aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.github/workflows/stale.yml1
-rw-r--r--.golangci.yml1
-rw-r--r--Dockerfile1
-rw-r--r--Dockerfile.centos1
-rw-r--r--Dockerfile.fedora1
-rw-r--r--Makefile15
-rw-r--r--cmd/podman/cp.go11
-rw-r--r--cmd/podman/import.go2
-rw-r--r--contrib/build_rpm.sh1
-rw-r--r--contrib/cirrus/container_test.sh2
-rw-r--r--contrib/cirrus/lib.sh46
-rwxr-xr-xcontrib/cirrus/lib.sh.t17
-rw-r--r--contrib/cirrus/packer/Makefile2
-rw-r--r--contrib/cirrus/packer/fedora_setup.sh2
-rw-r--r--contrib/cirrus/packer/ubuntu_setup.sh1
-rw-r--r--contrib/gate/Dockerfile1
-rw-r--r--contrib/podmanimage/upstream/Dockerfile1
-rw-r--r--contrib/spec/podman.spec.in4
-rw-r--r--docs/podman-pull.1.md3
-rw-r--r--docs/podman-push.1.md5
-rwxr-xr-xhack/ostree_tag.sh6
-rw-r--r--install.md32
-rw-r--r--libpod/oci_conmon_linux.go10
-rw-r--r--libpod/volume_internal_linux.go16
-rw-r--r--pkg/adapter/containers.go29
-rw-r--r--pkg/adapter/containers_remote.go2
-rw-r--r--pkg/network/subnet.go4
-rw-r--r--test/e2e/create_test.go2
-rw-r--r--test/e2e/exec_test.go1
-rw-r--r--test/e2e/push_test.go17
-rw-r--r--test/e2e/run_selinux_test.go12
-rw-r--r--test/e2e/run_volume_test.go11
-rw-r--r--test/e2e/start_test.go21
33 files changed, 127 insertions, 154 deletions
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 44cb82ff0..1015b92b0 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -22,4 +22,5 @@ jobs:
stale-pr-label: 'stale-pr'
days-before-stale: 30
days-before-close: 7
+ exempt-issue-label: 'do-not-close'
exempt-pr-label: 'do-not-close'
diff --git a/.golangci.yml b/.golangci.yml
index 9fcf08a43..fcf2582e8 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -2,7 +2,6 @@
run:
build-tags:
- apparmor
- - ostree
- seccomp
- selinux
concurrency: 6
diff --git a/Dockerfile b/Dockerfile
index 4b3130245..a7d795b29 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,6 @@ RUN apt-get update && apt-get install -y \
libfuse-dev \
libnet-dev \
libnl-3-dev \
- libostree-dev \
libprotobuf-dev \
libprotobuf-c-dev \
libseccomp2 \
diff --git a/Dockerfile.centos b/Dockerfile.centos
index 9af7ef7f1..7c2a05dd1 100644
--- a/Dockerfile.centos
+++ b/Dockerfile.centos
@@ -22,7 +22,6 @@ RUN yum -y install btrfs-progs-devel \
containers-common \
runc \
make \
- ostree-devel \
lsof \
which\
golang-github-cpuguy83-go-md2man \
diff --git a/Dockerfile.fedora b/Dockerfile.fedora
index 8769b5c18..ef9a718dc 100644
--- a/Dockerfile.fedora
+++ b/Dockerfile.fedora
@@ -22,7 +22,6 @@ RUN dnf -y install btrfs-progs-devel \
containers-common \
runc \
make \
- ostree-devel \
lsof \
which\
golang-github-cpuguy83-go-md2man \
diff --git a/Makefile b/Makefile
index 470e93e8c..f19b00687 100644
--- a/Makefile
+++ b/Makefile
@@ -27,7 +27,6 @@ BUILDTAGS ?= \
$(shell hack/apparmor_tag.sh) \
$(shell hack/btrfs_installed_tag.sh) \
$(shell hack/btrfs_tag.sh) \
- $(shell hack/ostree_tag.sh) \
$(shell hack/selinux_tag.sh) \
$(shell hack/systemd_tag.sh) \
exclude_graphdriver_devicemapper \
