diff options
| -rw-r--r-- | docs/libpod.conf.5.md | 4 | ||||
| -rw-r--r-- | libpod.conf | 6 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 50 | ||||
| -rw-r--r-- | libpod/oci.go | 11 | ||||
| -rw-r--r-- | libpod/runtime.go | 16 | ||||
| -rw-r--r-- | test/e2e/common_test.go | 17 |
6 files changed, 72 insertions, 32 deletions
diff --git a/docs/libpod.conf.5.md b/docs/libpod.conf.5.md index 097d0764a..b4d562d94 100644 --- a/docs/libpod.conf.5.md +++ b/docs/libpod.conf.5.md @@ -16,10 +16,10 @@ libpod to manage containers. Default OCI runtime to use if nothing is specified in **runtimes** **runtimes** - For each OCI runtime, specify a list of paths to look for. The first one found is used. + For each OCI runtime, specify a list of paths to look for. The first one found is used. If the paths are empty or no valid path was found, then the `$PATH` environment variable will be used as the fallback. **conmon_path**="" - Paths to search for the Conmon container manager binary + Paths to search for the conmon container manager binary. If the paths are empty or no valid path was found, then the `$PATH` environment variable will be used as the fallback. **conmon_env_vars**="" Environment variables to pass into Conmon diff --git a/libpod.conf b/libpod.conf index 6dd021c02..3bd3758b8 100644 --- a/libpod.conf +++ b/libpod.conf @@ -4,7 +4,9 @@ # Default transport method for pulling and pushing for images image_default_transport = "docker://" -# Paths to look for the Conmon container manager binary +# Paths to look for the conmon container manager binary. +# If the paths are empty or no valid path was found, then the `$PATH` +# environment variable will be used as the fallback. conmon_path = [ "/usr/libexec/podman/conmon", "/usr/local/libexec/podman/conmon", @@ -121,6 +123,8 @@ runtime = "runc" runtime_supports_json = ["runc"] # Paths to look for a valid OCI runtime (runc, runv, etc) +# If the paths are empty or no valid path was found, then the `$PATH` +# environment variable will be used as the fallback. [runtimes] runc = [ "/usr/bin/runc", diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 72b0d3a74..6dbd53fbf 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -466,30 +466,48 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro g.AddMount(tmpfsMnt) } - // rootless containers have no write access to /sys/fs/cgroup, so don't - // add any mount into the container. - if !rootless.IsRootless() { - cgroupPath, err := c.CGroupPath() - if err != nil { - return err - } - sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath) + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return err + } + + g.RemoveMount("/sys/fs/cgroup") + if unified { + sourcePath := filepath.Join("/sys/fs/cgroup") systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup/systemd", + Destination: "/sys/fs/cgroup", Type: "bind", Source: sourcePath, - Options: []string{"bind", "private"}, + Options: []string{"bind", "private", "rw"}, } g.AddMount(systemdMnt) } else { - systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup/systemd", - Type: "bind", - Source: "/sys/fs/cgroup/systemd", - Options: []string{"bind", "nodev", "noexec", "nosuid"}, + // rootless containers have no write access to /sys/fs/cgroup, so don't + // add any mount into the container. + if !rootless.IsRootless() { + cgroupPath, err := c.CGroupPath() + if err != nil { + return err + } + sourcePath := filepath.Join("/sys/fs/cgroup", cgroupPath) + + systemdMnt := spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "bind", + Source: sourcePath, + Options: []string{"bind", "private"}, + } + g.AddMount(systemdMnt) + } else { + systemdMnt := spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "bind", + Source: "/sys/fs/cgroup", + Options: []string{"bind", "nodev", "noexec", "nosuid"}, + } + g.AddMount(systemdMnt) } - g.AddMount(systemdMnt) } return nil diff --git a/libpod/oci.go b/libpod/oci.go index 193e66aaf..2eb004b84 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -106,8 +106,19 @@ func newOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *R } foundPath = true runtime.path = path + logrus.Debugf("using runtime %q", path) break } + + // Search the $PATH as last fallback + if !foundPath { + if foundRuntime, err := exec.LookPath(name); err == nil { + foundPath = true + runtime.path = foundRuntime + logrus.Debugf("using runtime %q from $PATH: %q", name, foundRuntime) + } + } + if !foundPath { return nil, errors.Wrapf(define.ErrInvalidArg, "no valid executable found for OCI runtime %s", name) } diff --git a/libpod/runtime.go b/libpod/runtime.go index bb6bfbfcc..ffdbc32f1 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -5,6 +5,7 @@ import ( "fmt" "io/ioutil" "os" + "os/exec" "os/user" "path/filepath" "strings" @@ -740,8 +741,19 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { } foundConmon = true runtime.conmonPath = path + logrus.Debugf("using conmon: %q", path) break } + + // Search the $PATH as last fallback + if !foundConmon { + if conmon, err := exec.LookPath("conmon"); err == nil { + foundConmon = true + runtime.conmonPath = conmon + logrus.Debugf("using conmon from $PATH: %q", conmon) + } + } + if !foundConmon { return errors.Wrapf(define.ErrInvalidArg, "could not find a working conmon binary (configured options: %v)", @@ -938,10 +950,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { // Initialize remaining OCI runtimes for name, paths := range runtime.config.OCIRuntimes { - if len(paths) == 0 { - return errors.Wrapf(define.ErrInvalidArg, "must provide at least 1 path to OCI runtime %s", name) - } - supportsJSON := false for _, r := range runtime.config.RuntimeSupportsJSON { if r == name { diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 22eb94972..b43938616 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -111,10 +111,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { } for _, image := range CACHE_IMAGES { - if err := podman.CreateArtifact(image); err != nil { - fmt.Printf("%q\n", err) - os.Exit(1) - } + podman.createArtifact(image) } // If running localized tests, the cache dir is created and populated. if the @@ -287,25 +284,26 @@ func (p *PodmanTestIntegration) RestoreAllArtifacts() error { return nil } -// CreateArtifact creates a cached image in the artifact dir -func (p *PodmanTestIntegration) CreateArtifact(image string) error { +// createArtifact creates a cached image in the artifact dir +func (p *PodmanTestIntegration) createArtifact(image string) { if os.Getenv("NO_TEST_CACHE") != "" { - return nil + return } - fmt.Printf("Caching %s...", image) dest := strings.Split(image, "/") destName := fmt.Sprintf("/tmp/%s.tar", strings.Replace(strings.Join(strings.Split(dest[len(dest)-1], "/"), ""), ":", "-", -1)) + fmt.Printf("Caching %s at %s...", image, destName) if _, err := os.Stat(destName); os.IsNotExist(err) { pull := p.PodmanNoCache([]string{"pull", image}) pull.Wait(90) + Expect(pull.ExitCode()).To(Equal(0)) save := p.PodmanNoCache([]string{"save", "-o", destName, image}) save.Wait(90) + Expect(save.ExitCode()).To(Equal(0)) fmt.Printf("\n") } else { fmt.Printf(" already exists.\n") } - return nil } // InspectImageJSON takes the session output of an inspect @@ -322,6 +320,7 @@ func (p *PodmanTestIntegration) InspectContainer(name string) []libpod.InspectCo cmd := []string{"inspect", name} session := p.Podman(cmd) session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) return session.InspectContainerToJSON() } |