aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore37
-rw-r--r--cmd/podman/common/specgen.go1
-rw-r--r--cmd/podman/containers/start.go4
-rw-r--r--cmd/podman/manifest/add.go1
-rw-r--r--completions/bash/podman1
-rw-r--r--docs/source/markdown/podman-manifest-add.1.md7
-rw-r--r--docs/source/markdown/podman-pull.1.md14
-rw-r--r--docs/source/markdown/podman-push.1.md4
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--libpod/image/manifests.go6
-rw-r--r--libpod/pod.go21
-rw-r--r--pkg/api/handlers/swagger/swagger.go2
-rw-r--r--pkg/domain/entities/manifest.go1
-rw-r--r--pkg/domain/infra/abi/manifest.go1
-rw-r--r--pkg/domain/infra/abi/pods.go7
-rw-r--r--pkg/domain/infra/tunnel/manifest.go1
-rw-r--r--pkg/specgen/generate/pod_create.go7
-rw-r--r--pkg/specgen/pod_validate.go2
-rw-r--r--test/e2e/common_test.go5
-rw-r--r--test/e2e/manifest_test.go13
-rw-r--r--test/e2e/pause_test.go1
-rw-r--r--test/e2e/pod_create_test.go1
-rw-r--r--test/e2e/pod_inspect_test.go6
-rw-r--r--test/e2e/pod_kill_test.go1
-rw-r--r--test/e2e/pod_prune_test.go1
-rw-r--r--test/e2e/pod_restart_test.go1
-rw-r--r--test/e2e/pod_rm_test.go1
-rw-r--r--test/e2e/pod_stop_test.go1
-rw-r--r--test/e2e/pod_top_test.go1
-rw-r--r--test/e2e/run_dns_test.go1
-rw-r--r--test/e2e/run_ns_test.go1
-rw-r--r--test/e2e/run_passwd_test.go1
-rw-r--r--test/e2e/run_restart_test.go1
-rw-r--r--test/e2e/run_signal_test.go1
-rw-r--r--vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go39
-rw-r--r--vendor/modules.txt2
37 files changed, 126 insertions, 75 deletions
diff --git a/.gitignore b/.gitignore
index d5d1206b5..e60b8c03a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,32 +1,33 @@
/.artifacts/
-/_output/
+/bin/
/brew
+/build/
+/cmd/podman/varlink/iopodman.go
+/cmd/podman/varlink/ioprojectatomicpodman.go
/conmon/
+contrib/spec/podman.spec
+*.coverprofile
/docs/*.[158]
/docs/*.[158].gz
-/docs/remote
/docs/build/
+/docs/remote
+.gopathok
+.idea*
+.nfs*
*.o
*.orig
+/_output/
/pause/pause.o
-/bin/
+pkg/api/swagger.yaml
+/pkg/varlink/iopodman.go
+podman-remote*.zip
+podman*.tar.gz
+__pycache__
+release.txt
+.ropeproject
+*.rpm
/test/bin2img/bin2img
/test/checkseccomp/checkseccomp
/test/copyimg/copyimg
/test/goecho/goecho
-/build/
-.nfs*
-.ropeproject
-__pycache__
-/cmd/podman/varlink/ioprojectatomicpodman.go
-/cmd/podman/varlink/iopodman.go
-/pkg/varlink/iopodman.go
-.gopathok
-release.txt
-podman-remote*.zip
-podman*.tar.gz
-.idea*
.vscode*
-contrib/spec/podman.spec
-*.rpm
-*.coverprofile
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 850fb11ec..ba9022aff 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -404,6 +404,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.DNSOptions = c.Net.DNSOptions
s.StaticIP = c.Net.StaticIP
s.StaticMAC = c.Net.StaticMAC
+ s.UseImageHosts = c.Net.NoHosts
// deferred, must be added on libpod side
//var ImageVolumes map[string]struct{}
diff --git a/cmd/podman/containers/start.go b/cmd/podman/containers/start.go
index 73f37e51f..381bf8e26 100644
--- a/cmd/podman/containers/start.go
+++ b/cmd/podman/containers/start.go
@@ -20,7 +20,6 @@ var (
Short: "Start one or more containers",
Long: startDescription,
RunE: start,
- Args: cobra.MinimumNArgs(1),
Example: `podman start --latest
podman start 860a4b231279 5421ab43b45
podman start --interactive --attach imageID`,
@@ -72,6 +71,9 @@ func init() {
func start(cmd *cobra.Command, args []string) error {
var errs utils.OutputErrors
+ if len(args) == 0 && !startOptions.Latest {
+ return errors.New("start requires at least one argument")
+ }
if len(args) > 1 && startOptions.Attach {
return errors.Errorf("you cannot start and attach multiple containers at once")
}