@@ -46,7 +45,7 @@ $(warning \
Install libsystemd for journald support)
endif
-BUILDTAGS_CROSS ?= containers_image_openpgp containers_image_ostree_stub exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_graphdriver_overlay
+BUILDTAGS_CROSS ?= containers_image_openpgp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_graphdriver_overlay
ifneq (,$(findstring varlink,$(BUILDTAGS)))
PODMAN_VARLINK_DEPENDENCIES = cmd/podman/varlink/iopodman.go
endif
@@ -156,7 +155,7 @@ gofmt: ## Verify the source code gofmt
git diff --exit-code
test/checkseccomp/checkseccomp: .gopathok $(wildcard test/checkseccomp/*.go)
- $(GO_BUILD) -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS) containers_image_ostree_stub" -o $@ $(PROJECT)/test/checkseccomp
+ $(GO_BUILD) -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS)" -o $@ $(PROJECT)/test/checkseccomp
test/goecho/goecho: .gopathok $(wildcard test/goecho/*.go)
$(GO_BUILD) -ldflags '$(LDFLAGS)' -o $@ $(PROJECT)/test/goecho
@@ -493,14 +492,6 @@ endef
$(call go-get,github.com/cpuguy83/go-md2man); \
fi
-.install.ostree: .gopathok
- if ! pkg-config ostree-1 2> /dev/null ; then \
- git clone https://github.com/ostreedev/ostree $(FIRST_GOPATH)/src/github.com/ostreedev/ostree ; \
- cd $(FIRST_GOPATH)src/github.com/ostreedev/ostree ; \
- ./autogen.sh --prefix=/usr/local; \
- make all install; \
- fi
-
varlink_generate: .gopathok cmd/podman/varlink/iopodman.go ## Generate varlink
varlink_api_generate: .gopathok API.md
@@ -528,7 +519,7 @@ build-all-new-commits:
git rebase $(GIT_BASE_BRANCH) -x make
build-no-cgo:
- env BUILDTAGS="containers_image_openpgp containers_image_ostree_stub exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_disk_quota" CGO_ENABLED=0 $(MAKE)
+ env BUILDTAGS="containers_image_openpgp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_disk_quota" CGO_ENABLED=0 $(MAKE)
vendor:
export GO111MODULE=on \
diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go
index 75a23afd6..c53a97df3 100644
--- a/cmd/podman/cp.go
+++ b/cmd/podman/cp.go
@@ -257,8 +257,15 @@ func parsePath(runtime *libpod.Runtime, path string) (*libpod.Container, string)
return nil, path
}
+func evalSymlinks(path string) (string, error) {
+ if path == os.Stdin.Name() {
+ return path, nil
+ }
+ return filepath.EvalSymlinks(path)
+}
+
func getPathInfo(path string) (string, os.FileInfo, error) {
- path, err := filepath.EvalSymlinks(path)
+ path, err := evalSymlinks(path)
if err != nil {
return "", nil, errors.Wrapf(err, "error evaluating symlinks %q", path)
}
@@ -270,7 +277,7 @@ func getPathInfo(path string) (string, os.FileInfo, error) {
}
func copy(src, destPath, dest string, idMappingOpts storage.IDMappingOptions, chownOpts *idtools.IDPair, extract, isFromHostToCtr bool) error {
- srcPath, err := filepath.EvalSymlinks(src)
+ srcPath, err := evalSymlinks(src)
if err != nil {
return errors.Wrapf(err, "error evaluating symlinks %q", srcPath)
}
diff --git a/cmd/podman/import.go b/cmd/podman/import.go
