summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile3
-rw-r--r--docs/source/markdown/podman-build.1.md4
-rw-r--r--docs/source/markdown/podman-container-runlabel.1.md4
-rw-r--r--docs/source/markdown/podman-image-sign.1.md4
-rw-r--r--docs/source/markdown/podman-info.1.md13
-rw-r--r--docs/source/markdown/podman-login.1.md4
-rw-r--r--docs/source/markdown/podman-manifest-add.1.md26
-rw-r--r--docs/source/markdown/podman-manifest-push.1.md4
-rw-r--r--docs/source/markdown/podman-play-kube.1.md4
-rw-r--r--docs/source/markdown/podman-pull.1.md4
-rw-r--r--docs/source/markdown/podman-push.1.md4
-rw-r--r--docs/source/markdown/podman.1.md2
-rw-r--r--go.mod2
-rw-r--r--go.sum6
-rw-r--r--libpod/define/errors.go2
-rw-r--r--libpod/define/info.go31
-rw-r--r--libpod/info.go44
-rw-r--r--libpod/network/config.go43
-rw-r--r--libpod/network/netconflist.go18
-rw-r--r--pkg/api/handlers/swagger/swagger.go18
-rw-r--r--pkg/api/handlers/types.go9
-rw-r--r--pkg/api/server/register_images.go2
-rw-r--r--pkg/bindings/images/build.go44
-rw-r--r--pkg/bindings/images/build_unix.go16
-rw-r--r--pkg/bindings/images/build_windows.go9
-rw-r--r--pkg/cgroups/cgroups.go106
-rw-r--r--pkg/domain/infra/abi/containers.go2
-rw-r--r--pkg/domain/infra/runtime_libpod.go1
-rw-r--r--pkg/domain/infra/tunnel/containers.go13
-rw-r--r--test/apiv2/python/rest_api/test_v2_0_0_image.py6
-rwxr-xr-xtest/compose/test-compose6
-rw-r--r--test/e2e/common_test.go18
-rw-r--r--test/e2e/info_test.go10
-rw-r--r--test/e2e/network_test.go26
-rw-r--r--test/system/005-info.bats8
-rw-r--r--test/system/010-images.bats2
-rw-r--r--test/system/030-run.bats2
-rw-r--r--test/system/045-start.bats2
-rw-r--r--test/system/070-build.bats28
-rw-r--r--test/system/150-login.bats6
-rw-r--r--test/system/330-corrupt-images.bats2
-rw-r--r--vendor/github.com/Microsoft/go-winio/README.md2
-rw-r--r--vendor/github.com/Microsoft/go-winio/privilege.go5
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/drivers/driver.go3
-rw-r--r--vendor/github.com/containers/storage/drivers/overlay/check.go8
-rw-r--r--vendor/github.com/containers/storage/drivers/overlay/overlay.go4
-rw-r--r--vendor/github.com/containers/storage/go.mod4
-rw-r--r--vendor/github.com/containers/storage/go.sum7
-rw-r--r--vendor/github.com/containers/storage/pkg/archive/archive_linux.go11
-rw-r--r--vendor/github.com/containers/storage/pkg/archive/changes.go3
-rw-r--r--vendor/github.com/containers/storage/store.go22
-rw-r--r--vendor/modules.txt4
53 files changed, 475 insertions, 158 deletions
diff --git a/Makefile b/Makefile
index c777deae6..15d6d9fb6 100644
--- a/Makefile
+++ b/Makefile
@@ -382,6 +382,9 @@ bin/podman.cross.%: .gopathok
.PHONY: local-cross
local-cross: $(CROSS_BUILD_TARGETS) ## Cross compile podman binary for multiple architectures
+.PHONY: cross
+cross: local-cross
+
# Update nix/nixpkgs.json its latest stable commit
.PHONY: nixpkgs
nixpkgs:
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index f173b24b4..c65fbccb9 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -111,7 +111,7 @@ given.
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--cgroup-parent**=*path*
@@ -972,7 +972,7 @@ If you are using `useradd` within your build script, you should pass the
useradd to stop creating the lastlog file.
## SEE ALSO
-podman(1), buildah(1), containers-registries.conf(5), crun(8), runc(8), useradd(8), podman-ps(1), podman-rm(1)
+podman(1), buildah(1), containers-certs.d(5), containers-registries.conf(5), crun(8), runc(8), useradd(8), podman-ps(1), podman-rm(1)
## HISTORY
Aug 2020, Additional options and .dockerignore added by Dan Walsh `<dwalsh@redhat.com>`
diff --git a/docs/source/markdown/podman-container-runlabel.1.md b/docs/source/markdown/podman-container-runlabel.1.md
index aee849cbd..e343a12fe 100644
--- a/docs/source/markdown/podman-container-runlabel.1.md
+++ b/docs/source/markdown/podman-container-runlabel.1.md
@@ -57,7 +57,7 @@ The runlabel command will not execute if --display is specified.
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--creds**=*[username[:password]]*
@@ -105,7 +105,7 @@ $ sudo podman container runlabel --display run foobar
```
## SEE ALSO
-podman(1)
+podman(1), containers-certs.d(5)
## HISTORY
September 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md
index b9addc062..616aab8ff 100644
--- a/docs/source/markdown/podman-image-sign.1.md
+++ b/docs/source/markdown/podman-image-sign.1.md
@@ -26,7 +26,7 @@ Sign all the manifests of the multi-architecture image (default false).
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--directory**, **-d**=*dir*
@@ -61,7 +61,7 @@ the signature will be written into sub-directories of
the signature will be 'read' from that same location on a pull-related function.
## SEE ALSO
-containers-registries.d(5)
+containers-certs.d(5), containers-registries.d(5)
## HISTORY
November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com)
diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md
index 4af51d3eb..227fbd92d 100644
--- a/docs/source/markdown/podman-info.1.md
+++ b/docs/source/markdown/podman-info.1.md
@@ -32,6 +32,12 @@ $ podman info
host:
arch: amd64
buildahVersion: 1.19.0-dev
+ cgroupControllers:
+ - cpuset
+ - cpu
+ - io
+ - memory
+ - pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
@@ -145,6 +151,13 @@ Run podman info with JSON formatted response:
"buildahVersion": "1.19.0-dev",
"cgroupManager": "systemd",
"cgroupVersion": "v2",
+ "cgroupControllers": [
+ "cpuset",
+ "cpu",
+ "io",
+ "memory",
+ "pids"
+ ],
"conmon": {
"package": "conmon-2.0.22-2.fc33.x86_64",
"path": "/usr/bin/conmon",
diff --git a/docs/source/markdown/podman-login.1.md b/docs/source/markdown/podman-login.1.md
index 274869042..88d025c70 100644
--- a/docs/source/markdown/podman-login.1.md
+++ b/docs/source/markdown/podman-login.1.md
@@ -54,7 +54,7 @@ Return the logged-in user for the registry. Return error if no login is found.
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--tls-verify**=*true|false*
@@ -108,7 +108,7 @@ Login Succeeded!
```
## SEE ALSO
-podman(1), podman-logout(1), containers-auth.json(5), containers-registries.conf(5)
+podman(1), podman-logout(1), containers-auth.json(5), containers-certs.d(5), containers-registries.conf(5)
## HISTORY
August 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com>
diff --git a/docs/source/markdown/podman-manifest-add.1.md b/docs/source/markdown/podman-manifest-add.1.md
index 59d5e5d2c..376301589 100644
--- a/docs/source/markdown/podman-manifest-add.1.md
+++ b/docs/source/markdown/podman-manifest-add.1.md
@@ -44,7 +44,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--creds**=*creds*
@@ -93,6 +93,28 @@ architecture value, but which expect different versions of its instruction set.
