summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--RELEASE_NOTES.md4
-rw-r--r--cmd/podman/shared/create.go8
-rw-r--r--cmd/podmanV2/containers/mount.go121
-rw-r--r--cmd/podmanV2/containers/unmount.go65
-rw-r--r--cmd/podmanV2/images/search.go157
-rw-r--r--libpod/container_api.go98
-rw-r--r--libpod/oci_conmon_linux.go38
-rw-r--r--libpod/util.go31
-rw-r--r--pkg/api/handlers/compat/containers_attach.go35
-rw-r--r--pkg/api/handlers/compat/images_search.go1
-rw-r--r--pkg/api/handlers/libpod/images.go53
-rw-r--r--pkg/api/server/register_containers.go8
-rw-r--r--pkg/api/server/register_images.go2
-rw-r--r--pkg/bindings/images/images.go33
-rw-r--r--pkg/bindings/images/search.go41
-rw-r--r--pkg/bindings/test/images_test.go21
-rw-r--r--pkg/cgroups/pids.go2
-rw-r--r--pkg/domain/entities/containers.go30
-rw-r--r--pkg/domain/entities/engine_container.go2
-rw-r--r--pkg/domain/entities/engine_image.go1
-rw-r--r--pkg/domain/entities/images.go31
-rw-r--r--pkg/domain/infra/abi/containers.go85
-rw-r--r--pkg/domain/infra/abi/images.go35
-rw-r--r--pkg/domain/infra/tunnel/containers.go8
-rw-r--r--pkg/domain/infra/tunnel/images.go4
25 files changed, 801 insertions, 113 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 246a4db04..aef66545f 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -18,9 +18,11 @@
- Fixed a bug where `podman play kube` would not properly handle container-only port mappings ([#5610](https://github.com/containers/libpod/issues/5610))
- Fixed a bug where the `podman container prune` command was not pruning containers in the `created` and `configured` states
- Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot ([#5433](https://github.com/containers/libpod/issues/5433))
+- Fixed a bug where Podman was not properly applying the default Seccomp profile when `--security-opt` was not given at the command line
### HTTP API
-- Many Libpod API endpoints have been added, including `Changes`, `Checkpoint`, and `Restore`
+- Many Libpod API endpoints have been added, including `Changes`, `Checkpoint`, `Init`, and `Restore`
+- Resolved issues where the `podman system service` command would time out and exit while there were still active connections
- Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0
### Misc
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 68a36d967..94b1e63dc 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -783,10 +783,12 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
Sysctl: sysctl,
}
+ var securityOpt []string
if c.Changed("security-opt") {
- if err := secConfig.SetSecurityOpts(runtime, c.StringArray("security-opt")); err != nil {
- return nil, err
- }
+ securityOpt = c.StringArray("security-opt")
+ }
+ if err := secConfig.SetSecurityOpts(runtime, securityOpt); err != nil {
+ return nil, err
}
// SECCOMP
diff --git a/cmd/podmanV2/containers/mount.go b/cmd/podmanV2/containers/mount.go
new file mode 100644
index 000000000..c2f5ae987
--- /dev/null
+++ b/cmd/podmanV2/containers/mount.go
@@ -0,0 +1,121 @@
+package containers
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "text/tabwriter"
+ "text/template"
+
+ "github.com/containers/libpod/cmd/podmanV2/parse"
+ "github.com/containers/libpod/cmd/podmanV2/registry"
+ "github.com/containers/libpod/cmd/podmanV2/utils"
+ "github.com/containers/libpod/pkg/domain/entities"
+ "github.com/spf13/cobra"
+)
+
+var (
+ mountDescription = `podman mount
+ Lists all mounted containers mount points if no container is specified
+
+ podman mount CONTAINER-NAME-OR-ID
+ Mounts the specified container and outputs the mountpoint
+`
+
+ mountCommand = &cobra.Command{
+ Use: "mount [flags] [CONTAINER]",
+ Short: "Mount a working container's root filesystem",
+ Long: mountDescription,
+ PreRunE: preRunE,
+ RunE: mount,
+ Args: func(cmd *cobra.Command, args []string) error {
+ return parse.CheckAllLatestAndCIDFile(cmd, args, true, false)
+ },
+ }
+)
+
+var (
+ mountOpts entities.ContainerMountOptions
+)
+
+func init() {
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Mode: []entities.EngineMode{entities.ABIMode},
+ Command: mountCommand,
+ })
+ flags := mountCommand.Flags()
+ flags.BoolVarP(&mountOpts.All, "all", "a", false, "Mount all containers")
+ flags.StringVar(&mountOpts.Format, "format", "", "Change the output format to Go template")
+ flags.BoolVarP(&mountOpts.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
+ flags.BoolVar(&mountOpts.NoTruncate, "notruncate", false, "Do not truncate output")
+}
+
+func mount(cmd *cobra.Command, args []string) error {
+ var (
+ errs utils.OutputErrors
+ mrs []mountReporter
+ )
+ reports, err := registry.ContainerEngine().ContainerMount(registry.GetContext(), args, mountOpts)
+ if err != nil {
+ return err
+ }
+ if len(args) > 0 || mountOpts.Latest || mountOpts.All {
+ for _, r := range reports {
+ if r.Err == nil {
+ fmt.Println(r.Path)
+ continue
+ }
+ errs = append(errs, r.Err)
+ }
+ return errs.PrintErrors()
+ }
+ if mountOpts.Format == "json" {
+ return printJSON(reports)
+ }
+ for _, r := range reports {
+ mrs = append(mrs, mountReporter{r})
+ }
+ row := "{{.ID}} {{.Path}}"
+ format := "{{range . }}" + row + "{{end}}"
+ tmpl, err := template.New("mounts").Parse(format)
+ if err != nil {
+ return err
+ }
+ w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0)
+ defer w.Flush()
+ return tmpl.Execute(w, mrs)
+}
+
+func printJSON(reports []*entities.ContainerMountReport) error {
+ type jreport struct {
+ ID string `json:"id"`
+ Names []string
+ Mountpoint string `json:"mountpoint"`
+ }
+ var jreports []jreport
+
+ for _, r := range reports {
+ jreports = append(jreports, jreport{
+ ID: r.Id,
+ Names: []string{r.Name},
+ Mountpoint: r.Path,
+ })
+ }
+ b, err := json.MarshalIndent(jreports, "", " ")
+ if err != nil {
+ return err
+ }
+ fmt.Println(string(b))
+ return nil
+}
+
+type mountReporter struct {
+ *entities.ContainerMountReport
+}
+
+func (m mountReporter) ID() string {
+ if mountOpts.NoTruncate {
+ return m.Id
+ }
+ return m.Id[0:12]
+}
diff --git a/cmd/podmanV2/containers/unmount.go b/cmd/podmanV2/containers/unmount.go
new file mode 100644
index 000000000..2a6ef14b0
--- /dev/null
+++ b/cmd/podmanV2/containers/unmount.go
@@ -0,0 +1,65 @@
+package containers
+
+import (
+ "fmt"
+
+ "github.com/containers/libpod/cmd/podmanV2/parse"
+ "github.com/containers/libpod/cmd/podmanV2/registry"
+ "github.com/containers/libpod/cmd/podmanV2/utils"
+ "github.com/containers/libpod/pkg/domain/entities"
+ "github.com/spf13/cobra"
+)
+
+var (
+ description = `Container storage increments a mount counter each time a container is mounted.