index 027fa7299..5a21e5cc1 100644
--- a/cmd/podman/import.go
+++ b/cmd/podman/import.go
@@ -6,7 +6,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/shared/parse"
"github.com/containers/libpod/pkg/adapter"
- multierror "github.com/hashicorp/go-multierror"
+ "github.com/hashicorp/go-multierror"
"github.com/pkg/errors"
"github.com/spf13/cobra"
)
diff --git a/contrib/build_rpm.sh b/contrib/build_rpm.sh
index 7075e3c79..1132ef380 100644
--- a/contrib/build_rpm.sh
+++ b/contrib/build_rpm.sh
@@ -28,7 +28,6 @@ declare -a PKGS=(device-mapper-devel \
libseccomp-devel \
libselinux-devel \
make \
- ostree-devel \
golang-github-cpuguy83-go-md2man \
rpm-build \
btrfs-progs-devel \
diff --git a/contrib/cirrus/container_test.sh b/contrib/cirrus/container_test.sh
index 9d3f09f60..4624868f1 100644
--- a/contrib/cirrus/container_test.sh
+++ b/contrib/cirrus/container_test.sh
@@ -89,7 +89,7 @@ if [ "${CONTAINER_RUNTIME}" == "none" ]; then
fi
-export TAGS="seccomp $($GOSRC/hack/btrfs_tag.sh) $($GOSRC/hack/libdm_tag.sh) $($GOSRC/hack/btrfs_installed_tag.sh) $($GOSRC/hack/ostree_tag.sh) $($GOSRC/hack/selinux_tag.sh)"
+export TAGS="seccomp $($GOSRC/hack/btrfs_tag.sh) $($GOSRC/hack/libdm_tag.sh) $($GOSRC/hack/btrfs_installed_tag.sh) $($GOSRC/hack/selinux_tag.sh)"
# Validate
if [ $validate -eq 1 ]; then
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 051157702..297ed49ce 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -238,34 +238,46 @@ ircmsg() {
# there is at least one release tag not having any '-' characters (return 0)
# or otherwise (return non-0).
is_release() {
- req_env_var CIRRUS_BASE_SHA CIRRUS_CHANGE_IN_REPO
- local range="${CIRRUS_BASE_SHA}..${CIRRUS_CHANGE_IN_REPO}"
- # Easy check first, default non-useful values
- if echo "${range}$CIRRUS_TAG" | grep -iq 'unknown'; then
- die 11 "is_release() unusable range ${range} or tag $CIRRUS_TAG"
- fi
- # Next easy check, is CIRRUS_TAG set
unset RELVER
+ local ret
+ req_env_var CIRRUS_CHANGE_IN_REPO
if [[ -n "$CIRRUS_TAG" ]]; then
RELVER="$CIRRUS_TAG"
- else # Lastly, look through the range for tags
- git fetch --all --tags &> /dev/null|| \
- die 12 "is_release() failed to fetch tags"
- RELVER=$(git log --pretty='format:%d' $range | \
- grep '(tag:' | sed -r -e 's/\s+[(]tag:\s+(v[0-9].*)[)]/\1/' | \
- sort -uV | tail -1)
- [[ "$?" -eq "0" ]] || \
+ elif [[ ! "$CIRRUS_BASE_SHA" =~ "unknown" ]]
+ then
+ # Normally not possible for this to be empty, except when unittesting.
+ req_env_var CIRRUS_BASE_SHA
+ local range="${CIRRUS_BASE_SHA}..${CIRRUS_CHANGE_IN_REPO}"
+ if echo "${range}$CIRRUS_TAG" | grep -iq 'unknown'; then
+ die 11 "is_release() unusable range ${range} or tag $CIRRUS_TAG"
+ fi
+
+ if type -P git &> /dev/null
+ then
+ git fetch --all --tags &> /dev/null|| \
+ die 12 "is_release() failed to fetch tags"
+ RELVER=$(git log --pretty='format:%d' $range | \
+ grep '(tag:' | sed -r -e 's/\s+[(]tag:\s+(v[0-9].*)[)]/\1/' | \
+ sort -uV | tail -1)
+ ret=$?