$ podman manifest add mylist:v1.11 containers-storage:quay.io/username/myimage
+ **dir:**_path_
+ An existing local directory _path_ storing the manifest, layer tarballs, and signatures as individual files. This
+ is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
+
+ $ podman manifest add dir:/tmp/myimage
+
+ **docker-archive:**_path_[**:**_docker-reference_]
+ An image is stored in the `docker save` formatted file. _docker-reference_ is only used when creating such a
+ file, and it must not contain a digest.
+
+ $ podman manifest add docker-archive:/tmp/myimage
+
+ **docker-daemon:**_docker-reference_
+ An image in _docker-reference_ format stored in the docker daemon internal storage. The _docker-reference_ can also be an image ID (docker-daemon:algo:digest).
+
+ $ sudo podman manifest add docker-daemon:docker.io/library/myimage:33
+
+ **oci-archive:**_path_**:**_tag_
+ An image _tag_ in a directory compliant with "Open Container Image Layout Specification" at _path_.
+
+ $ podman manifest add oci-archive:/tmp/myimage
+
## EXAMPLE
```
@@ -110,4 +132,4 @@ podman manifest add --arch arm64 --variant v8 mylist:v1.11 docker://71c201d10fff
```
## SEE ALSO
-podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-manifest-remove(1), podman-rmi(1)
+podman(1), podman-manifest(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-push(1), podman-manifest-remove(1), podman-rmi(1), containers-certs.d(5)
diff --git a/docs/source/markdown/podman-manifest-push.1.md b/docs/source/markdown/podman-manifest-push.1.md
index 5097ada64..2cf1cc375 100644
--- a/docs/source/markdown/podman-manifest-push.1.md
+++ b/docs/source/markdown/podman-manifest-push.1.md
@@ -30,7 +30,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--creds**=*creds*
@@ -107,4 +107,4 @@ podman manifest push mylist:v1.11 docker://registry.example.org/mylist:v1.11
```
## SEE ALSO
-podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-remove(1), podman-rmi(1)
+podman(1), podman-manifest(1), podman-manifest-add(1), podman-manifest-create(1), podman-manifest-inspect(1), podman-manifest-remove(1), podman-rmi(1), containers-certs.d(5)
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 98b303ae7..ad5ae7e4c 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -48,7 +48,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--configmap**=*path*
@@ -132,7 +132,7 @@ $ podman play kube demo.yml --network cni1,cni2
Please take into account that CNI networks must be created first using podman-network-create(1).
## SEE ALSO
-podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1), podman-play(1), podman-network-create(1)
+podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1), podman-play(1), podman-network-create(1), containers-certs.d(5)
## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md
index 9b42d07ac..54f990601 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md
@@ -80,7 +80,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--creds**=*[username[:password]]*
@@ -217,7 +217,7 @@ registries.conf is the configuration file which specifies which container regist
NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
## SEE ALSO
-podman(1), podman-push(1), podman-login(1), containers-registries.conf(5)
+podman(1), podman-push(1), podman-login(1), containers-certs.d(5), containers-registries.conf(5)
## HISTORY
July 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com>
diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md
index f42ee1020..e26d73891 100644
--- a/docs/source/markdown/podman-push.1.md
+++ b/docs/source/markdown/podman-push.1.md
@@ -71,7 +71,7 @@ value can be entered. The password is entered without echo.
#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
-Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
+Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client)
#### **--compress**
@@ -161,4 +161,4 @@ Storing signatures
```
## SEE ALSO
-podman(1), podman-pull(1), podman-login(1)
+podman(1), podman-pull(1), podman-login(1), containers-certs.d(5)
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index ab4be1307..734d00971 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -120,6 +120,8 @@ Remote connections use local containers.conf for default.
Storage root dir in which data, including images, is stored (default: "/var/lib/containers/storage" for UID 0, "$HOME/.local/share/containers/storage" for other users).
Default root dir configured in `/etc/containers/storage.conf`.
+Overriding this option will cause the *storage-opt* settings in /etc/containers/storage.conf to be ignored. The user must specify additional options via the `--storage-opt` flag.
+
#### **--runroot**=*value*
Storage state directory where all state information is stored (default: "/run/containers/storage" for UID 0, "/run/user/$UID/run" for other users).
diff --git a/go.mod b/go.mod
index 738902bad..4c320f7c5 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
github.com/containers/image/v5 v5.12.0
github.com/containers/ocicrypt v1.1.1
github.com/containers/psgo v1.5.2
- github.com/containers/storage v1.31.1
+ github.com/containers/storage v1.31.2
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cri-o/ocicni v0.2.1-0.20210301205850-541cf7c703cf
diff --git a/go.sum b/go.sum
index bad1a8deb..39827f61a 100644
--- a/go.sum
+++ b/go.sum
@@ -48,8 +48,9 @@ github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB
github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17 h1:iT12IBVClFevaf8PuVyi3UmZOVh4OqnaLxDTW2O6j3w=
github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU=
+github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
@@ -233,8 +234,9 @@ github.com/containers/psgo v1.5.2 h1:3aoozst/GIwsrr/5jnFy3FrJay98uujPCu9lTuSZ/Cw
github.com/containers/psgo v1.5.2/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM=
github.com/containers/storage v1.30.1/go.mod h1:NDJkiwxnSHD1Is+4DGcyR3SIEYSDOa0xnAW+uGQFx9E=
-github.com/containers/storage v1.31.1 h1:xJedxRd4gI/7cCStZO9UVL2aFs4wjSV9Xqo3vAm2eOQ=
github.com/containers/storage v1.31.1/go.mod h1:IFEf+yRTS0pvCGQt2tBv1Kzz2XUSPvED6uFBmWG7V/E=
+github.com/containers/storage v1.31.2 h1:wWi7OsNtHUydGdK0EpQiK94MfQNj5qK2GtxNLoj4tU4=
+github.com/containers/storage v1.31.2/go.mod h1:J3q772EVbN9vgqoN/dkvInKnp4xK9ZXm7wHNfuiIDgE=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index 81bf5f69c..9fd210eed 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -152,7 +152,7 @@ var (
// ErrOCIRuntimeNotFound indicates the OCI runtime attempted to invoke a command
// that was not found
- ErrOCIRuntimeNotFound = errors.New("OCI not found")
+ ErrOCIRuntimeNotFound = errors.New("OCI runtime attempted to invoke a command that was not found")
// ErrOCIRuntimeUnavailable indicates that the OCI runtime associated to a container
// could not be found in the configuration
diff --git a/libpod/define/info.go b/libpod/define/info.go
index c9d6877c0..de709be74 100644
--- a/libpod/define/info.go
+++ b/libpod/define/info.go
@@ -23,21 +23,22 @@ type SecurityInfo struct {
