summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile17
-rw-r--r--contrib/spec/podman.spec.in2
-rw-r--r--contrib/systemd/system/podman-restart.service12
-rw-r--r--contrib/systemd/system/podman.service3
-rw-r--r--libpod/container_internal.go60
-rw-r--r--libpod/container_internal_linux.go74
-rw-r--r--libpod/container_internal_unsupported.go5
-rw-r--r--pkg/api/handlers/compat/images.go25
-rw-r--r--pkg/cgroups/cgroups.go5
-rw-r--r--pkg/domain/entities/images.go2
-rw-r--r--pkg/domain/infra/abi/containers.go9
-rw-r--r--pkg/domain/infra/abi/images.go2
-rw-r--r--pkg/domain/infra/tunnel/containers.go8
-rw-r--r--test/apiv2/python/rest_api/test_v2_0_0_image.py9
-rw-r--r--test/e2e/run_test.go12
-rw-r--r--test/system/045-start.bats11
16 files changed, 172 insertions, 84 deletions
diff --git a/Makefile b/Makefile
index 3e40881f3..53be33ea3 100644
--- a/Makefile
+++ b/Makefile
@@ -93,11 +93,14 @@ LIBPOD := ${PROJECT}/v3/libpod
GCFLAGS ?= all=-trimpath=$(CURDIR)
ASMFLAGS ?= all=-trimpath=$(CURDIR)
LDFLAGS_PODMAN ?= \
- -X $(LIBPOD)/define.gitCommit=$(GIT_COMMIT) \
- -X $(LIBPOD)/define.buildInfo=$(BUILD_INFO) \
- -X $(LIBPOD)/config._installPrefix=$(PREFIX) \
- -X $(LIBPOD)/config._etcDir=$(ETCDIR) \
- $(EXTRA_LDFLAGS)
+ -X $(LIBPOD)/define.gitCommit=$(GIT_COMMIT) \
+ -X $(LIBPOD)/define.buildInfo=$(BUILD_INFO) \
+ -X $(LIBPOD)/config._installPrefix=$(PREFIX) \
+ -X $(LIBPOD)/config._etcDir=$(ETCDIR) \
+ $(EXTRA_LDFLAGS)
+LDFLAGS_PODMAN_STATIC ?= \
+ $(LDFLAGS_PODMAN) \
+ -extldflags=-static
#Update to LIBSECCOMP_COMMIT should reflect in Dockerfile too.
LIBSECCOMP_COMMIT := v2.3.3
# Rarely if ever should integration tests take more than 50min,
@@ -314,7 +317,7 @@ $(SRCBINDIR)/podman$(BINSFX): $(SRCBINDIR) .gopathok $(SOURCES) go.mod go.sum
-o $@ ./cmd/podman
$(SRCBINDIR)/podman-remote-static: $(SRCBINDIR) .gopathok $(SOURCES) go.mod go.sum
- CGO_ENABLED=$(CGO_ENABLED) \
+ CGO_ENABLED=0 \
GOOS=$(GOOS) \
$(GO) build \
$(BUILDFLAGS) \
@@ -748,11 +751,13 @@ install.systemd:
install ${SELINUXOPT} -m 644 contrib/systemd/auto-update/podman-auto-update.timer ${DESTDIR}${USERSYSTEMDDIR}/podman-auto-update.timer
install ${SELINUXOPT} -m 644 contrib/systemd/user/podman.socket ${DESTDIR}${USERSYSTEMDDIR}/podman.socket
install ${SELINUXOPT} -m 644 contrib/systemd/user/podman.service ${DESTDIR}${USERSYSTEMDDIR}/podman.service
+ install ${SELINUXOPT} -m 644 contrib/systemd/user/podman-restart.service ${DESTDIR}${USERSYSTEMDDIR}/podman-restart.service
# System services
install ${SELINUXOPT} -m 644 contrib/systemd/auto-update/podman-auto-update.service ${DESTDIR}${SYSTEMDDIR}/podman-auto-update.service
install ${SELINUXOPT} -m 644 contrib/systemd/auto-update/podman-auto-update.timer ${DESTDIR}${SYSTEMDDIR}/podman-auto-update.timer
install ${SELINUXOPT} -m 644 contrib/systemd/system/podman.socket ${DESTDIR}${SYSTEMDDIR}/podman.socket
install ${SELINUXOPT} -m 644 contrib/systemd/system/podman.service ${DESTDIR}${SYSTEMDDIR}/podman.service
+ install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-restart.service ${DESTDIR}${SYSTEMDDIR}/podman-restart.service
else
install.systemd:
endif
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 6146a2c0e..ef8523f8c 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -531,10 +531,12 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_unitdir}/podman-auto-update.timer
%{_unitdir}/podman.service
%{_unitdir}/podman.socket
+%{_unitdir}/podman-restart.service
%{_usr}/lib/systemd/user/podman.service
%{_usr}/lib/systemd/user/podman.socket
%{_usr}/lib/systemd/user/podman-auto-update.service
%{_usr}/lib/systemd/user/podman-auto-update.timer
+%{_usr}/lib/systemd/user/podman-restart.service
%{_usr}/lib/tmpfiles.d/podman.conf
%if 0%{?with_devel}
diff --git a/contrib/systemd/system/podman-restart.service b/contrib/systemd/system/podman-restart.service