+ else
+ warn -1 "Git command not found while checking for release"
+ ret="-1"
+ fi
+ [[ "$ret" -eq "0" ]] || \
die 13 "is_release() failed to parse tags"
+ else # Not testing a PR, but neither CIRRUS_BASE_SHA or CIRRUS_TAG are set
+ return 1
fi
- echo "Found \$RELVER $RELVER"
if [[ -n "$RELVER" ]]; then
+ echo "Found \$RELVER $RELVER"
if echo "$RELVER" | grep -q '-'; then
- return 2
+ return 2 # development tag
else
return 0
fi
else
- return 1
+ return 1 # not a release
fi
}
diff --git a/contrib/cirrus/lib.sh.t b/contrib/cirrus/lib.sh.t
index 9915b42a4..8f4080dd5 100755
--- a/contrib/cirrus/lib.sh.t
+++ b/contrib/cirrus/lib.sh.t
@@ -138,16 +138,19 @@ function test_is_release() {
}
# FROM TO TAG RET MSG
-#test_is_release "" "" "" "" ""
-
-test_is_release "" "" "" "9" "FATAL: is_release() requires \$CIRRUS_BASE_SHA to be non-empty"
+test_is_release "" "" "" "9" "FATAL: is_release() requires \$CIRRUS_CHANGE_IN_REPO to be non-empty"
test_is_release "x" "" "" "9" "FATAL: is_release() requires \$CIRRUS_CHANGE_IN_REPO to be non-empty"
-test_is_release "unknown" "x" "" "11" "is_release() unusable range unknown..x or tag "
-test_is_release "x" "unknown" "" "11" "is_release() unusable range x..unknown or tag "
-test_is_release "x" "x" "unknown" "11" "is_release() unusable range x..x or tag unknown"
+# post-merge / tag-push testing, FROM will be set 'unknown' by (lib.sh default)
+test_is_release "unknown" "x" "" "1" ""
+# post-merge / tag-push testing, oddball tag is set, FROM will be set 'unknown'
+test_is_release "unknown" "unknown" "test-tag" "2" "Found \$RELVER test-tag"
+# post-merge / tag-push testing, sane tag is set, FROM will be set 'unknown'
+test_is_release "unknown" "unknown" "0.0.0" "0" "Found \$RELVER 0.0.0"
+# hack/get_ci_vm or PR testing, FROM and TO are set, no tag is set
+test_is_release "x" "x" "" "1" ""
-# Negative-testing git with this function is very difficult, assume it works
+# Negative-testing git with this function is very difficult, assume git works
# test_is_release ... "is_release() failed to fetch tags"
# test_is_release ... "is_release() failed to parse tags"
diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile
index 947a2a1e9..fa87d7019 100644
--- a/contrib/cirrus/packer/Makefile
+++ b/contrib/cirrus/packer/Makefile
@@ -34,7 +34,7 @@ guard-%:
fi;
%.json: %.yml
- @python3 -c 'import json,yaml; json.dump( yaml.load(open("$<").read()), open("$@","w"), indent=2);'
+ @python3 -c 'import json,yaml; json.dump( yaml.safe_load(open("$<").read()), open("$@","w"), indent=2);'
${PACKER_DIST_FILENAME}:
@curl -L --silent --show-error \
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index 38b9e6860..6cfaa05ce 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -69,8 +69,6 @@ ooe.sh sudo dnf install -y \
make \
msitools \
nmap-ncat \
- ostree \
- ostree-devel \
pandoc \
podman \
procps-ng \
diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh
index 2f54da9ed..118ee062a 100644
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@@ -83,7 +83,6 @@ $BIGTO $SUDOAPTGET install \
libnet1 \
libnet1-dev \
libnl-3-dev \
- libostree-dev \
libvarlink \
libprotobuf-c-dev \
libprotobuf-dev \
diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile
index c886fc9aa..1939d7ad1 100644
--- a/contrib/gate/Dockerfile
+++ b/contrib/gate/Dockerfile
@@ -19,7 +19,6 @@ RUN dnf -y install \
lsof \
make \
nmap-ncat \
- ostree-devel \
procps-ng \
python \
python3-dateutil \
diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile
index 82b88b50b..58e54b5b5 100644
--- a/contrib/podmanimage/upstream/Dockerfile
+++ b/contrib/podmanimage/upstream/Dockerfile
@@ -36,7 +36,6 @@ RUN dnf -y install --exclude container-selinux \
libseccomp-devel \
libselinux-devel \
make \
- ostree-devel \
pkgconfig \
runc \
fuse-overlayfs \