// HostInfo describes the libpod host
type HostInfo struct {
- Arch string `json:"arch"`
- BuildahVersion string `json:"buildahVersion"`
- CgroupManager string `json:"cgroupManager"`
- CGroupsVersion string `json:"cgroupVersion"`
- Conmon *ConmonInfo `json:"conmon"`
- CPUs int `json:"cpus"`
- Distribution DistributionInfo `json:"distribution"`
- EventLogger string `json:"eventLogger"`
- Hostname string `json:"hostname"`
- IDMappings IDMappings `json:"idMappings,omitempty"`
- Kernel string `json:"kernel"`
- MemFree int64 `json:"memFree"`
- MemTotal int64 `json:"memTotal"`
- OCIRuntime *OCIRuntimeInfo `json:"ociRuntime"`
- OS string `json:"os"`
+ Arch string `json:"arch"`
+ BuildahVersion string `json:"buildahVersion"`
+ CgroupManager string `json:"cgroupManager"`
+ CGroupsVersion string `json:"cgroupVersion"`
+ CgroupControllers []string `json:"cgroupControllers"`
+ Conmon *ConmonInfo `json:"conmon"`
+ CPUs int `json:"cpus"`
+ Distribution DistributionInfo `json:"distribution"`
+ EventLogger string `json:"eventLogger"`
+ Hostname string `json:"hostname"`
+ IDMappings IDMappings `json:"idMappings,omitempty"`
+ Kernel string `json:"kernel"`
+ MemFree int64 `json:"memFree"`
+ MemTotal int64 `json:"memTotal"`
+ OCIRuntime *OCIRuntimeInfo `json:"ociRuntime"`
+ OS string `json:"os"`
// RemoteSocket returns the UNIX domain socket the Podman service is listening on
RemoteSocket *RemoteSocket `json:"remoteSocket,omitempty"`
RuntimeInfo map[string]interface{} `json:"runtimeInfo,omitempty"`
diff --git a/libpod/info.go b/libpod/info.go
index 7a28a4cf7..461e39a48 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -93,20 +93,33 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
return nil, errors.Wrapf(err, "error getting Seccomp profile path")
}
+ // CGroups version
+ unified, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return nil, errors.Wrapf(err, "error reading cgroups mode")
+ }
+
+ // Get Map of all available controllers
+ availableControllers, err := cgroups.GetAvailableControllers(nil, unified)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error getting available cgroup controllers")
+ }
+
info := define.HostInfo{
- Arch: runtime.GOARCH,
- BuildahVersion: buildah.Version,
- CgroupManager: r.config.Engine.CgroupManager,
- Linkmode: linkmode.Linkmode(),
- CPUs: runtime.NumCPU(),
- Distribution: hostDistributionInfo,
- EventLogger: r.eventer.String(),
- Hostname: host,
- IDMappings: define.IDMappings{},
- Kernel: kv,
- MemFree: mi.MemFree,
- MemTotal: mi.MemTotal,
- OS: runtime.GOOS,
+ Arch: runtime.GOARCH,
+ BuildahVersion: buildah.Version,
+ CgroupManager: r.config.Engine.CgroupManager,
+ CgroupControllers: availableControllers,
+ Linkmode: linkmode.Linkmode(),
+ CPUs: runtime.NumCPU(),
+ Distribution: hostDistributionInfo,
+ EventLogger: r.eventer.String(),
+ Hostname: host,
+ IDMappings: define.IDMappings{},
+ Kernel: kv,
+ MemFree: mi.MemFree,
+ MemTotal: mi.MemTotal,
+ OS: runtime.GOOS,
Security: define.SecurityInfo{
AppArmorEnabled: apparmor.IsEnabled(),
DefaultCapabilities: strings.Join(r.config.Containers.DefaultCapabilities, ","),
@@ -120,11 +133,6 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
SwapTotal: mi.SwapTotal,
}
- // CGroups version
- unified, err := cgroups.IsCgroup2UnifiedMode()
- if err != nil {
- return nil, errors.Wrapf(err, "error reading cgroups mode")
- }
cgroupVersion := "v1"
if unified {
cgroupVersion = "v2"
diff --git a/libpod/network/config.go b/libpod/network/config.go
index ac4478602..9a3bc4763 100644
--- a/libpod/network/config.go
+++ b/libpod/network/config.go
@@ -44,17 +44,17 @@ type CNIPlugins interface {
// HostLocalBridge describes a configuration for a bridge plugin
// https://github.com/containernetworking/plugins/tree/master/plugins/main/bridge#network-configuration-reference
type HostLocalBridge struct {
- PluginType string `json:"type"`
- BrName string `json:"bridge,omitempty"`
- IsGW bool `json:"isGateway"`
- IsDefaultGW bool `json:"isDefaultGateway,omitempty"`
- ForceAddress bool `json:"forceAddress,omitempty"`
- IPMasq bool `json:"ipMasq,omitempty"`
- MTU int `json:"mtu,omitempty"`
- HairpinMode bool `json:"hairpinMode,omitempty"`
- PromiscMode bool `json:"promiscMode,omitempty"`
- Vlan int `json:"vlan,omitempty"`
- IPAM IPAMHostLocalConf `json:"ipam"`
+ PluginType string `json:"type"`
+ BrName string `json:"bridge,omitempty"`
+ IsGW bool `json:"isGateway"`
+ IsDefaultGW bool `json:"isDefaultGateway,omitempty"`
+ ForceAddress bool `json:"forceAddress,omitempty"`
+ IPMasq bool `json:"ipMasq,omitempty"`
+ MTU int `json:"mtu,omitempty"`
+ HairpinMode bool `json:"hairpinMode,omitempty"`
+ PromiscMode bool `json:"promiscMode,omitempty"`
+ Vlan int `json:"vlan,omitempty"`
+ IPAM IPAMConfig `json:"ipam"`
}
// Bytes outputs []byte
@@ -62,9 +62,9 @@ func (h *HostLocalBridge) Bytes() ([]byte, error) {
return json.MarshalIndent(h, "", "\t")
}
-// IPAMHostLocalConf describes an IPAM configuration
+// IPAMConfig describes an IPAM configuration
// https://github.com/containernetworking/plugins/tree/master/plugins/ipam/host-local#network-configuration-reference
-type IPAMHostLocalConf struct {
+type IPAMConfig struct {
PluginType string `json:"type"`
Routes []IPAMRoute `json:"routes,omitempty"`
ResolveConf string `json:"resolveConf,omitempty"`
@@ -81,7 +81,7 @@ type IPAMLocalHostRangeConf struct {
}
// Bytes outputs the configuration as []byte
-func (i IPAMHostLocalConf) Bytes() ([]byte, error) {
+func (i IPAMConfig) Bytes() ([]byte, error) {
return json.MarshalIndent(i, "", "\t")
}
@@ -101,19 +101,12 @@ func (p PortMapConfig) Bytes() ([]byte, error) {
return json.MarshalIndent(p, "", "\t")
}
-// IPAMDHCP describes the ipamdhcp config
-type IPAMDHCP struct {
- DHCP string `json:"type"`
- Routes []IPAMRoute `json:"routes,omitempty"`
- Ranges [][]IPAMLocalHostRangeConf `json:"ranges,omitempty"`
-}
-
// MacVLANConfig describes the macvlan config
type MacVLANConfig struct {
- PluginType string `json:"type"`
- Master string `json:"master"`
- IPAM IPAMDHCP `json:"ipam"`
- MTU int `json:"mtu,omitempty"`
+ PluginType string `json:"type"`
+ Master string `json:"master"`
+ IPAM IPAMConfig `json:"ipam"`
+ MTU int `json:"mtu,omitempty"`
}
// Bytes outputs the configuration as []byte
diff --git a/libpod/network/netconflist.go b/libpod/network/netconflist.go
index d2031df6d..d6c33740e 100644
--- a/libpod/network/netconflist.go
+++ b/libpod/network/netconflist.go
@@ -45,7 +45,7 @@ func NewNcList(name, version string, labels NcLabels) NcList {
}
// NewHostLocalBridge creates a new LocalBridge for host-local
-func NewHostLocalBridge(name string, isGateWay, isDefaultGW, ipMasq bool, mtu int, vlan int, ipamConf IPAMHostLocalConf) *HostLocalBridge {
+func NewHostLocalBridge(name string, isGateWay, isDefaultGW, ipMasq bool, mtu int, vlan int, ipamConf IPAMConfig) *HostLocalBridge {
hostLocalBridge := HostLocalBridge{
PluginType: "bridge",
BrName: name,
@@ -65,8 +65,8 @@ func NewHostLocalBridge(name string, isGateWay, isDefaultGW, ipMasq bool, mtu in
}