+
+ When a container is unmounted, the mount counter is decremented. The container's root filesystem is physically unmounted only when the mount counter reaches zero indicating no other processes are using the mount.
+
+ An unmount can be forced with the --force flag.
+`
+ umountCommand = &cobra.Command{
+ Use: "umount [flags] CONTAINER [CONTAINER...]",
+ Aliases: []string{"unmount"},
+ Short: "Unmounts working container's root filesystem",
+ Long: description,
+ RunE: unmount,
+ PreRunE: preRunE,
+ Args: func(cmd *cobra.Command, args []string) error {
+ return parse.CheckAllLatestAndCIDFile(cmd, args, false, false)
+ },
+ Example: `podman umount ctrID
+ podman umount ctrID1 ctrID2 ctrID3
+ podman umount --all`,
+ }
+)
+
+var (
+ unmountOpts entities.ContainerUnmountOptions
+)
+
+func init() {
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Mode: []entities.EngineMode{entities.ABIMode},
+ Command: umountCommand,
+ })
+ flags := umountCommand.Flags()
+ flags.BoolVarP(&unmountOpts.All, "all", "a", false, "Umount all of the currently mounted containers")
+ flags.BoolVarP(&unmountOpts.Force, "force", "f", false, "Force the complete umount all of the currently mounted containers")
+ flags.BoolVarP(&unmountOpts.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
+}
+
+func unmount(cmd *cobra.Command, args []string) error {
+ var errs utils.OutputErrors
+ reports, err := registry.ContainerEngine().ContainerUnmount(registry.GetContext(), args, unmountOpts)
+ if err != nil {
+ return err
+ }
+ for _, r := range reports {
+ if r.Err == nil {
+ fmt.Println(r.Id)
+ } else {
+ errs = append(errs, r.Err)
+ }
+ }
+ return errs.PrintErrors()
+}
diff --git a/cmd/podmanV2/images/search.go b/cmd/podmanV2/images/search.go
new file mode 100644
index 000000000..2ab9735ec
--- /dev/null
+++ b/cmd/podmanV2/images/search.go
@@ -0,0 +1,157 @@
+package images
+
+import (
+ "reflect"
+ "strings"
+
+ buildahcli "github.com/containers/buildah/pkg/cli"
+ "github.com/containers/buildah/pkg/formats"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/libpod/cmd/podmanV2/registry"
+ "github.com/containers/libpod/pkg/domain/entities"
+ "github.com/containers/libpod/pkg/util/camelcase"
+ "github.com/pkg/errors"
+ "github.com/spf13/cobra"
+ "github.com/spf13/pflag"
+)
+
+// searchOptionsWrapper wraps entities.ImagePullOptions and prevents leaking
+// CLI-only fields into the API types.
+type searchOptionsWrapper struct {
+ entities.ImageSearchOptions
+ // CLI only flags
+ TLSVerifyCLI bool // Used to convert to an optional bool later
+ Format string // For go templating
+}
+
+var (
+ searchOptions = searchOptionsWrapper{}
+ searchDescription = `Search registries for a given image. Can search all the default registries or a specific registry.
+
+ Users can limit the number of results, and filter the output based on certain conditions.`
+
+ // Command: podman search
+ searchCmd = &cobra.Command{
+ Use: "search [flags] TERM",
+ Short: "Search registry for image",
+ Long: searchDescription,
+ PreRunE: preRunE,
+ RunE: imageSearch,
+ Args: cobra.ExactArgs(1),
+ Example: `podman search --filter=is-official --limit 3 alpine
+ podman search registry.fedoraproject.org/ # only works with v2 registries
+ podman search --format "table {{.Index}} {{.Name}}" registry.fedoraproject.org/fedora`,
+ }
+
+ // Command: podman image search
+ imageSearchCmd = &cobra.Command{
+ Use: searchCmd.Use,
+ Short: searchCmd.Short,
+ Long: searchCmd.Long,
+ PreRunE: searchCmd.PreRunE,
+ RunE: searchCmd.RunE,
+ Args: searchCmd.Args,
+ Example: `podman image search --filter=is-official --limit 3 alpine
+ podman image search registry.fedoraproject.org/ # only works with v2 registries
+ podman image search --format "table {{.Index}} {{.Name}}" registry.fedoraproject.org/fedora`,
+ }
+)
+
+func init() {
+ // search
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode},
+ Command: searchCmd,
+ })
+
+ searchCmd.SetHelpTemplate(registry.HelpTemplate())
+ searchCmd.SetUsageTemplate(registry.UsageTemplate())
+ flags := searchCmd.Flags()
+ searchFlags(flags)
+
+ // images search
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode},
+ Command: imageSearchCmd,
+ Parent: imageCmd,
+ })
+
+ imageSearchFlags := imageSearchCmd.Flags()
+ searchFlags(imageSearchFlags)
+}
+
+// searchFlags set the flags for the pull command.
+func searchFlags(flags *pflag.FlagSet) {
+ flags.StringSliceVarP(&searchOptions.Filters, "filter", "f", []string{}, "Filter output based on conditions provided (default [])")
+ flags.StringVar(&searchOptions.Format, "format", "", "Change the output format to a Go template")
+ flags.IntVar(&searchOptions.Limit, "limit", 0, "Limit the number of results")
+ flags.BoolVar(&searchOptions.NoTrunc, "no-trunc", false, "Do not truncate the output")
+ flags.StringVar(&searchOptions.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.BoolVar(&searchOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ if registry.IsRemote() {
+ _ = flags.MarkHidden("authfile")
+ _ = flags.MarkHidden("tls-verify")
+ }
+}
+
+// imageSearch implements the command for searching images.