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index d5247f689..8e0cb9950 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -63,7 +63,6 @@ BuildRequires: libassuan-devel
BuildRequires: libgpg-error-devel
BuildRequires: libseccomp-devel
BuildRequires: libselinux-devel
-BuildRequires: ostree-devel
BuildRequires: pkgconfig
BuildRequires: make
BuildRequires: systemd-devel
@@ -139,7 +138,6 @@ Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0
Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = 625e2322645b151a7cbb93a8b42920933e72167f
Provides: bundled(golang(github.com/opencontainers/selinux)) = b6fa367ed7f534f9ba25391cc2d467085dbb445a
Provides: bundled(golang(github.com/openshift/imagebuilder)) = master
-Provides: bundled(golang(github.com/ostreedev/ostree-go)) = master
Provides: bundled(golang(github.com/pkg/errors)) = v0.8.0
Provides: bundled(golang(github.com/pmezard/go-difflib)) = 792786c7400a136282c1664665ae0a8db921c6c2
Provides: bundled(golang(github.com/pquerna/ffjson)) = d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac
@@ -383,7 +381,7 @@ mkdir -p src/%{provider}.%{provider_tld}/{containers,opencontainers}
ln -s $(dirs +1 -l) src/%{import_path_conmon}
popd
-export BUILDTAGS="selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) containers_image_ostree_stub"
+export BUILDTAGS="selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)"
BUILDTAGS=$BUILDTAGS make
popd
diff --git a/docs/podman-pull.1.md b/docs/podman-pull.1.md
index 9976bc586..de9688f5e 100644
--- a/docs/podman-pull.1.md
+++ b/docs/podman-pull.1.md
@@ -42,9 +42,6 @@ Image stored in local container/storage
**oci-archive:**_path_**:**_tag_
An image _tag_ in a directory compliant with "Open Container Image Layout Specification" at _path_.
- **ostree:**_image_[**@**_/absolute/repo/path_]
- An image in local OSTree repository. _/absolute/repo/path_ defaults to _/ostree/repo_.
-
## OPTIONS
**--all-tags**, **a**
diff --git a/docs/podman-push.1.md b/docs/podman-push.1.md
index 1cf8fd1a6..3f0350bcd 100644
--- a/docs/podman-push.1.md
+++ b/docs/podman-push.1.md
@@ -12,7 +12,7 @@ podman\-push - Push an image from local storage to elsewhere
Pushes an image from local storage to a specified destination.
Push is mainly used to push images to registries, however **podman push**
can be used to save images to tarballs and directories using the following
-transports: **dir:**, **docker-archive:**, **docker-daemon:**, **oci-archive:**, and **ostree:**.
+transports: **dir:**, **docker-archive:**, **docker-daemon:** and **oci-archive:**.
## imageID
Image stored in local container/storage
@@ -41,9 +41,6 @@ Image stored in local container/storage
**oci-archive:**_path_**:**_tag_
An image _tag_ in a directory compliant with "Open Container Image Layout Specification" at _path_.
- **ostree:**_image_[**@**_/absolute/repo/path_]
- An image in local OSTree repository. _/absolute/repo/path_ defaults to _/ostree/repo_.
-
## OPTIONS
**--authfile**=*path*
diff --git a/hack/ostree_tag.sh b/hack/ostree_tag.sh
deleted file mode 100755
index 06a5bc68c..000000000
--- a/hack/ostree_tag.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-if ! pkg-config glib-2.0 gobject-2.0 ostree-1 libselinux 2> /dev/null ; then
- echo containers_image_ostree_stub
-else
- echo containers_image_ostree
-fi
diff --git a/install.md b/install.md
index b90f20395..2583c4f9d 100644
--- a/install.md
+++ b/install.md
@@ -114,7 +114,6 @@ sudo yum install -y \
libseccomp-devel \
libselinux-devel \
make \
- ostree-devel \
pkgconfig \
runc \
containers-common
@@ -136,7 +135,6 @@ sudo apt-get install \
libglib2.0-dev \
libgpgme-dev \
libgpg-error-dev \
- libostree-dev \
libprotobuf-dev \
libprotobuf-c0-dev \
libseccomp-dev \
@@ -178,34 +176,6 @@ echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf
If any dependencies cannot be installed or are not sufficiently current, they have to be built from source.