// NewIPAMHostLocalConf creates a new IPAMHostLocal configuration
-func NewIPAMHostLocalConf(routes []IPAMRoute, ipamRanges [][]IPAMLocalHostRangeConf) (IPAMHostLocalConf, error) {
- ipamConf := IPAMHostLocalConf{
+func NewIPAMHostLocalConf(routes []IPAMRoute, ipamRanges [][]IPAMLocalHostRangeConf) (IPAMConfig, error) {
+ ipamConf := IPAMConfig{
PluginType: "host-local",
Routes: routes,
// Possible future support ? Leaving for clues
@@ -177,8 +177,10 @@ func HasDNSNamePlugin(paths []string) bool {
// NewMacVLANPlugin creates a macvlanconfig with a given device name
func NewMacVLANPlugin(device string, gateway net.IP, ipRange *net.IPNet, subnet *net.IPNet, mtu int) (MacVLANConfig, error) {
- i := IPAMDHCP{DHCP: "dhcp"}
- if gateway != nil || ipRange != nil || subnet != nil {
+ i := IPAMConfig{PluginType: "dhcp"}
+ if gateway != nil ||
+ (ipRange != nil && ipRange.IP != nil && ipRange.Mask != nil) ||
+ (subnet != nil && subnet.IP != nil && subnet.Mask != nil) {
ipam, err := NewIPAMLocalHostRange(subnet, ipRange, gateway)
if err != nil {
return MacVLANConfig{}, err
@@ -186,6 +188,12 @@ func NewMacVLANPlugin(device string, gateway net.IP, ipRange *net.IPNet, subnet
ranges := make([][]IPAMLocalHostRangeConf, 0)
ranges = append(ranges, ipam)
i.Ranges = ranges
+ route, err := NewIPAMDefaultRoute(IsIPv6(subnet.IP))
+ if err != nil {
+ return MacVLANConfig{}, err
+ }
+ i.Routes = []IPAMRoute{route}
+ i.PluginType = "host-local"
}
m := MacVLANConfig{
diff --git a/pkg/api/handlers/swagger/swagger.go b/pkg/api/handlers/swagger/swagger.go
index ef3d12df8..83ff5914e 100644
--- a/pkg/api/handlers/swagger/swagger.go
+++ b/pkg/api/handlers/swagger/swagger.go
@@ -8,6 +8,15 @@ import (
"github.com/docker/docker/api/types"
)
+// Tree response
+// swagger:response TreeResponse
+type swagTree struct {
+ // in:body
+ Body struct {
+ entities.ImageTreeReport
+ }
+}
+
// History response
// swagger:response DocsHistory
type swagHistory struct {
@@ -183,12 +192,3 @@ type swagInspectVolumeResponse struct {
define.InspectVolumeData
}
}
-
-// Image tree response
-// swagger:response LibpodImageTreeResponse
-type swagImageTreeResponse struct {
- // in:body
- Body struct {
- handlers.ImageTreeResponse
- }
-}
diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go
index 2ffd9b0cb..f94c9a1f5 100644
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@@ -148,15 +148,6 @@ type HistoryResponse struct {
Comment string
}
-type ImageLayer struct{}
-
-type ImageTreeResponse struct {
- ID string `json:"id"`
- Tags []string `json:"tags"`
- Size string `json:"size"`
- Layers []ImageLayer `json:"layers"`
-}
-
type ExecCreateConfig struct {
docker.ExecConfig
}
diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go
index b32c0df20..9634bd83b 100644
--- a/pkg/api/server/register_images.go
+++ b/pkg/api/server/register_images.go
@@ -747,7 +747,7 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// - application/json
// responses:
// 200:
- // $ref: '#/responses/LibpodImageTreeResponse'
+ // $ref: "#/responses/TreeResponse"
// 404:
// $ref: '#/responses/NoSuchImage'
// 500:
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index f5e7c0c98..346d55c47 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -28,6 +28,11 @@ import (
"github.com/sirupsen/logrus"
)
+type devino struct {
+ Dev uint64
+ Ino uint64
+}
+
var (
iidRegex = regexp.MustCompile(`^[0-9a-f]{12}`)
)
@@ -402,7 +407,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) {
defer pw.Close()
defer gw.Close()
defer tw.Close()
-
+ seen := make(map[devino]string)
for _, src := range sources {
s, err := filepath.Abs(src)
if err != nil {
@@ -431,25 +436,40 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) {
}
if info.Mode().IsRegular() { // add file item
- f, lerr := os.Open(path)
- if lerr != nil {
- return lerr
+ di, isHardLink := checkHardLink(info)
+ if err != nil {
+ return err
}
- hdr, lerr := tar.FileInfoHeader(info, name)
- if lerr != nil {
- f.Close()
- return lerr
+ hdr, err := tar.FileInfoHeader(info, "")
+ if err != nil {
+ return err
+ }
+ orig, ok := seen[di]
+ if ok {
+ hdr.Typeflag = tar.TypeLink
+ hdr.Linkname = orig
+ hdr.Size = 0
+ hdr.Name = name
+ return tw.WriteHeader(hdr)
+ }
+ f, err := os.Open(path)
+ if err != nil {
+ return err
}
+
hdr.Name = name
- if lerr := tw.WriteHeader(hdr); lerr != nil {
+ if err := tw.WriteHeader(hdr); err != nil {
f.Close()
- return lerr
+ return err
}
- _, cerr := io.Copy(tw, f)
+ _, err = io.Copy(tw, f)
f.Close()
- return cerr
+ if err == nil && isHardLink {
+ seen[di] = name
+ }
+ return err
} else if info.Mode().IsDir() { // add folders
hdr, lerr := tar.FileInfoHeader(info, name)
if lerr != nil {
diff --git a/pkg/bindings/images/build_unix.go b/pkg/bindings/images/build_unix.go
new file mode 100644
index 000000000..0afb1deb6
--- /dev/null
+++ b/pkg/bindings/images/build_unix.go
@@ -0,0 +1,16 @@
+// +build !windows
+
+package images
+
+import (
+ "os"
+ "syscall"
+)
+
+func checkHardLink(fi os.FileInfo) (devino, bool) {
+ st := fi.Sys().(*syscall.Stat_t)
+ return devino{
+ Dev: uint64(st.Dev),
+ Ino: uint64(st.Ino),
+ }, st.Nlink > 1
+}
diff --git a/pkg/bindings/images/build_windows.go b/pkg/bindings/images/build_windows.go
new file mode 100644
index 000000000..bd71d1bf0
--- /dev/null
+++ b/pkg/bindings/images/build_windows.go
@@ -0,0 +1,9 @@
+package images
+
+import (
+ "os"
+)
+
+func checkHardLink(fi os.FileInfo) (devino, bool) {
+ return devino{}, false
+}
diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go
index aefb5183b..911edeb5b 100644
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@@ -128,28 +128,118 @@ func init() {
// getAvailableControllers get the available controllers
func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) ([]controller, error) {
if cgroup2 {
- return nil, fmt.Errorf("getAvailableControllers not implemented yet for cgroup v2")
+ controllers := []controller{}
+ subtreeControl := cgroupRoot + "/cgroup.subtree_control"
+ // rootless cgroupv2: check available controllers for current user ,systemd or servicescope will inherit
+ if rootless.IsRootless() {
+ userSlice, err := getCgroupPathForCurrentProcess()
+ if err != nil {
+ return controllers, err
+ }
+ //userSlice already contains '/' so not adding here
+ basePath := cgroupRoot + userSlice
+ subtreeControl = fmt.Sprintf("%s/cgroup.subtree_control", basePath)
+ }
+ subtreeControlBytes, err := ioutil.ReadFile(subtreeControl)
+ if err != nil {
+ return nil, errors.Wrapf(err, "failed while reading controllers for cgroup v2 from %q", subtreeControl)
+ }
+ for _, controllerName := range strings.Fields(string(subtreeControlBytes)) {
+ c := controller{
+ name: controllerName,
+ symlink: false,
+ }
+ controllers = append(controllers, c)
+ }
+ return controllers, nil
}
- infos, err := ioutil.ReadDir(cgroupRoot)
- if err != nil {
- return nil, err
- }
+ subsystems, _ := cgroupV1GetAllSubsystems()
controllers := []controller{}
- for _, i := range infos {
- name := i.Name()
+ // cgroupv1 and rootless: No subsystem is available: delegation is unsafe.