+func imageSearch(cmd *cobra.Command, args []string) error {
+ searchTerm := ""
+ switch len(args) {
+ case 1:
+ searchTerm = args[0]
+ default:
+ return errors.Errorf("search requires exactly one argument")
+ }
+
+ sarchOptsAPI := searchOptions.ImageSearchOptions
+ // TLS verification in c/image is controlled via a `types.OptionalBool`
+ // which allows for distinguishing among set-true, set-false, unspecified
+ // which is important to implement a sane way of dealing with defaults of
+ // boolean CLI flags.
+ if cmd.Flags().Changed("tls-verify") {
+ sarchOptsAPI.TLSVerify = types.NewOptionalBool(pullOptions.TLSVerifyCLI)
+ }
+
+ searchReport, err := registry.ImageEngine().Search(registry.GetContext(), searchTerm, sarchOptsAPI)
+ if err != nil {
+ return err
+ }
+
+ format := genSearchFormat(searchOptions.Format)
+ if len(searchReport) == 0 {
+ return nil
+ }
+ out := formats.StdoutTemplateArray{Output: searchToGeneric(searchReport), Template: format, Fields: searchHeaderMap()}
+ return out.Out()
+}
+
+// searchHeaderMap returns the headers of a SearchResult.
+func searchHeaderMap() map[string]string {
+ s := new(entities.ImageSearchReport)
+ v := reflect.Indirect(reflect.ValueOf(s))
+ values := make(map[string]string, v.NumField())
+
+ for i := 0; i < v.NumField(); i++ {
+ key := v.Type().Field(i).Name
+ value := key
+ values[key] = strings.ToUpper(strings.Join(camelcase.Split(value), " "))
+ }
+ return values
+}
+
+func genSearchFormat(format string) string {
+ if format != "" {
+ // "\t" from the command line is not being recognized as a tab
+ // replacing the string "\t" to a tab character if the user passes in "\t"
+ return strings.Replace(format, `\t`, "\t", -1)
+ }
+ return "table {{.Index}}\t{{.Name}}\t{{.Description}}\t{{.Stars}}\t{{.Official}}\t{{.Automated}}\t"
+}
+
+func searchToGeneric(params []entities.ImageSearchReport) (genericParams []interface{}) {
+ for _, v := range params {
+ genericParams = append(genericParams, interface{}(v))
+ }
+ return genericParams
+}
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 55c79fa74..b31079b26 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -6,10 +6,13 @@ import (
"io/ioutil"
"net"
"os"
+ "strings"
+ "sync"
"time"
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/libpod/events"
+ "github.com/containers/libpod/libpod/logs"
"github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -244,15 +247,28 @@ func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-
// forwarded to the client.
// This function returns when the attach finishes. It does not hold the lock for
// the duration of its runtime, only using it at the beginning to verify state.
-func (c *Container) HTTPAttach(httpCon net.Conn, httpBuf *bufio.ReadWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool) error {
+// The streamLogs parameter indicates that all the container's logs until present
+// will be streamed at the beginning of the attach.
+// The streamAttach parameter indicates that the attach itself will be streamed
+// over the socket; if this is not set, but streamLogs is, only the logs will be
+// sent.
+// At least one of streamAttach and streamLogs must be set.
+func (c *Container) HTTPAttach(httpCon net.Conn, httpBuf *bufio.ReadWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, streamAttach, streamLogs bool) (deferredErr error) {
+ isTerminal := false
+ if c.config.Spec.Process != nil {
+ isTerminal = c.config.Spec.Process.Terminal
+ }
+ // Ensure our contract of writing errors to and closing the HTTP conn is
+ // honored.
+ defer func() {
+ hijackWriteErrorAndClose(deferredErr, c.ID(), isTerminal, httpCon, httpBuf)
+ }()
+
if !c.batched {
c.lock.Lock()
if err := c.syncContainer(); err != nil {
c.lock.Unlock()
- // Write any errors to the HTTP buffer before we close.
- hijackWriteErrorAndClose(err, c.ID(), httpCon, httpBuf)
-
return err
}
// We are NOT holding the lock for the duration of the function.
@@ -260,16 +276,80 @@ func (c *Container) HTTPAttach(httpCon net.Conn, httpBuf *bufio.ReadWriter, stre
}
if !c.ensureState(define.ContainerStateCreated, define.ContainerStateRunning) {
- toReturn := errors.Wrapf(define.ErrCtrStateInvalid, "can only attach to created or running containers")
-
- // Write any errors to the HTTP buffer before we close.
- hijackWriteErrorAndClose(toReturn, c.ID(), httpCon, httpBuf)
+ return errors.Wrapf(define.ErrCtrStateInvalid, "can only attach to created or running containers")
+ }
- return toReturn
+ if !streamAttach && !streamLogs {
+ return errors.Wrapf(define.ErrInvalidArg, "must specify at least one of stream or logs")
}
logrus.Infof("Performing HTTP Hijack attach to container %s", c.ID())
+ if streamLogs {
+ // Get all logs for the container
+ logChan := make(chan *logs.LogLine)
+ logOpts := new(logs.LogOptions)
+ logOpts.Tail = -1
+ logOpts.WaitGroup = new(sync.WaitGroup)
+ errChan := make(chan error)
+ go func() {
+ var err error
+ // In non-terminal mode we need to prepend with the
+ // stream header.
+ logrus.Debugf("Writing logs for container %s to HTTP attach", c.ID())
+ for logLine := range logChan {
+ if !isTerminal {
+ device := logLine.Device
+ var header []byte
+ headerLen := uint32(len(logLine.Msg))
+
+ switch strings.ToLower(device) {
+ case "stdin":
+ header = makeHTTPAttachHeader(0, headerLen)
+ case "stdout":
+ header = makeHTTPAttachHeader(1, headerLen)
+ case "stderr":
+ header = makeHTTPAttachHeader(2, headerLen)
+ default:
+ logrus.Errorf("Unknown device for log line: %s", device)
+ header = makeHTTPAttachHeader(1, headerLen)
+ }
+ _, err = httpBuf.Write(header)
+ if err != nil {
+ break
+ }
+ }
+ _, err = httpBuf.Write([]byte(logLine.Msg))
+ if err != nil {
+ break
+ }
+ _, err = httpBuf.Write([]byte("\n"))
+ if err != nil {
+ break
+ }
+ err = httpBuf.Flush()
+ if err != nil {
+ break
+ }
+ }
+ errChan <- err
+ }()
+ go func() {
+ logOpts.WaitGroup.Wait()
+ close(logChan)
+ }()
+ if err := c.ReadLog(logOpts, logChan); err != nil {
+ return err
+ }
+ logrus.Debugf("Done reading logs for container %s", c.ID())
+ if err := <-errChan; err != nil {
+ return err
+ }
+ }
+ if !streamAttach {
+ return nil
+ }
+
c.newContainerEvent(events.Attach)
return c.ociRuntime.HTTPAttach(c, httpCon, httpBuf, streams, detachKeys, cancel)
}
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index c20e3f0b4..18b438792 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -5,7 +5,6 @@ package libpod
import (
"bufio"
"bytes"
- "encoding/binary"
"fmt"
"io"
"io/ioutil"
@@ -480,8 +479,7 @@ func (r *ConmonOCIRuntime) UnpauseContainer(ctr *Container) error {
}
// HTTPAttach performs an attach for the HTTP API.