This will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs).
-#### ostree
-
-A copy of the development libraries for `ostree` is necessary, either in the form of the `libostree-dev` package
-from the [flatpak](https://launchpad.net/~alexlarsson/+archive/ubuntu/flatpak) PPA,
-or built [from source](https://github.com/ostreedev/ostree/blob/master/docs/contributing-tutorial.md)
-(see also [here](https://ostree.readthedocs.io/en/latest/#building)). As of Ubuntu 18.04, `libostree-dev` is available in the main repositories,
-and the PPA is no longer required.
-
-To build, use the following (running `make` can take a while):
-```bash
-git clone https://github.com/ostreedev/ostree ~/ostree
-cd ~/ostree
-git submodule update --init
-
-# for Fedora, CentOS, RHEL
-sudo yum install -y automake bison e2fsprogs-devel fuse-devel gpgme-devel libseccomp-devel libtool systemd-devel xz-devel zlib-devel
-
-# for Debian, Ubuntu etc.
-sudo apt-get install -y automake bison e2fsprogs e2fslibs-dev fuse libfuse-dev libgpgme-dev liblzma-dev libseccomp-dev libsystemd-dev libtool zlib1g
-
-# for all distributions
-./autogen.sh --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc
-# remove --nonet option due to https:/github.com/ostreedev/ostree/issues/1374
-sed -i '/.*--nonet.*/d' ./Makefile-man.am
-make
-sudo make install
-```
-
#### golang
Be careful to double-check that the version of golang is new enough (i.e. `go version`), version 1.10.x or higher is required.
@@ -324,8 +294,6 @@ make BUILDTAGS='seccomp apparmor'
| exclude_graphdriver_btrfs | exclude btrfs | libbtrfs |
| exclude_graphdriver_devicemapper | exclude device-mapper | libdm |
| libdm_no_deferred_remove | exclude deferred removal in libdm | libdm |
-| ostree | ostree support (requires selinux) | ostree-1, libselinux |
-| containers_image_ostree_stub | exclude ostree | |
| seccomp | syscall filtering | libseccomp |
| selinux | selinux process and mount labeling | |
| systemd | journald logging | libsystemd |
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index ef0aaba4a..026b13129 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1024,8 +1024,8 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se
if err != nil {
return nil, err
}
-
pspec := c.config.Spec.Process
+ pspec.SelinuxLabel = c.config.ProcessLabel
pspec.Args = cmd
// We need to default this to false else it will inherit terminal as true
// from the container.
@@ -1221,14 +1221,6 @@ func (r *ConmonOCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec
mustCreateCgroup = false
}
- if rootless.IsRootless() {
- ownsCgroup, err := cgroups.UserOwnsCurrentSystemdCgroup()
- if err != nil {
- return err
- }
- mustCreateCgroup = !ownsCgroup
- }
-
if mustCreateCgroup {
cgroupParent := ctr.CgroupParent()
if r.cgroupManager == define.SystemdCgroupsManager {
diff --git a/libpod/volume_internal_linux.go b/libpod/volume_internal_linux.go
index 4c0332018..70eccbecb 100644
--- a/libpod/volume_internal_linux.go
+++ b/libpod/volume_internal_linux.go
@@ -3,8 +3,8 @@
package libpod
import (
- "io/ioutil"
"os/exec"
+ "strings"
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/rootless"
@@ -72,16 +72,10 @@ func (v *Volume) mount() error {
mountArgs = append(mountArgs, volDevice, v.config.MountPoint)
mountCmd := exec.Command(mountPath, mountArgs...)