+ if rootless.IsRootless() {
+ return controllers, nil
+ }
+
+ for _, name := range subsystems {
if _, found := exclude[name]; found {
continue
}
+ isSymLink := false
+ fileInfo, err := os.Stat(cgroupRoot + "/" + name)
+ if err != nil {
+ isSymLink = !fileInfo.IsDir()
+ }
c := controller{
name: name,
- symlink: !i.IsDir(),
+ symlink: isSymLink,
}
controllers = append(controllers, c)
}
+
return controllers, nil
}
+// GetAvailableControllers get string:bool map of all the available controllers
+func GetAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) ([]string, error) {
+ availableControllers, err := getAvailableControllers(exclude, cgroup2)
+ if err != nil {
+ return nil, err
+ }
+ controllerList := []string{}
+ for _, controller := range availableControllers {
+ controllerList = append(controllerList, controller.name)
+ }
+
+ return controllerList, nil
+}
+
+func cgroupV1GetAllSubsystems() ([]string, error) {
+ f, err := os.Open("/proc/cgroups")
+ if err != nil {
+ return nil, err
+ }
+ defer f.Close()
+
+ subsystems := []string{}
+
+ s := bufio.NewScanner(f)
+ for s.Scan() {
+ text := s.Text()
+ if text[0] != '#' {
+ parts := strings.Fields(text)
+ if len(parts) >= 4 && parts[3] != "0" {
+ subsystems = append(subsystems, parts[0])
+ }
+ }
+ }
+ if err := s.Err(); err != nil {
+ return nil, err
+ }
+ return subsystems, nil
+}
+
+func getCgroupPathForCurrentProcess() (string, error) {
+ path := fmt.Sprintf("/proc/%d/cgroup", os.Getpid())
+ f, err := os.Open(path)
+ if err != nil {
+ return "", err
+ }
+ defer f.Close()
+
+ cgroupPath := ""
+ s := bufio.NewScanner(f)
+ for s.Scan() {
+ text := s.Text()
+ procEntries := strings.SplitN(text, "::", 2)
+ cgroupPath = procEntries[1]
+ }
+ if err := s.Err(); err != nil {
+ return cgroupPath, err
+ }
+ return cgroupPath, nil
+}
+
// getCgroupv1Path is a helper function to get the cgroup v1 path
func (c *CgroupControl) getCgroupv1Path(name string) string {
return filepath.Join(cgroupRoot, name, c.path)
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index d0a2b1bae..237a43441 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -275,7 +275,7 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string,
case nil:
// remove container names that we successfully deleted
reports = append(reports, &report)
- case define.ErrNoSuchCtr:
+ case define.ErrNoSuchCtr, define.ErrCtrExists:
// There is still a potential this is a libpod container
tmpNames = append(tmpNames, ctr)
default:
diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go
index a98c9168a..5cbee2e76 100644
--- a/pkg/domain/infra/runtime_libpod.go
+++ b/pkg/domain/infra/runtime_libpod.go
@@ -129,6 +129,7 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
if fs.Changed("root") {
storageSet = true
storageOpts.GraphRoot = cfg.Engine.StaticDir
+ storageOpts.GraphDriverOptions = []string{}
}
if fs.Changed("runroot") {
storageSet = true
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 3830835cc..74ced300a 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -21,6 +21,7 @@ import (
"github.com/containers/podman/v3/pkg/errorhandling"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
+ "github.com/containers/storage/types"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -580,7 +581,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
if err := containers.Remove(ic.ClientCtx, ctr.ID, removeOptions); err != nil {
if errorhandling.Contains(err, define.ErrNoSuchCtr) ||
errorhandling.Contains(err, define.ErrCtrRemoved) {
- logrus.Warnf("Container %s does not exist: %v", ctr.ID, err)
+ logrus.Debugf("Container %s does not exist: %v", ctr.ID, err)
} else {
logrus.Errorf("Error removing container %s: %v", ctr.ID, err)
}
@@ -613,8 +614,9 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
rmOptions := new(containers.RemoveOptions).WithForce(false).WithVolumes(true)
if err := containers.Remove(ic.ClientCtx, ctr.ID, rmOptions); err != nil {
if errorhandling.Contains(err, define.ErrNoSuchCtr) ||
- errorhandling.Contains(err, define.ErrCtrRemoved) {
- logrus.Warnf("Container %s does not exist: %v", ctr.ID, err)
+ errorhandling.Contains(err, define.ErrCtrRemoved) ||
+ errorhandling.Contains(err, types.ErrLayerUnknown) {
+ logrus.Debugf("Container %s does not exist: %v", ctr.ID, err)
} else {
logrus.Errorf("Error removing container %s: %v", ctr.ID, err)
}
@@ -691,8 +693,9 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
if !shouldRestart {
if err := containers.Remove(ic.ClientCtx, con.ID, new(containers.RemoveOptions).WithForce(false).WithVolumes(true)); err != nil {
if errorhandling.Contains(err, define.ErrNoSuchCtr) ||
- errorhandling.Contains(err, define.ErrCtrRemoved) {
- logrus.Warnf("Container %s does not exist: %v", con.ID, err)
+ errorhandling.Contains(err, define.ErrCtrRemoved) ||
+ errorhandling.Contains(err, types.ErrLayerUnknown) {
+ logrus.Debugf("Container %s does not exist: %v", con.ID, err)
} else {
logrus.Errorf("Error removing container %s: %v", con.ID, err)
}
diff --git a/test/apiv2/python/rest_api/test_v2_0_0_image.py b/test/apiv2/python/rest_api/test_v2_0_0_image.py
index 99f513608..243b1d5f5 100644
--- a/test/apiv2/python/rest_api/test_v2_0_0_image.py
+++ b/test/apiv2/python/rest_api/test_v2_0_0_image.py
@@ -160,6 +160,12 @@ class ImageTestCase(APITestCase):
for k in required_keys:
self.assertIn(k, change)