-// This will consume, and automatically close, the hijacked HTTP session.
-// It is not necessary to close it independently.
+// The caller must handle closing the HTTP connection after this returns.
// The cancel channel is not closed; it is up to the caller to do so after
// this function returns.
// If this is a container with a terminal, we will stream raw. If it is not, we
@@ -492,13 +490,7 @@ func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, httpConn net.Conn, httpBuf
isTerminal = ctr.config.Spec.Process.Terminal
}
- // Ensure that our contract of closing the HTTP connection is honored.
- defer hijackWriteErrorAndClose(deferredErr, ctr.ID(), httpConn, httpBuf)
-
if streams != nil {
- if isTerminal {
- return errors.Wrapf(define.ErrInvalidArg, "cannot specify which streams to attach as container %s has a terminal", ctr.ID())
- }
if !streams.Stdin && !streams.Stdout && !streams.Stderr {
return errors.Wrapf(define.ErrInvalidArg, "must specify at least one stream to attach to")
}
@@ -547,8 +539,16 @@ func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, httpConn net.Conn, httpBuf
go func() {
var err error
if isTerminal {
+ // Hack: return immediately if attachStdout not set to
+ // emulate Docker.
+ // Basically, when terminal is set, STDERR goes nowhere.
+ // Everything does over STDOUT.
+ // Therefore, if not attaching STDOUT - we'll never copy
+ // anything from here.
logrus.Debugf("Performing terminal HTTP attach for container %s", ctr.ID())
- err = httpAttachTerminalCopy(conn, httpBuf, ctr.ID())
+ if attachStdout {
+ err = httpAttachTerminalCopy(conn, httpBuf, ctr.ID())
+ }
} else {
logrus.Debugf("Performing non-terminal HTTP attach for container %s", ctr.ID())
err = httpAttachNonTerminalCopy(conn, httpBuf, ctr.ID(), attachStdin, attachStdout, attachStderr)
@@ -1725,13 +1725,16 @@ func httpAttachNonTerminalCopy(container *net.UnixConn, http *bufio.ReadWriter,
for {
numR, err := container.Read(buf)
if numR > 0 {
- headerBuf := []byte{0, 0, 0, 0}
+ var headerBuf []byte
+ // Subtract 1 because we strip the first byte (used for
+ // multiplexing by Conmon).
+ headerLen := uint32(numR - 1)
// Practically speaking, we could make this buf[0] - 1,
// but we need to validate it anyways...
switch buf[0] {
case AttachPipeStdin:
- headerBuf[0] = 0
+ headerBuf = makeHTTPAttachHeader(0, headerLen)
if !stdin {
continue
}
@@ -1739,24 +1742,17 @@ func httpAttachNonTerminalCopy(container *net.UnixConn, http *bufio.ReadWriter,
if !stdout {
continue
}
- headerBuf[0] = 1
+ headerBuf = makeHTTPAttachHeader(1, headerLen)
case AttachPipeStderr:
if !stderr {
continue
}
- headerBuf[0] = 2
+ headerBuf = makeHTTPAttachHeader(2, headerLen)
default:
logrus.Errorf("Received unexpected attach type %+d, discarding %d bytes", buf[0], numR)
continue
}
- // Get big-endian length and append.
- // Subtract 1 because we strip the first byte (used for
- // multiplexing by Conmon).
- lenBuf := []byte{0, 0, 0, 0}
- binary.BigEndian.PutUint32(lenBuf, uint32(numR-1))
- headerBuf = append(headerBuf, lenBuf...)
-
numH, err2 := http.Write(headerBuf)
if err2 != nil {
if err != nil {
diff --git a/libpod/util.go b/libpod/util.go
index e9d234bbe..6457dac1c 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -2,6 +2,7 @@ package libpod
import (
"bufio"
+ "encoding/binary"
"fmt"
"io"
"os"
@@ -239,11 +240,22 @@ func checkDependencyContainer(depCtr, ctr *Container) error {
// hijackWriteErrorAndClose writes an error to a hijacked HTTP session and
// closes it. Intended to HTTPAttach function.
// If error is nil, it will not be written; we'll only close the connection.
-func hijackWriteErrorAndClose(toWrite error, cid string, httpCon io.Closer, httpBuf *bufio.ReadWriter) {
+func hijackWriteErrorAndClose(toWrite error, cid string, terminal bool, httpCon io.Closer, httpBuf *bufio.ReadWriter) {
if toWrite != nil {
- if _, err := httpBuf.Write([]byte(toWrite.Error())); err != nil {
- logrus.Errorf("Error writing error %q to container %s HTTP attach connection: %v", toWrite, cid, err)
- } else if err := httpBuf.Flush(); err != nil {
+ errString := []byte(fmt.Sprintf("%v\n", toWrite))
+ if !terminal {
+ // We need a header.
+ header := makeHTTPAttachHeader(2, uint32(len(errString)))
+ if _, err := httpBuf.Write(header); err != nil {
+ logrus.Errorf("Error writing header for container %s attach connection error: %v", cid, err)
+ }
+ // TODO: May want to return immediately here to avoid
+ // writing garbage to the socket?
+ }
+ if _, err := httpBuf.Write(errString); err != nil {
+ logrus.Errorf("Error writing error to container %s HTTP attach connection: %v", cid, err)
+ }
+ if err := httpBuf.Flush(); err != nil {
logrus.Errorf("Error flushing HTTP buffer for container %s HTTP attach connection: %v", cid, err)
}
}
@@ -252,3 +264,14 @@ func hijackWriteErrorAndClose(toWrite error, cid string, httpCon io.Closer, http
logrus.Errorf("Error closing container %s HTTP attach connection: %v", cid, err)
}
}
+
+// makeHTTPAttachHeader makes an 8-byte HTTP header for a buffer of the given
+// length and stream. Accepts an integer indicating which stream we are sending
+// to (STDIN = 0, STDOUT = 1, STDERR = 2).
