diff options
| -rw-r--r-- | cmd/podman/libpodruntime/runtime.go | 4 | ||||
| -rw-r--r-- | cmd/podman/main_local.go | 2 | ||||
| -rw-r--r-- | cmd/podman/shared/create.go | 11 | ||||
| -rw-r--r-- | cmd/podman/utils.go | 26 | ||||
| -rw-r--r-- | libpod/container_commit.go | 39 | ||||
| -rw-r--r-- | pkg/adapter/runtime.go | 40 |
6 files changed, 39 insertions, 83 deletions
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index 3faea493c..78adf1252 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -64,6 +64,10 @@ func getRuntime(c *cliconfig.PodmanCommand, renumber bool) (*libpod.Runtime, err storageOpts.GraphDriverOptions = c.GlobalFlags.StorageOpts } + if renumber { + options = append(options, libpod.WithRenumber()) + } + // Only set this if the user changes storage config on the command line if storageSet { options = append(options, libpod.WithStorageConfig(storageOpts)) diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go index f234368bf..91ad42630 100644 --- a/cmd/podman/main_local.go +++ b/cmd/podman/main_local.go @@ -103,7 +103,7 @@ func profileOff(cmd *cobra.Command) error { } func setupRootless(cmd *cobra.Command, args []string) error { - if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || strings.HasPrefix(cmd.Use, "help") { + if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || cmd == _mountCommand || strings.HasPrefix(cmd.Use, "help") { return nil } podmanCmd := cliconfig.PodmanCommand{ diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index a1c096853..3f54e193f 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -19,7 +19,6 @@ import ( ann "github.com/containers/libpod/pkg/annotations" "github.com/containers/libpod/pkg/inspect" ns "github.com/containers/libpod/pkg/namespaces" - "github.com/containers/libpod/pkg/rootless" cc "github.com/containers/libpod/pkg/spec" "github.com/containers/libpod/pkg/util" "github.com/docker/docker/pkg/signal" @@ -392,16 +391,6 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. } if c.IsSet("pod") { if strings.HasPrefix(originalPodName, "new:") { - if rootless.IsRootless() { - // To create a new pod, we must immediately create the userns. - became, ret, err := rootless.BecomeRootInUserNS() - if err != nil { - return nil, err - } - if became { - os.Exit(ret) - } - } // pod does not exist; lets make it var podOptions []libpod.PodCreateOption podOptions = append(podOptions, libpod.WithPodName(podName), libpod.WithInfraContainer(), libpod.WithPodCgroups()) diff --git a/cmd/podman/utils.go b/cmd/podman/utils.go index 81bd02faa..986db469e 100644 --- a/cmd/podman/utils.go +++ b/cmd/podman/utils.go @@ -51,29 +51,3 @@ func markFlagHiddenForRemoteClient(flagName string, flags *pflag.FlagSet) { flags.MarkHidden(flagName) } } - -// TODO: remove when adapter package takes over this functionality -// func joinContainerOrCreateRootlessUserNS(runtime *libpod.Runtime, ctr *libpod.Container) (bool, int, error) { -// if os.Geteuid() == 0 { -// return false, 0, nil -// } -// s, err := ctr.State() -// if err != nil { -// return false, -1, err -// } -// opts := rootless.Opts{ -// Argument: ctr.ID(), -// } -// if s == libpod.ContainerStateRunning || s == libpod.ContainerStatePaused { -// data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) -// if err != nil { -// return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile) -// } -// conmonPid, err := strconv.Atoi(string(data)) -// if err != nil { -// return false, -1, errors.Wrapf(err, "cannot parse PID %q", data) -// } -// return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts) -// } -// return rootless.BecomeRootInUserNSWithOpts(&opts) -// } diff --git a/libpod/container_commit.go b/libpod/container_commit.go index db67f7a30..3cc4b2c92 100644 --- a/libpod/container_commit.go +++ b/libpod/container_commit.go @@ -3,6 +3,7 @@ package libpod import ( "context" "fmt" + "os" "strings" "github.com/containers/buildah" @@ -126,18 +127,40 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai // Process user changes for _, change := range options.Changes { - splitChange := strings.Split(change, "=") + splitChange := strings.SplitN(change, " ", 2) + if len(splitChange) != 2 { + splitChange = strings.SplitN(change, "=", 2) + if len(splitChange) < 2 { + return nil, errors.Errorf("invalid change %s format", change) + } + } + + change := strings.Split(splitChange[1], " ") switch strings.ToUpper(splitChange[0]) { case "CMD": - importBuilder.SetCmd(splitChange[1:]) + importBuilder.SetCmd(change) case "ENTRYPOINT": - importBuilder.SetEntrypoint(splitChange[1:]) + importBuilder.SetEntrypoint(change) case "ENV": + name := change[0] + val := "" + if len(change) < 2 { + change = strings.Split(change[0], "=") + } + if len(change) < 2 { + var ok bool + val, ok = os.LookupEnv(name) + if !ok { + return nil, errors.Errorf("invalid env variable %q: not defined in your environment", name) + } + } else { + val = strings.Join(change[1:], " ") + } if !isEnvCleared { // Multiple values are valid, only clear once. importBuilder.ClearEnv() isEnvCleared = true } - importBuilder.SetEnv(splitChange[1], splitChange[2]) + importBuilder.SetEnv(name, val) case "EXPOSE": if !isExposeCleared { // Multiple values are valid, only clear once importBuilder.ClearPorts() @@ -145,11 +168,17 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai } importBuilder.SetPort(splitChange[1]) case "LABEL": + if len(change) < 2 { + change = strings.Split(change[0], "=") + } + if len(change) < 2 { + return nil, errors.Errorf("invalid label %s format, requires to NAME=VAL", splitChange[1]) + } if !isLabelCleared { // multiple values are valid, only clear once importBuilder.ClearLabels() isLabelCleared = true } - importBuilder.SetLabel(splitChange[1], splitChange[2]) + importBuilder.SetLabel(change[0], strings.Join(change[1:], " ")) case "ONBUILD": importBuilder.SetOnBuild(splitChange[1]) case "STOPSIGNAL": diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go index 6aafed550..b5ec9f7a9 100644 --- a/pkg/adapter/runtime.go +++ b/pkg/adapter/runtime.go @@ -311,46 +311,6 @@ func (r *LocalRuntime) HealthCheck(c *cliconfig.HealthCheckValues) (libpod.Healt return r.Runtime.HealthCheck(c.InputArgs[0]) } -// JoinOrCreateRootlessPod joins the specified pod if it is running or it creates a new user namespace -// if the pod is stopped -// func (r *LocalRuntime) JoinOrCreateRootlessPod(pod *Pod) (bool, int, error) { -// if os.Geteuid() == 0 { -// return false, 0, nil -// } -// opts := rootless.Opts{ -// Argument: pod.ID(), -// } -// -// inspect, err := pod.Inspect() -// if err != nil { -// return false, 0, err -// } -// for _, ctr := range inspect.Containers { -// prevCtr, err := r.LookupContainer(ctr.ID) -// if err != nil { -// return false, -1, err -// } -// s, err := prevCtr.State() -// if err != nil { -// return false, -1, err -// } -// if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused { -// continue -// } -// data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile) -// if err != nil { -// return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile) -// } -// conmonPid, err := strconv.Atoi(string(data)) -// if err != nil { -// return false, -1, errors.Wrapf(err, "cannot parse PID %q", data) -// } -// return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts) -// } -// -// return rootless.BecomeRootInUserNSWithOpts(&opts) -// } - // Events is a wrapper to libpod to obtain libpod/podman events func (r *LocalRuntime) Events(c *cliconfig.EventValues) error { var ( |