext) (string, error) {
elapsed, err := p.ElapsedTime()
if err != nil {
return "", err
@@ -585,7 +588,7 @@ func processPCPU(p *process.Process) (string, error) {
}
// processETIME returns the elapsed time since the process was started.
-func processETIME(p *process.Process) (string, error) {
+func processETIME(p *process.Process, ctx *psContext) (string, error) {
elapsed, err := p.ElapsedTime()
if err != nil {
return "", nil
@@ -594,7 +597,7 @@ func processETIME(p *process.Process) (string, error) {
}
// processTIME returns the cumulative CPU time of process p.
-func processTIME(p *process.Process) (string, error) {
+func processTIME(p *process.Process, ctx *psContext) (string, error) {
cpu, err := p.CPUTime()
if err != nil {
return "", err
@@ -603,13 +606,13 @@ func processTIME(p *process.Process) (string, error) {
}
// processTTY returns the controlling tty (terminal) of process p.
-func processTTY(p *process.Process) (string, error) {
+func processTTY(p *process.Process, ctx *psContext) (string, error) {
ttyNr, err := strconv.ParseUint(p.Stat.TtyNr, 10, 64)
if err != nil {
return "", nil
}
- tty, err := dev.FindTTY(ttyNr)
+ tty, err := dev.FindTTY(ttyNr, ctx.ttys)
if err != nil {
return "", nil
}
@@ -623,7 +626,7 @@ func processTTY(p *process.Process) (string, error) {
// processVSZ returns the virtual memory size of process p in KiB (1024-byte
// units).
-func processVSZ(p *process.Process) (string, error) {
+func processVSZ(p *process.Process, ctx *psContext) (string, error) {
vmsize, err := strconv.Atoi(p.Stat.Vsize)
if err != nil {
return "", err
@@ -653,41 +656,41 @@ func parseCAP(cap string) (string, error) {
// processCAPAMB returns the set of ambient capabilties associated with
// process p. If all capabilties are set, "full" is returned. If no
// capability is enabled, "none" is returned.
-func processCAPAMB(p *process.Process) (string, error) {
+func processCAPAMB(p *process.Process, ctx *psContext) (string, error) {
return parseCAP(p.Status.CapAmb)
}
// processCAPINH returns the set of inheritable capabilties associated with
// process p. If all capabilties are set, "full" is returned. If no
// capability is enabled, "none" is returned.
-func processCAPINH(p *process.Process) (string, error) {
+func processCAPINH(p *process.Process, ctx *psContext) (string, error) {
return parseCAP(p.Status.CapInh)
}
// processCAPPRM returns the set of permitted capabilties associated with
// process p. If all capabilties are set, "full" is returned. If no
// capability is enabled, "none" is returned.
-func processCAPPRM(p *process.Process) (string, error) {
+func processCAPPRM(p *process.Process, ctx *psContext) (string, error) {
return parseCAP(p.Status.CapPrm)
}
// processCAPEFF returns the set of effective capabilties associated with
// process p. If all capabilties are set, "full" is returned. If no
// capability is enabled, "none" is returned.
-func processCAPEFF(p *process.Process) (string, error) {
+func processCAPEFF(p *process.Process, ctx *psContext) (string, error) {
return parseCAP(p.Status.CapEff)
}
// processCAPBND returns the set of bounding capabilties associated with
// process p. If all capabilties are set, "full" is returned. If no
// capability is enabled, "none" is returned.
-func processCAPBND(p *process.Process) (string, error) {
+func processCAPBND(p *process.Process, ctx *psContext) (string, error) {
return parseCAP(p.Status.CapBnd)
}
// processSECCOMP returns the seccomp mode of the process (i.e., disabled,
// strict or filter) or "?" if /proc/$pid/status.seccomp has a unknown value.
-func processSECCOMP(p *process.Process) (string, error) {
+func processSECCOMP(p *process.Process, ctx *psContext) (string, error) {
switch p.Status.Seccomp {
case "0":
return "disabled", nil
@@ -702,14 +705,14 @@ func processSECCOMP(p *process.Process) (string, error) {
// processLABEL returns the process label of process p or "?" if the system
// doesn't support labeling.
-func processLABEL(p *process.Process) (string, error) {
+func processLABEL(p *process.Process, ctx *psContext) (string, error) {
return p.Label, nil
}
// processHPID returns the PID of the corresponding host process of the
// (container) or "?" if no corresponding process could be found.
-func processHPID(p *process.Process) (string, error) {
- if hp := findHostProcess(p); hp != nil {
+func processHPID(p *process.Process, ctx *psContext) (string, error) {
+ if hp := findHostProcess(p, ctx); hp != nil {
return hp.Pid, nil
}
return "?", nil
@@ -717,8 +720,8 @@ func processHPID(p *process.Process) (string, error) {
// processHUSER returns the effective user ID of the corresponding host process
// of the (container) or "?" if no corresponding process could be found.
-func processHUSER(p *process.Process) (string, error) {
- if hp := findHostProcess(p); hp != nil {
+func processHUSER(p *process.Process, ctx *psContext) (string, error) {
+ if hp := findHostProcess(p, ctx); hp != nil {
return hp.Huser, nil
}
return "?", nil
@@ -727,14 +730,14 @@ func processHUSER(p *process.Process) (string, error) {
// processHGROUP returns the effective group ID of the corresponding host
// process of the (container) or "?" if no corresponding process could be
// found.
-func processHGROUP(p *process.Process) (string, error) {
- if hp := findHostProcess(p); hp != nil {
+func processHGROUP(p *process.Process, ctx *psContext) (string, error) {
+ if hp := findHostProcess(p, ctx); hp != nil {
return hp.Hgroup, nil
}
return "?", nil
}
// processState returns the process state of process p.
-func processState(p *process.Process) (string, error) {
+func processState(p *process.Process, ctx *psContext) (string, error) {
return p.Status.State, nil
}