new file mode 100644
index 000000000..baf12b3ae
--- /dev/null
+++ b/contrib/systemd/system/podman-restart.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Podman Start All Containers With Restart Policy Set To Always
+Documentation=man:podman-start(1)
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+Environment=LOGGING="--log-level=info"
+ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/systemd/system/podman.service b/contrib/systemd/system/podman.service
index 7e5195e7a..cefb13ae3 100644
--- a/contrib/systemd/system/podman.service
+++ b/contrib/systemd/system/podman.service
@@ -10,3 +10,6 @@ Type=exec
KillMode=process
Environment=LOGGING="--log-level=info"
ExecStart=/usr/bin/podman $LOGGING system service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 3e4eea003..545b78976 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1062,7 +1062,7 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error {
}
for _, v := range c.config.NamedVolumes {
- if err := c.chownVolume(v.Name); err != nil {
+ if err := c.fixVolumePermissions(v); err != nil {
return err
}
}
@@ -1681,64 +1681,6 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
return vol, nil
}
-// Chown the specified volume if necessary.
-func (c *Container) chownVolume(volumeName string) error {
- vol, err := c.runtime.state.Volume(volumeName)
- if err != nil {
- return errors.Wrapf(err, "error retrieving named volume %s for container %s", volumeName, c.ID())
- }
-
- vol.lock.Lock()
- defer vol.lock.Unlock()
-
- // The volume may need a copy-up. Check the state.
- if err := vol.update(); err != nil {
- return err
- }
-
- // TODO: For now, I've disabled chowning volumes owned by non-Podman
- // drivers. This may be safe, but it's really going to be a case-by-case
- // thing, I think - safest to leave disabled now and re-enable later if
- // there is a demand.
- if vol.state.NeedsChown && !vol.UsesVolumeDriver() {
- vol.state.NeedsChown = false
-
- uid := int(c.config.Spec.Process.User.UID)
- gid := int(c.config.Spec.Process.User.GID)
-
- if c.config.IDMappings.UIDMap != nil {
- p := idtools.IDPair{
- UID: uid,
- GID: gid,
- }
- mappings := idtools.NewIDMappingsFromMaps(c.config.IDMappings.UIDMap, c.config.IDMappings.GIDMap)
- newPair, err := mappings.ToHost(p)
- if err != nil {
- return errors.Wrapf(err, "error mapping user %d:%d", uid, gid)
- }
- uid = newPair.UID
- gid = newPair.GID
- }
-
- vol.state.UIDChowned = uid
- vol.state.GIDChowned = gid
-
- if err := vol.save(); err != nil {
- return err
- }
-
- mountPoint, err := vol.MountPoint()
- if err != nil {
- return err
- }
-
- if err := os.Lchown(mountPoint, uid, gid); err != nil {
- return err
- }
- }
- return nil
-}
-
// cleanupStorage unmounts and cleans up the container's root filesystem
func (c *Container) cleanupStorage() error {
if !c.state.Mounted {
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index ddfccb999..ea52d7ba0 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2426,3 +2426,77 @@ func (c *Container) createSecretMountDir() error {
return err
}
+
+// Fix ownership and permissions of the specified volume if necessary.
+func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
+ vol, err := c.runtime.state.Volume(v.Name)
+ if err != nil {
+ return errors.Wrapf(err, "error retrieving named volume %s for container %s", v.Name, c.ID())
+ }
+
+ vol.lock.Lock()
+ defer vol.lock.Unlock()
+
+ // The volume may need a copy-up. Check the state.
+ if err := vol.update(); err != nil {
+ return err
+ }
+
+ // TODO: For now, I've disabled chowning volumes owned by non-Podman
+ // drivers. This may be safe, but it's really going to be a case-by-case
+ // thing, I think - safest to leave disabled now and re-enable later if
+ // there is a demand.