+ def test_tree(self):
+ r = requests.get(self.uri("/images/alpine/tree"))
+ self.assertEqual(r.status_code, 200, r.text)
+ tree = r.json()
+ self.assertTrue(tree["Tree"].startswith("Image ID:"), r.text)
+
if __name__ == "__main__":
unittest.main()
diff --git a/test/compose/test-compose b/test/compose/test-compose
index 46ca80321..981f78a79 100755
--- a/test/compose/test-compose
+++ b/test/compose/test-compose
@@ -174,12 +174,12 @@ function test_port() {
if [ $curl_rc -ne 0 ]; then
_show_ok 0 "$testname - curl (port $port) failed with status $curl_rc"
echo "# podman ps -a:"
- $PODMAN_BIN --root $WORKDIR/root --runroot $WORKDIR/runroot ps -a
+ $PODMAN_BIN --storage-driver=vfs --root $WORKDIR/root --runroot $WORKDIR/runroot ps -a
if type -p ss; then
echo "# ss -tulpn:"
ss -tulpn
echo "# podman unshare --rootless-cni ss -tulpn:"
- $PODMAN_BIN --root $WORKDIR/root --runroot $WORKDIR/runroot unshare --rootless-cni ss -tulpn
+ $PODMAN_BIN --storage-driver=vfs --root $WORKDIR/root --runroot $WORKDIR/runroot unshare --rootless-cni ss -tulpn
fi
echo "# cat $WORKDIR/server.log:"
cat $WORKDIR/server.log
@@ -214,6 +214,7 @@ function start_service() {
$PODMAN_BIN \
--log-level debug \
+ --storage-driver=vfs \
--root $WORKDIR/root \
--runroot $WORKDIR/runroot \
--cgroup-manager=systemd \
@@ -241,6 +242,7 @@ function start_service() {
function podman() {
echo "\$ podman $*" >>$WORKDIR/output.log
output=$($PODMAN_BIN \
+ --storage-driver=vfs \
--root $WORKDIR/root \
--runroot $WORKDIR/runroot \
"$@")
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 359345096..7ffee961c 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -408,7 +408,14 @@ func (p *PodmanTestIntegration) RunLsContainer(name string) (*PodmanSessionInteg
podmanArgs = append(podmanArgs, "-d", ALPINE, "ls")
session := p.Podman(podmanArgs)
session.WaitWithDefaultTimeout()
- return session, session.ExitCode(), session.OutputToString()
+ if session.ExitCode() != 0 {
+ return session, session.ExitCode(), session.OutputToString()
+ }
+ cid := session.OutputToString()
+
+ wsession := p.Podman([]string{"wait", cid})
+ wsession.WaitWithDefaultTimeout()
+ return session, wsession.ExitCode(), cid
}
// RunNginxWithHealthCheck runs the alpine nginx container with an optional name and adds a healthcheck into it
@@ -431,7 +438,14 @@ func (p *PodmanTestIntegration) RunLsContainerInPod(name, pod string) (*PodmanSe
podmanArgs = append(podmanArgs, "-d", ALPINE, "ls")
session := p.Podman(podmanArgs)
session.WaitWithDefaultTimeout()
- return session, session.ExitCode(), session.OutputToString()
+ if session.ExitCode() != 0 {
+ return session, session.ExitCode(), session.OutputToString()
+ }
+ cid := session.OutputToString()
+
+ wsession := p.Podman([]string{"wait", cid})
+ wsession.WaitWithDefaultTimeout()
+ return session, wsession.ExitCode(), cid
}
// BuildImage uses podman build and buildah to build an image
diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go
index 60136bcc2..f5b70d6bf 100644
--- a/test/e2e/info_test.go
+++ b/test/e2e/info_test.go
@@ -135,4 +135,14 @@ var _ = Describe("Podman Info", func() {
Expect(session.OutputToString()).To(ContainSubstring("false"))
}
})
+
+ It("Podman info must contain cgroupControllers with ReleventControllers", func() {
+ SkipIfRootless("Hard to tell which controllers are going to be enabled for rootless")
+ SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users")
+ session := podmanTest.Podman([]string{"info", "--format", "{{.Host.CgroupControllers}}"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).To(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("memory"))
+ Expect(session.OutputToString()).To(ContainSubstring("pids"))
+ })
})
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index 6f28d7e19..a7e61932e 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -533,7 +533,11 @@ var _ = Describe("Podman network", func() {
out, err := inspect.jq(".[0].plugins[0].master")
Expect(err).To(BeNil())
- Expect(out).To(Equal("\"lo\""))
+ Expect(out).To(Equal(`"lo"`))
+
+ ipamType, err := inspect.jq(".[0].plugins[0].ipam.type")
+ Expect(err).To(BeNil())
+ Expect(ipamType).To(Equal(`"dhcp"`))
nc = podmanTest.Podman([]string{"network", "rm", net})
nc.WaitWithDefaultTimeout()
@@ -571,13 +575,29 @@ var _ = Describe("Podman network", func() {
Expect(err).To(BeNil())
Expect(mtu).To(Equal("1500"))
+ name, err := inspect.jq(".[0].plugins[0].type")
+ Expect(err).To(BeNil())
+ Expect(name).To(Equal(`"macvlan"`))
+
+ netInt, err := inspect.jq(".[0].plugins[0].master")
+ Expect(err).To(BeNil())
+ Expect(netInt).To(Equal(`"lo"`))
+
+ ipamType, err := inspect.jq(".[0].plugins[0].ipam.type")
+ Expect(err).To(BeNil())
+ Expect(ipamType).To(Equal(`"host-local"`))
+
gw, err := inspect.jq(".[0].plugins[0].ipam.ranges[0][0].gateway")
Expect(err).To(BeNil())
- Expect(gw).To(Equal("\"192.168.1.254\""))
+ Expect(gw).To(Equal(`"192.168.1.254"`))
subnet, err := inspect.jq(".[0].plugins[0].ipam.ranges[0][0].subnet")
Expect(err).To(BeNil())
- Expect(subnet).To(Equal("\"192.168.1.0/24\""))
+ Expect(subnet).To(Equal(`"192.168.1.0/24"`))
+
+ routes, err := inspect.jq(".[0].plugins[0].ipam.routes[0].dst")
+ Expect(err).To(BeNil())
+ Expect(routes).To(Equal(`"0.0.0.0/0"`))
nc = podmanTest.Podman([]string{"network", "rm", net})
nc.WaitWithDefaultTimeout()