diff --git a/cmd/podman/manifest/add.go b/cmd/podman/manifest/add.go
index 20251ca87..c83beff7a 100644
--- a/cmd/podman/manifest/add.go
+++ b/cmd/podman/manifest/add.go
@@ -34,6 +34,7 @@ func init() {
flags.StringSliceVar(&manifestAddOpts.Annotation, "annotation", nil, "set an `annotation` for the specified image")
flags.StringVar(&manifestAddOpts.Arch, "arch", "", "override the `architecture` of the specified image")
flags.StringSliceVar(&manifestAddOpts.Features, "features", nil, "override the `features` of the specified image")
+ flags.StringVar(&manifestAddOpts.OS, "os", "", "override the `OS` of the specified image")
flags.StringVar(&manifestAddOpts.OSVersion, "os-version", "", "override the OS `version` of the specified image")
flags.StringVar(&manifestAddOpts.Variant, "variant", "", "override the `Variant` of the specified image")
}
diff --git a/completions/bash/podman b/completions/bash/podman
index 41a76a967..d6e9408c6 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -1760,6 +1760,7 @@ _podman_manifest_add() {
--annotation
--arch
--features
+ --os
--os-version
--variant
"
diff --git a/docs/source/markdown/podman-manifest-add.1.md b/docs/source/markdown/podman-manifest-add.1.md
index 4ecf03900..857a98e12 100644
--- a/docs/source/markdown/podman-manifest-add.1.md
+++ b/docs/source/markdown/podman-manifest-add.1.md
@@ -38,6 +38,13 @@ retrieved from the image's configuration information.
Specify the features list which the list or index records as requirements for
the image. This option is rarely used.
+**--os**
+
+Override the OS which the list or index records as a requirement for the image.
+If *imagename* refers to a manifest list or image index, the OS information
+will be retrieved from it. Otherwise, it will be retrieved from the image's
+configuration information.
+
**--os-version**
Specify the OS version which the list or index records as a requirement for the
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md
index b3e35c672..aa558526a 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md
@@ -4,9 +4,13 @@
podman\-pull - Pull an image from a registry
## SYNOPSIS
-**podman pull** [*options*] *name*[:*tag*|@*digest*]
+**podman pull** [*options*] *source*
-**podman image pull** [*options*] *name*[:*tag*|@*digest*]
+**podman image pull** [*options*] *source*
+
+**podman pull** [*options*] [*transport*]*name*[:*tag*|@*digest*]
+
+**podman image pull** [*options*] [*transport*]*name*[:*tag*|@*digest*]
## DESCRIPTION
Copies an image from a registry onto the local machine. **podman pull** pulls an
@@ -17,12 +21,12 @@ print the full image ID. **podman pull** can also pull an image
using its digest **podman pull** *image*@*digest*. **podman pull** can be used to pull
images from archives and local storage using different transports.
-## imageID
-Image stored in local container/storage
+## Image storage
+Images are stored in local image storage.
## SOURCE
- The SOURCE is a location to get container images
+ The SOURCE is the location from which the container images are pulled.
The Image "SOURCE" uses a "transport":"details" format.
Multiple transports are supported:
diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md
index 3f0350bcd..f029c8db1 100644
--- a/docs/source/markdown/podman-push.1.md
+++ b/docs/source/markdown/podman-push.1.md
@@ -14,8 +14,8 @@ Push is mainly used to push images to registries, however **podman push**
can be used to save images to tarballs and directories using the following
transports: **dir:**, **docker-archive:**, **docker-daemon:** and **oci-archive:**.
-## imageID
-Image stored in local container/storage
+## Image storage
+Images are pushed from those stored in local image storage.