+func makeHTTPAttachHeader(stream byte, length uint32) []byte {
+ headerBuf := []byte{stream, 0, 0, 0}
+ lenBuf := []byte{0, 0, 0, 0}
+ binary.BigEndian.PutUint32(lenBuf, length)
+ headerBuf = append(headerBuf, lenBuf...)
+ return headerBuf
+}
diff --git a/pkg/api/handlers/compat/containers_attach.go b/pkg/api/handlers/compat/containers_attach.go
index da7b5bb0c..80ad52aee 100644
--- a/pkg/api/handlers/compat/containers_attach.go
+++ b/pkg/api/handlers/compat/containers_attach.go
@@ -1,6 +1,7 @@
package compat
import (
+ "fmt"
"net/http"
"github.com/containers/libpod/libpod"
@@ -23,7 +24,9 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
Stdin bool `schema:"stdin"`
Stdout bool `schema:"stdout"`
Stderr bool `schema:"stderr"`
- }{}
+ }{
+ Stream: true,
+ }
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
utils.Error(w, "Error parsing parameters", http.StatusBadRequest, err)
return
@@ -61,16 +64,9 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
return
}
- // TODO: Investigate supporting these.
- // Logs replays container logs over the attach socket.
- // Stream seems to break things up somehow? Not 100% clear.
- if query.Logs {
- utils.Error(w, "Unsupported parameter", http.StatusBadRequest, errors.Errorf("the logs parameter to attach is not presently supported"))
- return
- }
- // We only support stream=true or unset
- if _, found := r.URL.Query()["stream"]; found && query.Stream {
- utils.Error(w, "Unsupported parameter", http.StatusBadRequest, errors.Errorf("the stream parameter to attach is not presently supported"))
+ // At least one of these must be set
+ if !query.Stream && !query.Logs {
+ utils.Error(w, "Unsupported parameter", http.StatusBadRequest, errors.Errorf("at least one of Logs or Stream must be set"))
return
}
@@ -86,7 +82,13 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
utils.InternalServerError(w, err)
return
}
- if !(state == define.ContainerStateCreated || state == define.ContainerStateRunning) {
+ // For Docker compatibility, we need to re-initialize containers in these states.
+ if state == define.ContainerStateConfigured || state == define.ContainerStateExited {
+ if err := ctr.Init(r.Context()); err != nil {
+ utils.InternalServerError(w, errors.Wrapf(err, "error preparing container %s for attach", ctr.ID()))
+ return
+ }
+ } else if !(state == define.ContainerStateCreated || state == define.ContainerStateRunning) {
utils.InternalServerError(w, errors.Wrapf(define.ErrCtrStateInvalid, "can only attach to created or running containers"))
return
}
@@ -98,20 +100,23 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
return
}
- w.WriteHeader(http.StatusSwitchingProtocols)
-
connection, buffer, err := hijacker.Hijack()
if err != nil {
utils.InternalServerError(w, errors.Wrapf(err, "error hijacking connection"))
return
}
+ // This header string sourced from Docker:
+ // https://raw.githubusercontent.com/moby/moby/b95fad8e51bd064be4f4e58a996924f343846c85/api/server/router/container/container_routes.go
+ // Using literally to ensure compatability with existing clients.
+ fmt.Fprintf(connection, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
+
logrus.Debugf("Hijack for attach of container %s successful", ctr.ID())
// Perform HTTP attach.
// HTTPAttach will handle everything about the connection from here on
// (including closing it and writing errors to it).
- if err := ctr.HTTPAttach(connection, buffer, streams, detachKeys, nil); err != nil {
+ if err := ctr.HTTPAttach(connection, buffer, streams, detachKeys, nil, query.Stream, query.Logs); err != nil {
// We can't really do anything about errors anymore. HTTPAttach
// should be writing them to the connection.
logrus.Errorf("Error attaching to container %s: %v", ctr.ID(), err)
diff --git a/pkg/api/handlers/compat/images_search.go b/pkg/api/handlers/compat/images_search.go
index 7283b22c4..8da685527 100644
--- a/pkg/api/handlers/compat/images_search.go
+++ b/pkg/api/handlers/compat/images_search.go
@@ -57,6 +57,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) {
Filter: filter,
Limit: query.Limit,
}
+
results, err := image.SearchImages(query.Term, options)
if err != nil {
utils.BadRequest(w, "term", query.Term, err)
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 850de4598..a42d06205 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -645,3 +645,56 @@ func UntagImage(w http.ResponseWriter, r *http.Request) {
}
utils.WriteResponse(w, http.StatusCreated, "")
}
+
+func SearchImages(w http.ResponseWriter, r *http.Request) {
+ decoder := r.Context().Value("decoder").(*schema.Decoder)
+ query := struct {
+ Term string `json:"term"`
+ Limit int `json:"limit"`
+ Filters []string `json:"filters"`
+ TLSVerify bool `json:"tlsVerify"`
+ }{
+ // This is where you can override the golang default value for one of fields
+ }
+
+ if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+ utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "Failed to parse parameters for %s", r.URL.String()))
+ return
+ }
+
+ options := image.SearchOptions{
+ Limit: query.Limit,
+ }
+ if _, found := r.URL.Query()["tlsVerify"]; found {
+ options.InsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
+ }
+
+ if _, found := r.URL.Query()["filters"]; found {
+ filter, err := image.ParseSearchFilter(query.Filters)
+ if err != nil {
+ utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "Failed to parse filters parameter for %s", r.URL.String()))
+ return
+ }
+ options.Filter = *filter
+ }
+
+ searchResults, err := image.SearchImages(query.Term, options)
+ if err != nil {
+ utils.BadRequest(w, "term", query.Term, err)
+ return
+ }
+ // Convert from image.SearchResults to entities.ImageSearchReport. We don't
+ // want to leak any low-level packages into the remote client, which
+ // requires converting.