diff --git a/test/system/005-info.bats b/test/system/005-info.bats
index 83d79221a..4b419841e 100644
--- a/test/system/005-info.bats
+++ b/test/system/005-info.bats
@@ -82,4 +82,12 @@ store.imageStore.number | 1
# mounts.
is "$output" ".*graphOptions: {}" "output includes graphOptions: {}"
}
+
+@test "podman --root PATH info - basic output" {
+ if ! is_remote; then
+ run_podman --storage-driver=vfs --root ${PODMAN_TMPDIR}/nothing-here-move-along info --format '{{ .Store.GraphOptions }}'
+ is "$output" "map\[\]" "'podman --root should reset Graphoptions to []"
+ fi
+}
+
# vim: filetype=sh
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index bda331e6b..2d7ac1e0c 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -12,7 +12,7 @@ load helpers
# 'podman images' should emit headings even if there are no images
# (but --root only works locally)
if ! is_remote; then
- run_podman --root ${PODMAN_TMPDIR}/nothing-here-move-along images
+ run_podman --storage-driver=vfs --root ${PODMAN_TMPDIR}/nothing-here-move-along images
is "$output" "$headings" "'podman images' emits headings even w/o images"
fi
}
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index e12c32ef5..2ea981a85 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -14,7 +14,7 @@ load helpers
# ...but check the configured runtime engine, and switch to crun as needed
run_podman info --format '{{ .Host.OCIRuntime.Path }}'
if expr "$output" : ".*/crun"; then
- err_no_such_cmd="Error: executable file.* not found in \$PATH: No such file or directory: OCI not found"
+ err_no_such_cmd="Error: executable file.* not found in \$PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found"
err_no_exec_dir="Error: open executable: Operation not permitted: OCI permission denied"
fi
diff --git a/test/system/045-start.bats b/test/system/045-start.bats
index 542f9d1c2..3e0118dba 100644
--- a/test/system/045-start.bats
+++ b/test/system/045-start.bats
@@ -25,6 +25,8 @@ load helpers
die "podman start --all restarted a running container"
fi
+ run_podman wait $cid_none_implicit $cid_none_explicit $cid_on_failure
+
run_podman rm $cid_none_implicit $cid_none_explicit $cid_on_failure
run_podman stop -t 1 $cid_always
run_podman rm $cid_always
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index d2d56c051..0f3f3fa7f 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -766,6 +766,34 @@ EOF
is "$output" ".*/tmp/bogus: no such file or directory"
}
+@test "podman build COPY hardlinks " {
+ tmpdir=$PODMAN_TMPDIR/build-test
+ subdir=$tmpdir/subdir
+ subsubdir=$subdir/subsubdir
+ mkdir -p $subsubdir
+
+ dockerfile=$tmpdir/Dockerfile
+ cat >$dockerfile <<EOF
+FROM $IMAGE
+COPY . /test
+EOF
+ ln $dockerfile $tmpdir/hardlink1
+ ln $dockerfile $subdir/hardlink2
+ ln $dockerfile $subsubdir/hardlink3
+
+ run_podman build -t build_test $tmpdir
+ run_podman run --rm build_test stat -c '%i' /test/Dockerfile
+ dinode=$output
+ run_podman run --rm build_test stat -c '%i' /test/hardlink1
+ is "$output" "$dinode" "COPY hardlinks work"
+ run_podman run --rm build_test stat -c '%i' /test/subdir/hardlink2
+ is "$output" "$dinode" "COPY hardlinks work"
+ run_podman run --rm build_test stat -c '%i' /test/subdir/subsubdir/hardlink3
+ is "$output" "$dinode" "COPY hardlinks work"
+
+ run_podman rmi -f build_test
+}
+
function teardown() {
# A timeout or other error in 'build' can leave behind stale images
# that podman can't even see and which will cascade into subsequent
diff --git a/test/system/150-login.bats b/test/system/150-login.bats
index c3af63348..b6c04db08 100644
--- a/test/system/150-login.bats
+++ b/test/system/150-login.bats
@@ -62,7 +62,7 @@ function setup() {
# Pull registry image, but into a separate container storage
mkdir -p ${PODMAN_LOGIN_WORKDIR}/root
mkdir -p ${PODMAN_LOGIN_WORKDIR}/runroot
- PODMAN_LOGIN_ARGS="--root ${PODMAN_LOGIN_WORKDIR}/root --runroot ${PODMAN_LOGIN_WORKDIR}/runroot"
+ PODMAN_LOGIN_ARGS="--storage-driver=vfs --root ${PODMAN_LOGIN_WORKDIR}/root --runroot ${PODMAN_LOGIN_WORKDIR}/runroot"
# Give it three tries, to compensate for flakes
run_podman ${PODMAN_LOGIN_ARGS} pull $REGISTRY_IMAGE ||
run_podman ${PODMAN_LOGIN_ARGS} pull $REGISTRY_IMAGE ||
@@ -306,10 +306,10 @@ function _test_skopeo_credential_sharing() {
skip "[leaving registry running by request]"
fi
- run_podman --root ${PODMAN_LOGIN_WORKDIR}/root \
+ run_podman --storage-driver=vfs --root ${PODMAN_LOGIN_WORKDIR}/root \
--runroot ${PODMAN_LOGIN_WORKDIR}/runroot \
rm -f registry
- run_podman --root ${PODMAN_LOGIN_WORKDIR}/root \
+ run_podman --storage-driver=vfs --root ${PODMAN_LOGIN_WORKDIR}/root \
--runroot ${PODMAN_LOGIN_WORKDIR}/runroot \
rmi -a
diff --git a/test/system/330-corrupt-images.bats b/test/system/330-corrupt-images.bats
index c51cc8d46..2ee5eee9c 100644
--- a/test/system/330-corrupt-images.bats
+++ b/test/system/330-corrupt-images.bats
@@ -19,7 +19,7 @@ PODMAN_CORRUPT_TEST_IMAGE_ID=961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364b
# All tests in this file (and ONLY in this file) run with a custom rootdir
function setup() {
skip_if_remote "none of these tests run under podman-remote"
- _PODMAN_TEST_OPTS="--root ${PODMAN_CORRUPT_TEST_WORKDIR}/root"
+ _PODMAN_TEST_OPTS="--storage-driver=vfs --root ${PODMAN_CORRUPT_TEST_WORKDIR}/root"
}
function teardown() {
diff --git a/vendor/github.com/Microsoft/go-winio/README.md b/vendor/github.com/Microsoft/go-winio/README.md
index 568001057..60c93fe50 100644
--- a/vendor/github.com/Microsoft/go-winio/README.md
+++ b/vendor/github.com/Microsoft/go-winio/README.md
@@ -1,4 +1,4 @@
-# go-winio
+# go-winio [![Build Status](https://github.com/microsoft/go-winio/actions/workflows/ci.yml/badge.svg)](https://github.com/microsoft/go-winio/actions/workflows/ci.yml)
This repository contains utilities for efficiently performing Win32 IO operations in
Go. Currently, this is focused on accessing named pipes and other file handles, and
diff --git a/vendor/github.com/Microsoft/go-winio/privilege.go b/vendor/github.com/Microsoft/go-winio/privilege.go
index 9c83d36fe..c3dd7c217 100644
--- a/vendor/github.com/Microsoft/go-winio/privilege.go
+++ b/vendor/github.com/Microsoft/go-winio/privilege.go
@@ -28,8 +28,9 @@ const (
ERROR_NOT_ALL_ASSIGNED syscall.Errno = 1300
- SeBackupPrivilege = "SeBackupPrivilege"
- SeRestorePrivilege = "SeRestorePrivilege"
+ SeBackupPrivilege = "SeBackupPrivilege"
+ SeRestorePrivilege = "SeRestorePrivilege"
+ SeSecurityPrivilege = "SeSecurityPrivilege"
)
const (
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index 6bae54024..3492b09b4 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.31.1
+1.31.2
diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go
index 4832594ab..1d2a65966 100644
--- a/vendor/github.com/containers/storage/drivers/driver.go
+++ b/vendor/github.com/containers/storage/drivers/driver.go
@@ -60,6 +60,9 @@ type MountOpts struct {
// Volatile specifies whether the container storage can be optimized
// at the cost of not syncing all the dirty files in memory.
Volatile bool
+
+ // DisableShifting forces the driver to not do any ID shifting at runtime.
+ DisableShifting bool
}
// ApplyDiffOpts contains optional arguments for ApplyDiff methods.