## DESTINATION
diff --git a/go.mod b/go.mod
index 09077188c..576166df0 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
github.com/opentracing/opentracing-go v1.1.0
github.com/pkg/errors v0.9.1
github.com/pmezard/go-difflib v1.0.0
- github.com/rootless-containers/rootlesskit v0.9.3
+ github.com/rootless-containers/rootlesskit v0.9.4
github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f
github.com/sirupsen/logrus v1.5.0
github.com/spf13/cobra v0.0.7
diff --git a/go.sum b/go.sum
index 92ea6f545..167d52e0a 100644
--- a/go.sum
+++ b/go.sum
@@ -373,8 +373,8 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rootless-containers/rootlesskit v0.9.3 h1:hrkZzBZT5vEnhAso6H1jHAcc4DT8h6/hp2z4yL0xu/8=
-github.com/rootless-containers/rootlesskit v0.9.3/go.mod h1:fx5DhInDgnR0Upj+2cOVacKuZJYSNKV5P/bCwGa+quQ=
+github.com/rootless-containers/rootlesskit v0.9.4 h1:6ogX7l3r3nlS7eTB8ePbLSQ6TZR1aVQzRjTy2SIBOzk=
+github.com/rootless-containers/rootlesskit v0.9.4/go.mod h1:fx5DhInDgnR0Upj+2cOVacKuZJYSNKV5P/bCwGa+quQ=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 h1:2c1EFnZHIPCW8qKWgHMH/fX2PkSabFc5mrVzfUNdg5U=
github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
diff --git a/libpod/image/manifests.go b/libpod/image/manifests.go
index 9dbeb4cc5..7ca17f86c 100644
--- a/libpod/image/manifests.go
+++ b/libpod/image/manifests.go
@@ -19,6 +19,7 @@ type ManifestAddOpts struct {
Arch string `json:"arch"`
Features []string `json:"features"`
Images []string `json:"images"`
+ OS string `json:"os"`
OSVersion string `json:"os_version"`
Variant string `json:"variant"`
}
@@ -86,6 +87,11 @@ func addManifestToList(ref types.ImageReference, list manifests.List, systemCont
if err != nil {
return nil, err
}
+ if opts.OS != "" {
+ if err := list.SetOS(d, opts.OS); err != nil {
+ return nil, err
+ }
+ }
if len(opts.OSVersion) > 0 {
if err := list.SetOSVersion(d, opts.OSVersion); err != nil {
return nil, err
diff --git a/libpod/pod.go b/libpod/pod.go
index 4cdeb1033..b5a14c165 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -76,27 +76,6 @@ type podState struct {
InfraContainerID string
}
-// PodInspect represents the data we want to display for
-// podman pod inspect
-type PodInspect struct {
- Config *PodConfig
- State *PodInspectState
- Containers []PodContainerInfo
-}
-
-// PodInspectState contains inspect data on the pod's state
-type PodInspectState struct {
- CgroupPath string `json:"cgroupPath"`
- InfraContainerID string `json:"infraContainerID"`
- Status string `json:"status"`
-}
-
-// PodContainerInfo keeps information on a container in a pod
-type PodContainerInfo struct {
- ID string `json:"id"`
- State string `json:"state"`
-}
-
// InfraContainerConfig is the configuration for the pod's infra container
type InfraContainerConfig struct {
HasInfraContainer bool `json:"makeInfraContainer"`
diff --git a/pkg/api/handlers/swagger/swagger.go b/pkg/api/handlers/swagger/swagger.go
index 87891d4a8..7d8932f56 100644
--- a/pkg/api/handlers/swagger/swagger.go
+++ b/pkg/api/handlers/swagger/swagger.go
@@ -143,7 +143,7 @@ type swagListPodsResponse struct {
type swagInspectPodResponse struct {
// in:body
Body struct {
- libpod.PodInspect
+ define.InspectPodData
}
}
diff --git a/pkg/domain/entities/manifest.go b/pkg/domain/entities/manifest.go
index a9c961f9d..7316735b0 100644
--- a/pkg/domain/entities/manifest.go
+++ b/pkg/domain/entities/manifest.go
@@ -10,6 +10,7 @@ type ManifestAddOptions struct {
Arch string `json:"arch" schema:"arch"`
Features []string `json:"features" schema:"features"`
Images []string `json:"images" schema:"images"`
+ OS string `json:"os" schema:"os"`
OSVersion string `json:"os_version" schema:"os_version"`
Variant string `json:"variant" schema:"variant"`
}
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index 27d4bf9a5..88331f96c 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -79,6 +79,7 @@ func (ir *ImageEngine) ManifestAdd(ctx context.Context, opts entities.ManifestAd