+ reports := make([]entities.ImageSearchReport, len(searchResults))
+ for i := range searchResults {
+ reports[i].Index = searchResults[i].Index
+ reports[i].Name = searchResults[i].Name
+ reports[i].Description = searchResults[i].Index
+ reports[i].Stars = searchResults[i].Stars
+ reports[i].Official = searchResults[i].Official
+ reports[i].Automated = searchResults[i].Automated
+ }
+
+ utils.WriteResponse(w, http.StatusOK, reports)
+}
diff --git a/pkg/api/server/register_containers.go b/pkg/api/server/register_containers.go
index e39e43bfb..8b9a9e312 100644
--- a/pkg/api/server/register_containers.go
+++ b/pkg/api/server/register_containers.go
@@ -517,13 +517,13 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
// name: logs
// required: false
// type: boolean
- // description: Not yet supported
+ // description: Stream all logs from the container across the connection. Happens before streaming attach (if requested). At least one of logs or stream must be set
// - in: query
// name: stream
// required: false
// type: boolean
// default: true
- // description: If passed, must be set to true; stream=false is not yet supported
+ // description: Attach to the container. If unset, and logs is set, only the container's logs will be sent. At least one of stream or logs must be set
// - in: query
// name: stdout
// required: false
@@ -1194,13 +1194,13 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
// name: logs
// required: false
// type: boolean
- // description: Not yet supported
+ // description: Stream all logs from the container across the connection. Happens before streaming attach (if requested). At least one of logs or stream must be set
// - in: query
// name: stream
// required: false
// type: boolean
// default: true
- // description: If passed, must be set to true; stream=false is not yet supported
+ // description: Attach to the container. If unset, and logs is set, only the container's logs will be sent. At least one of stream or logs must be set
// - in: query
// name: stdout
// required: false
diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go
index 77560e789..7dd887037 100644
--- a/pkg/api/server/register_images.go
+++ b/pkg/api/server/register_images.go
@@ -919,7 +919,7 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// $ref: "#/responses/DocsSearchResponse"
// 500:
// $ref: '#/responses/InternalError'
- r.Handle(VersionedPath("/libpod/images/search"), s.APIHandler(compat.SearchImages)).Methods(http.MethodGet)
+ r.Handle(VersionedPath("/libpod/images/search"), s.APIHandler(libpod.SearchImages)).Methods(http.MethodGet)
// swagger:operation DELETE /libpod/images/{name:.*} libpod libpodRemoveImage
// ---
// tags:
diff --git a/pkg/bindings/images/images.go b/pkg/bindings/images/images.go
index 1b3df609b..3550c3968 100644
--- a/pkg/bindings/images/images.go
+++ b/pkg/bindings/images/images.go
@@ -2,7 +2,6 @@ package images
import (
"context"
- "errors"
"fmt"
"io"
"net/http"
@@ -13,6 +12,7 @@ import (
"github.com/containers/libpod/pkg/api/handlers"
"github.com/containers/libpod/pkg/bindings"
"github.com/containers/libpod/pkg/domain/entities"
+ "github.com/pkg/errors"
)
// Exists a lightweight way to determine if an image exists in local storage. It returns a
@@ -308,3 +308,34 @@ func Push(ctx context.Context, source string, destination string, options entiti
_, err = conn.DoRequest(nil, http.MethodPost, path, params)
return err
}
+
+// Search is the binding for libpod's v2 endpoints for Search images.
+func Search(ctx context.Context, term string, opts entities.ImageSearchOptions) ([]entities.ImageSearchReport, error) {
+ conn, err := bindings.GetClient(ctx)
+ if err != nil {
+ return nil, err
+ }
+ params := url.Values{}
+ params.Set("term", term)
+ params.Set("limit", strconv.Itoa(opts.Limit))
+ for _, f := range opts.Filters {
+ params.Set("filters", f)
+ }
+
+ if opts.TLSVerify != types.OptionalBoolUndefined {
+ val := bool(opts.TLSVerify == types.OptionalBoolTrue)
+ params.Set("tlsVerify", strconv.FormatBool(val))
+ }
+
+ response, err := conn.DoRequest(nil, http.MethodGet, "/images/search", params)
+ if err != nil {
+ return nil, err
+ }
+
+ results := []entities.ImageSearchReport{}
+ if err := response.Process(&results); err != nil {
+ return nil, err
+ }
+
+ return results, nil
+}
diff --git a/pkg/bindings/images/search.go b/pkg/bindings/images/search.go
deleted file mode 100644
index 183ff3d77..000000000
--- a/pkg/bindings/images/search.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package images
-
-import (
- "context"
- "net/http"
- "net/url"
- "strconv"
-
- "github.com/containers/libpod/libpod/image"
- "github.com/containers/libpod/pkg/bindings"
-)
-
-// Search looks for the given image (term) in container image registries. The optional limit parameter sets
-// a maximum number of results returned. The optional filters parameter allow for more specific image
-// searches.
-func Search(ctx context.Context, term string, limit *int, filters map[string][]string) ([]image.SearchResult, error) {
- var (
- searchResults []image.SearchResult
- )
- conn, err := bindings.GetClient(ctx)
- if err != nil {
- return nil, err
- }
- params := url.Values{}
- params.Set("term", term)
- if limit != nil {
- params.Set("limit", strconv.Itoa(*limit))
- }
- if filters != nil {
- stringFilter, err := bindings.FiltersToString(filters)
- if err != nil {
- return nil, err
- }
- params.Set("filters", stringFilter)
- }
- response, err := conn.DoRequest(nil, http.MethodGet, "/images/search", params)
- if err != nil {
- return searchResults, nil
- }
- return searchResults, response.Process(&searchResults)
-}
diff --git a/pkg/bindings/test/images_test.go b/pkg/bindings/test/images_test.go
index 992720196..58210efd0 100644
--- a/pkg/bindings/test/images_test.go
+++ b/pkg/bindings/test/images_test.go
@@ -314,11 +314,11 @@ var _ = Describe("Podman images", func() {
})
It("Search for an image", func() {
- imgs, err := images.Search(bt.conn, "alpine", nil, nil)
+ reports, err := images.Search(bt.conn, "alpine", entities.ImageSearchOptions{})
Expect(err).To(BeNil())
- Expect(len(imgs)).To(BeNumerically(">", 1))
+ Expect(len(reports)).To(BeNumerically(">", 1))
var foundAlpine bool
- for _, i := range imgs {