diff --git a/vendor/github.com/containers/storage/drivers/overlay/check.go b/vendor/github.com/containers/storage/drivers/overlay/check.go
index 67287b492..43fe00625 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/check.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/check.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/storage/pkg/ioutils"
"github.com/containers/storage/pkg/mount"
"github.com/containers/storage/pkg/system"
+ "github.com/containers/storage/pkg/unshare"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -141,6 +142,9 @@ func doesMetacopy(d, mountOpts string) (bool, error) {
}
// Mount using the mandatory options and configured options
opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", path.Join(td, "l1"), path.Join(td, "l2"), path.Join(td, "work"))
+ if unshare.IsRootless() {
+ opts = fmt.Sprintf("%s,userxattr", opts)
+ }
flags, data := mount.ParseOptions(mountOpts)
if data != "" {
opts = fmt.Sprintf("%s,%s", opts, data)
@@ -164,6 +168,10 @@ func doesMetacopy(d, mountOpts string) (bool, error) {
}
metacopy, err := system.Lgetxattr(filepath.Join(td, "l2", "f"), archive.GetOverlayXattrName("metacopy"))
if err != nil {
+ if errors.Is(err, unix.ENOTSUP) {
+ logrus.Info("metacopy option not supported")
+ return false, nil
+ }
return false, errors.Wrap(err, "metacopy flag was not set on file in upper layer")
}
return metacopy != nil, nil
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index 7b6b5a66f..aed3899f8 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -1155,6 +1155,10 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
}
readWrite := true
+ if !d.SupportsShifting() || options.DisableShifting {
+ disableShifting = true
+ }
+
optsList := options.Options
if len(optsList) == 0 {
optsList = strings.Split(d.options.mountOptions, ",")
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
index 5d33200a4..3d720cde2 100644
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@@ -4,7 +4,7 @@ module github.com/containers/storage
require (
github.com/BurntSushi/toml v0.3.1
- github.com/Microsoft/go-winio v0.4.17
+ github.com/Microsoft/go-winio v0.5.0
github.com/Microsoft/hcsshim v0.8.17
github.com/docker/go-units v0.4.0
github.com/google/go-intervals v0.0.2
@@ -16,7 +16,7 @@ require (
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/sys/mountinfo v0.4.1
github.com/opencontainers/go-digest v1.0.0
- github.com/opencontainers/runc v1.0.0-rc94
+ github.com/opencontainers/runc v1.0.0-rc95
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/opencontainers/selinux v1.8.1
github.com/pkg/errors v0.9.1
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
index c16f6457f..91403a201 100644
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@@ -44,8 +44,9 @@ github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB
github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17 h1:iT12IBVClFevaf8PuVyi3UmZOVh4OqnaLxDTW2O6j3w=
github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU=
+github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
@@ -463,8 +464,8 @@ github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59P
github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.0-rc94 h1:atqAFoBGp+Wkh9HKpYN3g/8NCbMzYG6SJrr+YgwamgM=
-github.com/opencontainers/runc v1.0.0-rc94/go.mod h1:z+bZxa/+Tz/FmYVWkhUajJdzFeOqjc5vrqskhVyHGUM=
+github.com/opencontainers/runc v1.0.0-rc95 h1:RMuWVfY3E1ILlVsC3RhIq38n4sJtlOFwU9gfFZSqrd0=
+github.com/opencontainers/runc v1.0.0-rc95/go.mod h1:z+bZxa/+Tz/FmYVWkhUajJdzFeOqjc5vrqskhVyHGUM=
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
diff --git a/vendor/github.com/containers/storage/pkg/archive/archive_linux.go b/vendor/github.com/containers/storage/pkg/archive/archive_linux.go
index f5c69d1c2..2f548b661 100644
--- a/vendor/github.com/containers/storage/pkg/archive/archive_linux.go
+++ b/vendor/github.com/containers/storage/pkg/archive/archive_linux.go
@@ -129,6 +129,17 @@ func (overlayWhiteoutConverter) ConvertReadWithHandler(hdr *tar.Header, path str
originalPath := filepath.Join(dir, originalBase)
if err := handler.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
+ // If someone does:
+ // rm -rf /foo/bar
+ // in an image, some tools will generate a layer with:
+ // /.wh.foo
+ // /foo/.wh.bar
+ // and when doing the second mknod(), we will fail with
+ // ENOTDIR, since the previous /foo was mknod()'d as a
+ // character device node and not a directory.
+ if isENOTDIR(err) {
+ return false, nil
+ }
return false, err
}
if err := handler.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
diff --git a/vendor/github.com/containers/storage/pkg/archive/changes.go b/vendor/github.com/containers/storage/pkg/archive/changes.go
index 3ce396070..c7bb25d0f 100644
--- a/vendor/github.com/containers/storage/pkg/archive/changes.go
+++ b/vendor/github.com/containers/storage/pkg/archive/changes.go
@@ -121,6 +121,9 @@ func isENOTDIR(err error) bool {
if err == nil {
return false
}
+ if err == syscall.ENOTDIR {
+ return true
+ }
if perror, ok := err.(*os.PathError); ok {
if errno, ok := perror.Err.(syscall.Errno); ok {
return errno == syscall.ENOTDIR
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index f691fbddd..759407c63 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -939,6 +939,19 @@ func (s *store) ContainerStore() (ContainerStore, error) {
return nil, ErrLoadError
}
+func (s *store) canUseShifting(uidmap, gidmap []idtools.IDMap) bool {
+ if !s.graphDriver.SupportsShifting() {
+ return false
+ }
+ if uidmap != nil && !idtools.IsContiguous(uidmap) {
+ return false
+ }
+ if gidmap != nil && !idtools.IsContiguous(gidmap) {
+ return false
+ }
+ return true
+}
+
func (s *store) PutLayer(id, parent string, names []string, mountLabel string, writeable bool, options *LayerOptions, diff io.Reader) (*Layer, int64, error) {
var parentLayer *Layer
rlstore, err := s.LayerStore()
@@ -1022,7 +1035,7 @@ func (s *store) PutLayer(id, parent string, names []string, mountLabel string, w
}
}
var layerOptions *LayerOptions
- if s.graphDriver.SupportsShifting() {
+ if s.canUseShifting(uidMap, gidMap) {
layerOptions = &LayerOptions{IDMappingOptions: types.IDMappingOptions{HostUIDMapping: true, HostGIDMapping: true, UIDMap: nil, GIDMap: nil}}
} else {
layerOptions = &LayerOptions{
@@ -1101,7 +1114,7 @@ func (s *store) CreateImage(id string, names []string, layer, metadata string, o
func (s *store) imageTopLayerForMapping(image *Image, ristore ROImageStore, createMappedLayer bool, rlstore LayerStore, lstores []ROLayerStore, options types.IDMappingOptions) (*Layer, error) {
layerMatchesMappingOptions := func(layer *Layer, options types.IDMappingOptions) bool {
// If the driver supports shifting and the layer has no mappings, we can use it.
- if s.graphDriver.SupportsShifting() && len(layer.UIDMap) == 0 && len(layer.GIDMap) == 0 {
+ if s.canUseShifting(options.UIDMap, options.GIDMap) && len(layer.UIDMap) == 0 && len(layer.GIDMap) == 0 {
return true
}
// If we want host mapping, and the layer uses mappings, it's not the best match.
@@ -1175,7 +1188,7 @@ func (s *store) imageTopLayerForMapping(image *Image, ristore ROImageStore, crea
// ... so create a duplicate of the layer with the desired mappings, and
// register it as an alternate top layer in the image.
var layerOptions LayerOptions
- if s.graphDriver.SupportsShifting() {
+ if s.canUseShifting(options.UIDMap, options.GIDMap) {
layerOptions = LayerOptions{
IDMappingOptions: types.IDMappingOptions{
HostUIDMapping: true,
@@ -1329,7 +1342,7 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat
}
}
var layerOptions *LayerOptions
- if s.graphDriver.SupportsShifting() {
+ if s.canUseShifting(uidMap, gidMap) {
layerOptions = &LayerOptions{
IDMappingOptions: types.IDMappingOptions{
HostUIDMapping: true,
@@ -2693,6 +2706,7 @@ func (s *store) Mount(id, mountLabel string) (string, error) {
options.Volatile = v.(bool)
}
}
+ options.DisableShifting = !s.canUseShifting(container.UIDMap, container.GIDMap)
}
return s.mount(id, options)
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index a3e2ad7d4..c5d79a9b7 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -3,7 +3,7 @@ github.com/Azure/go-ansiterm
github.com/Azure/go-ansiterm/winterm
# github.com/BurntSushi/toml v0.3.1
github.com/BurntSushi/toml
-# github.com/Microsoft/go-winio v0.4.17
+# github.com/Microsoft/go-winio v0.5.0
github.com/Microsoft/go-winio
github.com/Microsoft/go-winio/backuptar
github.com/Microsoft/go-winio/pkg/guid
@@ -192,7 +192,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.31.1
+# github.com/containers/storage v1.31.2
github.com/containers/storage
github.com/containers/storage/drivers
github.com/containers/storage/drivers/aufs