- errPipe, err := mountCmd.StderrPipe()
- if err != nil {
- return errors.Wrapf(err, "error getting stderr pipe for mount")
- }
- if err := mountCmd.Start(); err != nil {
- out, err2 := ioutil.ReadAll(errPipe)
- if err2 != nil {
- return errors.Wrapf(err2, "error reading mount STDERR")
- }
- return errors.Wrapf(errors.New(string(out)), "error mounting volume %s", v.Name())
+ logrus.Debugf("Running mount command: %s %s", mountPath, strings.Join(mountArgs, " "))
+ if output, err := mountCmd.CombinedOutput(); err != nil {
+ logrus.Debugf("Mount failed with %v", err)
+ return errors.Wrapf(errors.Errorf(string(output)), "error mounting volume %s", v.Name())
}
logrus.Debugf("Mounted volume %s", v.Name())
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 430b6925d..207cf5c64 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -656,20 +656,25 @@ func (r *LocalRuntime) Start(ctx context.Context, c *cliconfig.StartValues, sigP
return exitCode, nil
}
- if ctrRunning {
- fmt.Println(ctr.ID())
- continue
- }
- // Handle non-attach start
- // If the container is in a pod, also set to recursively start dependencies
- if err := ctr.Start(ctx, ctr.PodID() != ""); err != nil {
- if lastError != nil {
- fmt.Fprintln(os.Stderr, lastError)
+ // Start the container if it's not running already.
+ if !ctrRunning {
+ // Handle non-attach start
+ // If the container is in a pod, also set to recursively start dependencies
+ if err := ctr.Start(ctx, ctr.PodID() != ""); err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "unable to start container %q", container)
+ continue
}
- lastError = errors.Wrapf(err, "unable to start container %q", container)
- continue
}
- fmt.Println(ctr.ID())
+ // Check if the container is referenced by ID or by name and print
+ // it accordingly.
+ if strings.HasPrefix(ctr.ID(), container) {
+ fmt.Println(ctr.ID())
+ } else {
+ fmt.Println(container)
+ }
}
return exitCode, lastError
}
diff --git a/pkg/adapter/containers_remote.go b/pkg/adapter/containers_remote.go
index f4e83a975..20471d895 100644
--- a/pkg/adapter/containers_remote.go
+++ b/pkg/adapter/containers_remote.go
@@ -1021,7 +1021,7 @@ func (r *LocalRuntime) Commit(ctx context.Context, c *cliconfig.CommitValues, co
func (r *LocalRuntime) ExecContainer(ctx context.Context, cli *cliconfig.ExecValues) (int, error) {
var (
oldTermState *term.State
- ec int = define.ExecErrorCodeGeneric
+ ec = define.ExecErrorCodeGeneric
)
// default invalid command exit code
// Validate given environment variables
diff --git a/pkg/network/subnet.go b/pkg/network/subnet.go
index 82ab9a8c8..90f0cdfce 100644
--- a/pkg/network/subnet.go
+++ b/pkg/network/subnet.go
@@ -18,7 +18,7 @@ func incByte(subnet *net.IPNet, idx int, shift uint) error {
subnet.IP[idx] = 0
return incByte(subnet, idx-1, 0)
}
- subnet.IP[idx] += (1 << shift)
+ subnet.IP[idx] += 1 << shift
return nil
}
@@ -58,7 +58,7 @@ func LastIPInSubnet(addr *net.IPNet) (net.IP, error) { //nolint:interfacer
}
hostStart := ones / 8
// Handle the first host byte
- cidr.IP[hostStart] |= (0xff & cidr.Mask[hostStart])
+ cidr.IP[hostStart] |= 0xff & cidr.Mask[hostStart]
// Fill the rest with ones
for i := hostStart; i < len(cidr.IP); i++ {
cidr.IP[i] = 0xff
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index f2020547f..f5dca321c 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -239,7 +239,7 @@ var _ = Describe("Podman create", func() {
session = podmanTest.PodmanNoCache([]string{"create", "--pull", "always", "--name=foo", "nginx"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To((Equal(0)))
+ Expect(session.ExitCode()).To(Equal(0))
})
It("podman create using image list by tag", func() {
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go
index 1c4a9adb9..ed4eb3335 100644
--- a/test/e2e/exec_test.go
+++ b/test/e2e/exec_test.go
@@ -243,4 +243,5 @@ var _ = Describe("Podman exec", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
})
+
})
diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go
index 50f0ca6d9..0747257be 100644
--- a/test/e2e/push_test.go
+++ b/test/e2e/push_test.go
@@ -203,23 +203,6 @@ var _ = Describe("Podman push", func() {
Expect(session.ExitCode()).To(Equal(0))
})
- It("podman push to local ostree", func() {
- if !IsCommandAvailable("ostree") {
- Skip("ostree is not installed")
- }
-
- ostreePath := filepath.Join(podmanTest.TempDir, "ostree/repo")
- os.MkdirAll(ostreePath, os.ModePerm)
-
- setup := SystemExec("ostree", []string{strings.Join([]string{"--repo=", ostreePath}, ""), "init"})
- Expect(setup.ExitCode()).To(Equal(0))
-
- session := podmanTest.PodmanNoCache([]string{"push", ALPINE, strings.Join([]string{"ostree:alp@", ostreePath}, "")})
- session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
-
- })
-
It("podman push to docker-archive no reference", func() {
tarfn := filepath.Join(podmanTest.TempDir, "alp.tar")
session := podmanTest.PodmanNoCache([]string{"push", ALPINE,
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go
index 0c78ab15b..358137aa9 100644
--- a/test/e2e/run_selinux_test.go
+++ b/test/e2e/run_selinux_test.go
@@ -165,4 +165,16 @@ var _ = Describe("Podman run", func() {
Expect(session.ExitCode()).To(Equal(126))
})
+ It("podman exec selinux check", func() {
+ setup := podmanTest.RunTopContainer("test1")
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ session := podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/1/attr/current"})
+ session.WaitWithDefaultTimeout()
+ session1 := podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"})
+ session1.WaitWithDefaultTimeout()
+ Expect(session.OutputToString()).To(Equal(session1.OutputToString()))
+ })
+
})
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index c96059787..8e5de85e4 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -364,4 +364,15 @@ var _ = Describe("Podman run with volumes", func() {
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Not(ContainSubstring("noexec")))
})
+
+ It("podman mount with invalid option fails", func() {
+ volName := "testVol"
+ volCreate := podmanTest.Podman([]string{"volume", "create", "--opt", "type=tmpfs", "--opt", "device=tmpfs", "--opt", "o=invalid", volName})
+ volCreate.WaitWithDefaultTimeout()
+ Expect(volCreate.ExitCode()).To(Equal(0))
+
+ volMount := podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:/tmp", volName), ALPINE, "ls"})
+ volMount.WaitWithDefaultTimeout()
+ Expect(volMount.ExitCode()).To(Not(Equal(0)))
+ })
})
diff --git a/test/e2e/start_test.go b/test/e2e/start_test.go
index da581f158..47b058845 100644
--- a/test/e2e/start_test.go
+++ b/test/e2e/start_test.go
@@ -57,15 +57,32 @@ var _ = Describe("Podman start", func() {
session = podmanTest.Podman([]string{"container", "start", cid})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal(cid))
+ })
+
+ It("podman container start single container by short id", func() {
+ session := podmanTest.Podman([]string{"container", "create", "-d", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ cid := session.OutputToString()
+ session = podmanTest.Podman([]string{"container", "start", cid[0:10]})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal(cid))
})
It("podman start single container by name", func() {
- session := podmanTest.Podman([]string{"create", "-d", "--name", "foobar99", ALPINE, "ls"})
+ name := "foobar99"
+ session := podmanTest.Podman([]string{"create", "-d", "--name", name, ALPINE, "ls"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- session = podmanTest.Podman([]string{"start", "foobar99"})
+ session = podmanTest.Podman([]string{"start", name})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
+ if podmanTest.RemoteTest {
+ Skip("Container-start name check doesn't work on remote client. It always returns the full ID.")
+ }
+ Expect(session.OutputToString()).To(Equal(name))
})
It("podman start multiple containers", func() {