Arch: opts.Arch,
Features: opts.Features,
Images: opts.Images,
+ OS: opts.OS,
OSVersion: opts.OSVersion,
Variant: opts.Variant,
}
diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go
index 7732d5aa3..7c06f9a4e 100644
--- a/pkg/domain/infra/abi/pods.go
+++ b/pkg/domain/infra/abi/pods.go
@@ -145,7 +145,7 @@ func (ic *ContainerEngine) PodStop(ctx context.Context, namesOrIds []string, opt
reports []*entities.PodStopReport
)
pods, err := getPodsByContext(options.All, options.Latest, namesOrIds, ic.Libpod)
- if err != nil {
+ if err != nil && !(options.Ignore && errors.Cause(err) == define.ErrNoSuchPod) {
return nil, err
}
for _, p := range pods {
@@ -180,6 +180,7 @@ func (ic *ContainerEngine) PodRestart(ctx context.Context, namesOrIds []string,
errs, err := p.Restart(ctx)
if err != nil {
report.Errs = []error{err}
+ reports = append(reports, &report)
continue
}
if len(errs) > 0 {
@@ -207,6 +208,7 @@ func (ic *ContainerEngine) PodStart(ctx context.Context, namesOrIds []string, op
errs, err := p.Start(ctx)
if err != nil {
report.Errs = []error{err}
+ reports = append(reports, &report)
continue
}
if len(errs) > 0 {
@@ -226,7 +228,7 @@ func (ic *ContainerEngine) PodRm(ctx context.Context, namesOrIds []string, optio
reports []*entities.PodRmReport
)
pods, err := getPodsByContext(options.All, options.Latest, namesOrIds, ic.Libpod)
- if err != nil {
+ if err != nil && !(options.Ignore && errors.Cause(err) == define.ErrNoSuchPod) {
return nil, err
}
for _, p := range pods {
@@ -234,6 +236,7 @@ func (ic *ContainerEngine) PodRm(ctx context.Context, namesOrIds []string, optio
err := ic.Libpod.RemovePod(ctx, p, true, options.Force)
if err != nil {
report.Err = err
+ reports = append(reports, &report)
continue
}
reports = append(reports, &report)
diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go
index 338256530..18b400533 100644
--- a/pkg/domain/infra/tunnel/manifest.go
+++ b/pkg/domain/infra/tunnel/manifest.go
@@ -41,6 +41,7 @@ func (ir *ImageEngine) ManifestAdd(ctx context.Context, opts entities.ManifestAd
Arch: opts.Arch,
Features: opts.Features,
Images: opts.Images,
+ OS: opts.OS,
OSVersion: opts.OSVersion,
Variant: opts.Variant,
}
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 292f9b155..babfba9bc 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -46,6 +46,13 @@ func createPodOptions(p *specgen.PodSpecGenerator) ([]libpod.PodCreateOption, er
if len(p.HostAdd) > 0 {
options = append(options, libpod.WithPodHosts(p.HostAdd))
}
+ if len(p.DNSServer) > 0 {
+ var dnsServers []string
+ for _, d := range p.DNSServer {
+ dnsServers = append(dnsServers, d.String())
+ }
+ options = append(options, libpod.WithPodDNS(dnsServers))
+ }
if len(p.DNSOption) > 0 {
options = append(options, libpod.WithPodDNSOption(p.DNSOption))
}
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index f2f90e58d..98d59549e 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -62,7 +62,7 @@ func (p *PodSpecGenerator) Validate() error {
return exclusivePodOptions("NoInfra", "NoManageResolvConf")
}
}
- if p.NetNS.NSMode != Bridge {
+ if p.NetNS.NSMode != "" && p.NetNS.NSMode != Bridge && p.NetNS.NSMode != Default {
if len(p.PortMappings) > 0 {
return errors.New("PortMappings can only be used with Bridge mode networking")
}
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index d93ee8d3a..160af1bd5 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -14,7 +14,6 @@ import (
"testing"
"time"
- "github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/rootless"
@@ -501,8 +500,8 @@ func (s *PodmanSessionIntegration) InspectContainerToJSON() []define.InspectCont
}
// InspectPodToJSON takes the sessions output from a pod inspect and returns json
-func (s *PodmanSessionIntegration) InspectPodToJSON() libpod.PodInspect {
- var i libpod.PodInspect