+ for _, i := range reports {
if i.Name == "docker.io/library/alpine" {
foundAlpine = true
break
@@ -327,23 +327,20 @@ var _ = Describe("Podman images", func() {
Expect(foundAlpine).To(BeTrue())
// Search for alpine with a limit of 10
- ten := 10
- imgs, err = images.Search(bt.conn, "docker.io/alpine", &ten, nil)
+ reports, err = images.Search(bt.conn, "docker.io/alpine", entities.ImageSearchOptions{Limit: 10})
Expect(err).To(BeNil())
- Expect(len(imgs)).To(BeNumerically("<=", 10))
+ Expect(len(reports)).To(BeNumerically("<=", 10))
// Search for alpine with stars greater than 100
- filters := make(map[string][]string)
- filters["stars"] = []string{"100"}
- imgs, err = images.Search(bt.conn, "docker.io/alpine", nil, filters)
+ reports, err = images.Search(bt.conn, "docker.io/alpine", entities.ImageSearchOptions{Filters: []string{"stars=100"}})
Expect(err).To(BeNil())
- for _, i := range imgs {
+ for _, i := range reports {
Expect(i.Stars).To(BeNumerically(">=", 100))
}
// Search with a fqdn
- imgs, err = images.Search(bt.conn, "quay.io/libpod/alpine_nginx", nil, nil)
- Expect(len(imgs)).To(BeNumerically(">=", 1))
+ reports, err = images.Search(bt.conn, "quay.io/libpod/alpine_nginx", entities.ImageSearchOptions{})
+ Expect(len(reports)).To(BeNumerically(">=", 1))
})
It("Prune images", func() {
diff --git a/pkg/cgroups/pids.go b/pkg/cgroups/pids.go
index 92f82553b..b2bfebe4d 100644
--- a/pkg/cgroups/pids.go
+++ b/pkg/cgroups/pids.go
@@ -44,7 +44,7 @@ func (c *pidHandler) Destroy(ctr *CgroupControl) error {
// Stat fills a metrics structure with usage stats for the controller
func (c *pidHandler) Stat(ctr *CgroupControl, m *Metrics) error {
- if ctr.path != "" {
+ if ctr.path == "" {
// nothing we can do to retrieve the pids.current path
return nil
}
diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go
index 4508f9c2c..f21af9ce4 100644
--- a/pkg/domain/entities/containers.go
+++ b/pkg/domain/entities/containers.go
@@ -297,3 +297,33 @@ type ContainerInitReport struct {
Err error
Id string
}
+
+//ContainerMountOptions describes the input values for mounting containers
+// in the CLI
+type ContainerMountOptions struct {
+ All bool
+ Format string
+ Latest bool
+ NoTruncate bool
+}
+
+// ContainerUnmountOptions are the options from the cli for unmounting
+type ContainerUnmountOptions struct {
+ All bool
+ Force bool
+ Latest bool
+}
+
+// ContainerMountReport describes the response from container mount
+type ContainerMountReport struct {
+ Err error
+ Id string
+ Name string
+ Path string
+}
+
+// ContainerUnmountReport describes the response from umounting a container
+type ContainerUnmountReport struct {
+ Err error
+ Id string
+}
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index d23006a38..cf66f6ac2 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -21,6 +21,7 @@ type ContainerEngine interface {
ContainerInspect(ctx context.Context, namesOrIds []string, options InspectOptions) ([]*ContainerInspectReport, error)
ContainerKill(ctx context.Context, namesOrIds []string, options KillOptions) ([]*KillReport, error)
ContainerList(ctx context.Context, options ContainerListOptions) ([]ListContainer, error)
+ ContainerMount(ctx context.Context, nameOrIds []string, options ContainerMountOptions) ([]*ContainerMountReport, error)
ContainerPause(ctx context.Context, namesOrIds []string, options PauseUnPauseOptions) ([]*PauseUnpauseReport, error)
ContainerLogs(ctx context.Context, containers []string, options ContainerLogsOptions) error
ContainerRestart(ctx context.Context, namesOrIds []string, options RestartOptions) ([]*RestartReport, error)
@@ -30,6 +31,7 @@ type ContainerEngine interface {
ContainerStart(ctx context.Context, namesOrIds []string, options ContainerStartOptions) ([]*ContainerStartReport, error)
ContainerStop(ctx context.Context, namesOrIds []string, options StopOptions) ([]*StopReport, error)
ContainerTop(ctx context.Context, options TopOptions) (*StringSliceReport, error)
+ ContainerUnmount(ctx context.Context, nameOrIds []string, options ContainerUnmountOptions) ([]*ContainerUnmountReport, error)
ContainerUnpause(ctx context.Context, namesOrIds []string, options PauseUnPauseOptions) ([]*PauseUnpauseReport, error)
ContainerWait(ctx context.Context, namesOrIds []string, options WaitOptions) ([]WaitReport, error)
HealthCheckRun(ctx context.Context, nameOrId string, options HealthCheckOptions) (*define.HealthCheckResults, error)
diff --git a/pkg/domain/entities/engine_image.go b/pkg/domain/entities/engine_image.go
index 16b96e9ef..3110898a8 100644
--- a/pkg/domain/entities/engine_image.go
+++ b/pkg/domain/entities/engine_image.go
@@ -19,4 +19,5 @@ type ImageEngine interface {
Save(ctx context.Context, nameOrId string, tags []string, options ImageSaveOptions) error
Tag(ctx context.Context, nameOrId string, tags []string, options ImageTagOptions) error
Untag(ctx context.Context, nameOrId string, tags []string, options ImageUntagOptions) error
+ Search(ctx context.Context, term string, opts ImageSearchOptions) ([]ImageSearchReport, error)
}
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index bc8a34c13..53a5f4951 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -181,6 +181,37 @@ type ImagePushOptions struct {
TLSVerify types.OptionalBool
}
+// ImageSearchOptions are the arguments for searching images.
+type ImageSearchOptions struct {
+ // Authfile is the path to the authentication file. Ignored for remote
+ // calls.
+ Authfile string
+ // Filters for the search results.
+ Filters []string
+ // Limit the number of results.
+ Limit int
+ // NoTrunc will not truncate the output.
+ NoTrunc bool
+ // TLSVerify to enable/disable HTTPS and certificate verification.
+ TLSVerify types.OptionalBool
+}
+
+// ImageSearchReport is the response from searching images.
+type ImageSearchReport struct {
+ // Index is the image index (e.g., "docker.io" or "quay.io")
+ Index string
+ // Name is the canoncical name of the image (e.g., "docker.io/library/alpine").
+ Name string
+ // Description of the image.
+ Description string
+ // Stars is the number of stars of the image.
+ Stars int
+ // Official indicates if it's an official image.
+ Official string
+ // Automated indicates if the image was created by an automated build.