+ if vol.state.NeedsChown && !vol.UsesVolumeDriver() {
+ vol.state.NeedsChown = false
+
+ uid := int(c.config.Spec.Process.User.UID)
+ gid := int(c.config.Spec.Process.User.GID)
+
+ if c.config.IDMappings.UIDMap != nil {
+ p := idtools.IDPair{
+ UID: uid,
+ GID: gid,
+ }
+ mappings := idtools.NewIDMappingsFromMaps(c.config.IDMappings.UIDMap, c.config.IDMappings.GIDMap)
+ newPair, err := mappings.ToHost(p)
+ if err != nil {
+ return errors.Wrapf(err, "error mapping user %d:%d", uid, gid)
+ }
+ uid = newPair.UID
+ gid = newPair.GID
+ }
+
+ vol.state.UIDChowned = uid
+ vol.state.GIDChowned = gid
+
+ if err := vol.save(); err != nil {
+ return err
+ }
+
+ mountPoint, err := vol.MountPoint()
+ if err != nil {
+ return err
+ }
+
+ if err := os.Lchown(mountPoint, uid, gid); err != nil {
+ return err
+ }
+
+ // Make sure the new volume matches the permissions of the target directory.
+ // https://github.com/containers/podman/issues/10188
+ st, err := os.Lstat(filepath.Join(c.state.Mountpoint, v.Dest))
+ if err == nil {
+ if err := os.Chmod(mountPoint, st.Mode()|0111); err != nil {
+ return err
+ }
+ stat := st.Sys().(*syscall.Stat_t)
+ atime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec))
+ if err := os.Chtimes(mountPoint, atime, st.ModTime()); err != nil {
+ return err
+ }
+ } else if !os.IsNotExist(err) {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/libpod/container_internal_unsupported.go b/libpod/container_internal_unsupported.go
index f979bcbde..125329ce5 100644
--- a/libpod/container_internal_unsupported.go
+++ b/libpod/container_internal_unsupported.go
@@ -57,3 +57,8 @@ func (c *Container) reloadNetwork() error {
func (c *Container) getUserOverrides() *lookup.Overrides {
return nil
}
+
+// Fix ownership and permissions of the specified volume if necessary.
+func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
+ return define.ErrNotImplemented
+}
diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go
index ac212474b..7baa1145a 100644
--- a/pkg/api/handlers/compat/images.go
+++ b/pkg/api/handlers/compat/images.go
@@ -166,10 +166,11 @@ func CreateImageFromSrc(w http.ResponseWriter, r *http.Request) {
runtime := r.Context().Value("runtime").(*libpod.Runtime)
query := struct {
- FromSrc string `schema:"fromSrc"`
- Changes []string `schema:"changes"`
- Message string `schema:"message"`
- Repo string `shchema:"repo"`
+ Changes []string `schema:"changes"`
+ FromSrc string `schema:"fromSrc"`
+ Message string `schema:"message"`
+ Platform string `schema:"platform"`
+ Repo string `shchema:"repo"`
}{
// This is where you can override the golang default value for one of fields
}
@@ -192,9 +193,21 @@ func CreateImageFromSrc(w http.ResponseWriter, r *http.Request) {
utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "failed to write temporary file"))
}
}
+
+ platformSpecs := strings.Split(query.Platform, "/")
+ opts := entities.ImageImportOptions{
+ Source: source,
+ Changes: query.Changes,
+ Message: query.Message,
+ Reference: query.Repo,
+ OS: platformSpecs[0],
+ }
+ if len(platformSpecs) > 1 {
+ opts.Architecture = platformSpecs[1]
+ }
+
imageEngine := abi.ImageEngine{Libpod: runtime}
- // TODO: add support for ImageImportOptions to take a platform parameter. Also import https://github.com/opencontainers/image-spec/tree/master/specs-go/v1 either here or within imageEngine.Import to get default platform
- report, err := imageEngine.Import(r.Context(), entities.ImageImportOptions{Source: source, Changes: query.Changes, Message: query.Message, Reference: query.Repo})
+ report, err := imageEngine.Import(r.Context(), opts)
if err != nil {
utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "unable to import tarball"))
return
diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go
index 911edeb5b..9cb32a364 100644
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@@ -165,14 +165,13 @@ func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool)
if _, found := exclude[name]; found {
continue
}
- isSymLink := false
fileInfo, err := os.Stat(cgroupRoot + "/" + name)
if err != nil {
- isSymLink = !fileInfo.IsDir()
+ continue
}
c := controller{
name: name,
- symlink: isSymLink,
+ symlink: !fileInfo.IsDir(),
}
controllers = append(controllers, c)
}
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index 3cc46ed0a..17b82037e 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -271,8 +271,10 @@ type ImageLoadReport struct {
}
type ImageImportOptions struct {
+ Architecture string
Changes []string
Message string
+ OS string
Quiet bool
Reference string
SignaturePolicy string
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 5a953c047..e6dd19e63 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -702,7 +702,9 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
reports := []*entities.ContainerStartReport{}