+func (s *PodmanSessionIntegration) InspectPodToJSON() define.InspectPodData {
+ var i define.InspectPodData
err := json.Unmarshal(s.Out.Contents(), &i)
Expect(err).To(BeNil())
return i
diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go
index a52916e87..9b5a24771 100644
--- a/test/e2e/manifest_test.go
+++ b/test/e2e/manifest_test.go
@@ -85,4 +85,17 @@ var _ = Describe("Podman manifest", func() {
Expect(session.OutputToString()).To(ContainSubstring(imageListPPC64LEInstanceDigest))
Expect(session.OutputToString()).To(ContainSubstring(imageListS390XInstanceDigest))
})
+
+ It("podman manifest add --os", func() {
+ session := podmanTest.Podman([]string{"manifest", "create", "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ session = podmanTest.Podman([]string{"manifest", "add", "--os", "bar", "foo", imageList})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ session = podmanTest.Podman([]string{"manifest", "inspect", "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(ContainSubstring(`"os": "bar"`))
+ })
})
diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go
index 66b888803..39e08e2e8 100644
--- a/test/e2e/pause_test.go
+++ b/test/e2e/pause_test.go
@@ -21,7 +21,6 @@ var _ = Describe("Podman pause", func() {
createdState := "Created"
BeforeEach(func() {
- Skip(v2fail)
SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 30abe2be2..e0a10c202 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -18,7 +18,6 @@ var _ = Describe("Podman pod create", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go
index 06f36c751..f87bbe047 100644
--- a/test/e2e/pod_inspect_test.go
+++ b/test/e2e/pod_inspect_test.go
@@ -16,7 +16,6 @@ var _ = Describe("Podman pod inspect", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
@@ -55,8 +54,7 @@ var _ = Describe("Podman pod inspect", func() {
inspect.WaitWithDefaultTimeout()
Expect(inspect.ExitCode()).To(Equal(0))
Expect(inspect.IsJSONOutputValid()).To(BeTrue())
- // FIXME sujil, disabled for now
- //podData := inspect.InspectPodToJSON()
- //Expect(podData.Config.ID).To(Equal(podid))
+ podData := inspect.InspectPodToJSON()
+ Expect(podData.ID).To(Equal(podid))
})
})
diff --git a/test/e2e/pod_kill_test.go b/test/e2e/pod_kill_test.go
index 29d7664df..a3efec46c 100644
--- a/test/e2e/pod_kill_test.go
+++ b/test/e2e/pod_kill_test.go
@@ -17,7 +17,6 @@ var _ = Describe("Podman pod kill", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_prune_test.go b/test/e2e/pod_prune_test.go
index d0725883c..d98383331 100644
--- a/test/e2e/pod_prune_test.go
+++ b/test/e2e/pod_prune_test.go
@@ -16,7 +16,6 @@ var _ = Describe("Podman pod prune", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_restart_test.go b/test/e2e/pod_restart_test.go
index 9938c70b8..691fe5f0c 100644
--- a/test/e2e/pod_restart_test.go
+++ b/test/e2e/pod_restart_test.go
@@ -16,7 +16,6 @@ var _ = Describe("Podman pod restart", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_rm_test.go b/test/e2e/pod_rm_test.go
index 117b54987..90f178be6 100644
--- a/test/e2e/pod_rm_test.go
+++ b/test/e2e/pod_rm_test.go
@@ -19,7 +19,6 @@ var _ = Describe("Podman pod rm", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_stop_test.go b/test/e2e/pod_stop_test.go
index 0c0085b82..a61917adb 100644
--- a/test/e2e/pod_stop_test.go
+++ b/test/e2e/pod_stop_test.go
@@ -16,7 +16,6 @@ var _ = Describe("Podman pod stop", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_top_test.go b/test/e2e/pod_top_test.go
index 2f75aaf30..c313b0675 100644
--- a/test/e2e/pod_top_test.go
+++ b/test/e2e/pod_top_test.go
@@ -20,7 +20,6 @@ var _ = Describe("Podman top", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go
index 749047b76..02b9ff8d1 100644
--- a/test/e2e/run_dns_test.go
+++ b/test/e2e/run_dns_test.go
@@ -18,7 +18,6 @@ var _ = Describe("Podman run dns", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go