+ Automated string
+}
+
type ImageListOptions struct {
All bool `json:"all" schema:"all"`
Filter []string `json:"Filter,omitempty"`
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index a3a0a8202..92668190c 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -6,6 +6,7 @@ import (
"context"
"fmt"
"io/ioutil"
+ "os"
"strconv"
"strings"
"sync"
@@ -21,9 +22,11 @@ import (
"github.com/containers/libpod/pkg/domain/entities"
"github.com/containers/libpod/pkg/domain/infra/abi/terminal"
"github.com/containers/libpod/pkg/ps"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/signal"
"github.com/containers/libpod/pkg/specgen"
"github.com/containers/libpod/pkg/specgen/generate"
+ "github.com/containers/storage"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -808,3 +811,85 @@ func (ic *ContainerEngine) ContainerInit(ctx context.Context, namesOrIds []strin
}
return reports, nil
}
+
+func (ic *ContainerEngine) ContainerMount(ctx context.Context, nameOrIds []string, options entities.ContainerMountOptions) ([]*entities.ContainerMountReport, error) {
+ if os.Geteuid() != 0 {
+ if driver := ic.Libpod.StorageConfig().GraphDriverName; driver != "vfs" {
+ // Do not allow to mount a graphdriver that is not vfs if we are creating the userns as part
+ // of the mount command.
+ return nil, fmt.Errorf("cannot mount using driver %s in rootless mode", driver)
+ }
+
+ became, ret, err := rootless.BecomeRootInUserNS("")
+ if err != nil {
+ return nil, err
+ }
+ if became {
+ os.Exit(ret)
+ }
+ }
+ var reports []*entities.ContainerMountReport
+ ctrs, err := getContainersByContext(options.All, options.Latest, nameOrIds, ic.Libpod)
+ if err != nil {
+ return nil, err
+ }
+ for _, ctr := range ctrs {
+ report := entities.ContainerMountReport{Id: ctr.ID()}
+ report.Path, report.Err = ctr.Mount()
+ reports = append(reports, &report)
+ }
+ if len(reports) > 0 {
+ return reports, nil
+ }
+
+ // No containers were passed, so we send back what is mounted
+ ctrs, err = getContainersByContext(true, false, []string{}, ic.Libpod)
+ if err != nil {
+ return nil, err
+ }
+ for _, ctr := range ctrs {
+ mounted, path, err := ctr.Mounted()
+ if err != nil {
+ return nil, err
+ }
+
+ if mounted {
+ reports = append(reports, &entities.ContainerMountReport{
+ Id: ctr.ID(),
+ Name: ctr.Name(),
+ Path: path,
+ })
+ }
+ }
+ return reports, nil
+}
+
+func (ic *ContainerEngine) ContainerUnmount(ctx context.Context, nameOrIds []string, options entities.ContainerUnmountOptions) ([]*entities.ContainerUnmountReport, error) {
+ var reports []*entities.ContainerUnmountReport
+ ctrs, err := getContainersByContext(options.All, options.Latest, nameOrIds, ic.Libpod)
+ if err != nil {
+ return nil, err
+ }
+ for _, ctr := range ctrs {
+ state, err := ctr.State()
+ if err != nil {
+ logrus.Debugf("Error umounting container %s state: %s", ctr.ID(), err.Error())
+ continue
+ }
+ if state == define.ContainerStateRunning {
+ logrus.Debugf("Error umounting container %s, is running", ctr.ID())
+ continue
+ }
+
+ report := entities.ContainerUnmountReport{Id: ctr.ID()}
+ if err := ctr.Unmount(options.Force); err != nil {
+ if options.All && errors.Cause(err) == storage.ErrLayerNotMounted {
+ logrus.Debugf("Error umounting container %s, storage.ErrLayerNotMounted", ctr.ID())
+ continue
+ }
+ report.Err = errors.Wrapf(err, "error unmounting container %s", ctr.ID())
+ }
+ reports = append(reports, &report)
+ }
+ return reports, nil
+}
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 6fc5eb9e3..402bbb45e 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -425,3 +425,38 @@ func (ir *ImageEngine) Diff(_ context.Context, nameOrId string, _ entities.DiffO
}
return &entities.DiffReport{Changes: changes}, nil
}
+
+func (ir *ImageEngine) Search(ctx context.Context, term string, opts entities.ImageSearchOptions) ([]entities.ImageSearchReport, error) {
+ filter, err := image.ParseSearchFilter(opts.Filters)
+ if err != nil {
+ return nil, err
+ }
+
+ searchOpts := image.SearchOptions{
+ Authfile: opts.Authfile,
+ Filter: *filter,
+ Limit: opts.Limit,
+ NoTrunc: opts.NoTrunc,
+ InsecureSkipTLSVerify: opts.TLSVerify,
+ }
+
+ searchResults, err := image.SearchImages(term, searchOpts)
+ if err != nil {
+ return nil, err
+ }
+
+ // Convert from image.SearchResults to entities.ImageSearchReport. We don't
+ // want to leak any low-level packages into the remote client, which
+ // requires converting.
+ reports := make([]entities.ImageSearchReport, len(searchResults))
+ for i := range searchResults {
+ reports[i].Index = searchResults[i].Index
+ reports[i].Name = searchResults[i].Name
+ reports[i].Description = searchResults[i].Index
+ reports[i].Stars = searchResults[i].Stars
+ reports[i].Official = searchResults[i].Official
+ reports[i].Automated = searchResults[i].Automated
+ }
+
+ return reports, nil
+}
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index ea9aa835b..f59d4eb0a 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -354,3 +354,11 @@ func (ic *ContainerEngine) ContainerInit(ctx context.Context, namesOrIds []strin
}
return reports, nil
}
+
+func (ic *ContainerEngine) ContainerMount(ctx context.Context, nameOrIds []string, options entities.ContainerMountOptions) ([]*entities.ContainerMountReport, error) {
+ return nil, errors.New("mounting containers is not supported for remote clients")
+}
+
+func (ic *ContainerEngine) ContainerUnmount(ctx context.Context, nameOrIds []string, options entities.ContainerUnmountOptions) ([]*entities.ContainerUnmountReport, error) {
+ return nil, errors.New("unmounting containers is not supported for remote clients")
+}
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index 66abd7f47..54f2e8334 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -250,3 +250,7 @@ func (ir *ImageEngine) Diff(ctx context.Context, nameOrId string, _ entities.Dif
}
return &entities.DiffReport{Changes: changes}, nil
}
+
+func (ir *ImageEngine) Search(ctx context.Context, term string, opts entities.ImageSearchOptions) ([]entities.ImageSearchReport, error) {
+ return images.Search(ir.ClientCxt, term, opts)
+}