var exitCode = define.ExecErrorCodeGeneric
containersNamesOrIds := namesOrIds
+ all := options.All
if len(options.Filters) > 0 {
+ all = false
filterFuncs := make([]libpod.ContainerFilter, 0, len(options.Filters))
if len(options.Filters) > 0 {
for k, v := range options.Filters {
@@ -719,6 +721,10 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
}
containersNamesOrIds = []string{}
for _, candidate := range candidates {
+ if options.All {
+ containersNamesOrIds = append(containersNamesOrIds, candidate.ID())
+ continue
+ }
for _, nameOrID := range namesOrIds {
if nameOrID == candidate.ID() || nameOrID == candidate.Name() {
containersNamesOrIds = append(containersNamesOrIds, nameOrID)
@@ -726,8 +732,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
}
}
}
-
- ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, containersNamesOrIds, ic.Libpod)
+ ctrs, rawInputs, err := getContainersAndInputByContext(all, options.Latest, containersNamesOrIds, ic.Libpod)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 083566201..5992181d3 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -388,6 +388,8 @@ func (ir *ImageEngine) Import(ctx context.Context, options entities.ImageImportO
importOptions.CommitMessage = options.Message
importOptions.Tag = options.Reference
importOptions.SignaturePolicyPath = options.SignaturePolicy
+ importOptions.OS = options.OS
+ importOptions.Architecture = options.Architecture
if !options.Quiet {
importOptions.Writer = os.Stderr
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 74ced300a..0047fc839 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -508,7 +508,9 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
reports := []*entities.ContainerStartReport{}
var exitCode = define.ExecErrorCodeGeneric
containersNamesOrIds := namesOrIds
+ all := options.All
if len(options.Filters) > 0 {
+ all = false
containersNamesOrIds = []string{}
opts := new(containers.ListOptions).WithFilters(options.Filters).WithAll(true)
candidates, listErr := containers.List(ic.ClientCtx, opts)
@@ -516,6 +518,10 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
return nil, listErr
}
for _, candidate := range candidates {
+ if options.All {
+ containersNamesOrIds = append(containersNamesOrIds, candidate.ID)
+ continue
+ }
for _, nameOrID := range namesOrIds {
if nameOrID == candidate.ID {
containersNamesOrIds = append(containersNamesOrIds, nameOrID)
@@ -530,7 +536,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
}
}
}
- ctrs, err := getContainersByContext(ic.ClientCtx, options.All, false, containersNamesOrIds)
+ ctrs, err := getContainersByContext(ic.ClientCtx, all, false, containersNamesOrIds)
if err != nil {
return nil, err
}
diff --git a/test/apiv2/python/rest_api/test_v2_0_0_image.py b/test/apiv2/python/rest_api/test_v2_0_0_image.py
index cea34e2e7..59dcea87f 100644
--- a/test/apiv2/python/rest_api/test_v2_0_0_image.py
+++ b/test/apiv2/python/rest_api/test_v2_0_0_image.py
@@ -89,14 +89,9 @@ class ImageTestCase(APITestCase):
def test_create(self):
r = requests.post(
- self.podman_url + "/v1.40/images/create?fromImage=alpine&platform=linux/amd64/v8",
- timeout=15,
- )
+ self.podman_url + "/v1.40/images/create?fromImage=alpine&platform=linux/amd64/v8", timeout=15)
self.assertEqual(r.status_code, 200, r.text)
- r = requests.post(
- self.podman_url + "/v1.40/images/create?fromSrc=-&repo=fedora&message=testing123",
- timeout=15,
- )
+ r = requests.post(self.podman_url + "/v1.40/images/create?fromSrc=-&repo=fedora&message=testing123&platform=linux/amd64", timeout=15)
self.assertEqual(r.status_code, 200, r.text)
def test_search_compat(self):
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 58538b689..cae1b5aad 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -904,6 +904,18 @@ USER bin`, BB)
Expect(session.ExitCode()).To(Equal(100))
})
+ It("podman run with named volume", func() {
+ session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ perms := session.OutputToString()
+
+ session = podmanTest.Podman([]string{"run", "--rm", "-v", "test:/var/tmp", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal(perms))
+ })
+
It("podman run with built-in volume image", func() {
session := podmanTest.Podman([]string{"run", "--rm", redis, "ls"})
session.WaitWithDefaultTimeout()
diff --git a/test/system/045-start.bats b/test/system/045-start.bats
index 3e0118dba..7e4bbde8d 100644
--- a/test/system/045-start.bats
+++ b/test/system/045-start.bats
@@ -59,4 +59,15 @@ load helpers
is "$output" "Error: fakepolicy invalid restart policy"
}
+@test "podman start --all --filter" {
+ run_podman run -d $IMAGE /bin/true
+ cid_exited_0="$output"
+ run_podman run -d $IMAGE /bin/false
+ cid_exited_1="$output"
+
+ run_podman wait $cid_exited_0 $cid_exited_1
+ run_podman start --all --filter exited=0
+ is "$output" "$cid_exited_0"
+}
+
# vim: filetype=sh