index 9c914188a..c8ba68efc 100644
--- a/test/e2e/run_ns_test.go
+++ b/test/e2e/run_ns_test.go
@@ -19,7 +19,6 @@ var _ = Describe("Podman run ns", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go
index 0868bce4f..bd6a0e036 100644
--- a/test/e2e/run_passwd_test.go
+++ b/test/e2e/run_passwd_test.go
@@ -18,7 +18,6 @@ var _ = Describe("Podman run passwd", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_restart_test.go b/test/e2e/run_restart_test.go
index 28ab23ab0..8bbdf2056 100644
--- a/test/e2e/run_restart_test.go
+++ b/test/e2e/run_restart_test.go
@@ -18,7 +18,6 @@ var _ = Describe("Podman run restart containers", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_signal_test.go b/test/e2e/run_signal_test.go
index 58dde62da..fbdd3acec 100644
--- a/test/e2e/run_signal_test.go
+++ b/test/e2e/run_signal_test.go
@@ -29,7 +29,6 @@ var _ = Describe("Podman run with --sig-proxy", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tmpdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go
index 893bf1da9..8ffadd859 100644
--- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go
+++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go
@@ -2,11 +2,14 @@ package parent
import (
"context"
+ "fmt"
"io"
"io/ioutil"
"net"
"os"
"path/filepath"
+ "strconv"
+ "strings"
"sync"
"syscall"
@@ -84,6 +87,39 @@ func (d *driver) RunParentDriver(initComplete chan struct{}, quit <-chan struct{
return nil
}
+func isEPERM(err error) bool {
+ k := "permission denied"
+ // As of Go 1.14, errors.Is(err, syscall.EPERM) does not seem to work for
+ // "listen tcp 0.0.0.0:80: bind: permission denied" error from net.ListenTCP().
+ return errors.Is(err, syscall.EPERM) || strings.Contains(err.Error(), k)
+}
+
+// annotateEPERM annotates origErr for human-readability
+func annotateEPERM(origErr error, spec port.Spec) error {
+ // Read "net.ipv4.ip_unprivileged_port_start" value (typically 1024)
+ // TODO: what for IPv6?
+ // NOTE: sync.Once should not be used here
+ b, e := ioutil.ReadFile("/proc/sys/net/ipv4/ip_unprivileged_port_start")
+ if e != nil {
+ return origErr
+ }
+ start, e := strconv.Atoi(strings.TrimSpace(string(b)))
+ if e != nil {
+ return origErr
+ }
+ if spec.ParentPort >= start {
+ // origErr is unrelated to ip_unprivileged_port_start
+ return origErr
+ }
+ text := fmt.Sprintf("cannot expose privileged port %d, you might need to add \"net.ipv4.ip_unprivileged_port_start=0\" (currently %d) to /etc/sysctl.conf", spec.ParentPort, start)
+ if filepath.Base(os.Args[0]) == "rootlesskit" {
+ // NOTE: The following sentence is appended only if Args[0] == "rootlesskit", because it does not apply to Podman (as of Podman v1.9).
+ // Podman launches the parent driver in the child user namespace (but in the parent network namespace), which disables the file capability.
+ text += ", or set CAP_NET_BIND_SERVICE on rootlesskit binary"
+ }
+ return errors.Wrap(origErr, text)
+}
+
func (d *driver) AddPort(ctx context.Context, spec port.Spec) (*port.Status, error) {
d.mu.Lock()
err := portutil.ValidatePortSpec(spec, d.ports)
@@ -106,6 +142,9 @@ func (d *driver) AddPort(ctx context.Context, spec port.Spec) (*port.Status, err
return nil, errors.New("spec was not validated?")
}
if err != nil {
+ if isEPERM(err) {
+ err = annotateEPERM(err, spec)
+ }
return nil, err
}
d.mu.Lock()
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 782a905a1..0a6d8ccd5 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -454,7 +454,7 @@ github.com/prometheus/common/model
github.com/prometheus/procfs
github.com/prometheus/procfs/internal/fs
github.com/prometheus/procfs/internal/util
-# github.com/rootless-containers/rootlesskit v0.9.3
+# github.com/rootless-containers/rootlesskit v0.9.4
github.com/rootless-containers/rootlesskit/pkg/msgutil
github.com/rootless-containers/rootlesskit/pkg/port
github.com/rootless-containers/rootlesskit/pkg/port/builtin