summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/common/specgen.go2
-rw-r--r--cmd/podman/system/varlink.go12
-rw-r--r--contrib/varlink/io.podman.service2
-rw-r--r--docs/source/Commands.rst2
-rw-r--r--docs/source/index.rst2
-rw-r--r--docs/source/markdown/podman-remote.1.md2
-rw-r--r--docs/source/markdown/podman-system-service.1.md7
-rw-r--r--docs/source/markdown/podman-varlink.1.md63
-rw-r--r--docs/source/markdown/podman.1.md1
-rw-r--r--go.mod4
-rw-r--r--go.sum10
-rw-r--r--libpod/image/image.go2
-rw-r--r--pkg/api/server/register_ping.go1
-rw-r--r--pkg/autoupdate/autoupdate.go11
-rw-r--r--pkg/domain/infra/tunnel/containers.go2
-rw-r--r--pkg/domain/infra/tunnel/images.go2
-rw-r--r--pkg/specgen/generate/oci.go2
-rw-r--r--pkg/specgen/generate/storage.go4
-rw-r--r--test/apiv2/40-pods.at70
-rw-r--r--test/e2e/run_test.go24
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go192
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf10
-rw-r--r--vendor/modules.txt4
23 files changed, 271 insertions, 160 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index bdf44ed5d..0e4747954 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -563,6 +563,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
// we dont think these are in the spec
// init - initbinary
// initpath
+ s.Init = c.Init
+ s.InitPath = c.InitPath
s.Stdin = c.Interactive
// quiet
// DeviceCgroupRules: c.StringSlice("device-cgroup-rule"),
diff --git a/cmd/podman/system/varlink.go b/cmd/podman/system/varlink.go
index 19535e539..33a807533 100644
--- a/cmd/podman/system/varlink.go
+++ b/cmd/podman/system/varlink.go
@@ -16,11 +16,13 @@ var (
Tools speaking varlink protocol can remotely manage pods, containers and images.
`
varlinkCmd = &cobra.Command{
- Use: "varlink [flags] [URI]",
- Args: cobra.MinimumNArgs(1),
- Short: "Run varlink interface",
- Long: varlinkDescription,
- RunE: varlinkE,
+ Use: "varlink [flags] [URI]",
+ Args: cobra.MinimumNArgs(1),
+ Short: "Run varlink interface",
+ Long: varlinkDescription,
+ RunE: varlinkE,
+ Deprecated: "Please see 'podman system service' for RESTful APIs",
+ Hidden: true,
Example: `podman varlink unix:/run/podman/io.podman
podman varlink --time 5000 unix:/run/podman/io.podman`,
}
diff --git a/contrib/varlink/io.podman.service b/contrib/varlink/io.podman.service
index 99d28560d..5be5329f4 100644
--- a/contrib/varlink/io.podman.service
+++ b/contrib/varlink/io.podman.service
@@ -6,7 +6,7 @@ Documentation=man:podman-varlink(1)
[Service]
Type=simple
-ExecStart=/usr/bin/podman system service --varlink --timeout=60000 unix:%t/podman/io.podman
+ExecStart=/usr/bin/podman varlink unix:%t/podman/io.podman --timeout=60000
TimeoutStopSec=30
KillMode=process
diff --git a/docs/source/Commands.rst b/docs/source/Commands.rst
index e3dbf8ecd..aba29bd82 100644
--- a/docs/source/Commands.rst
+++ b/docs/source/Commands.rst
@@ -100,8 +100,6 @@ Commands
:doc:`unshare <markdown/podman-unshare.1>` Run a command in a modified user namespace
-:doc:`varlink <markdown/podman-varlink.1>` Run varlink interface
-
:doc:`version <markdown/podman-version.1>` Display the Podman Version Information
:doc:`volume <volume>` Manage volumes
diff --git a/docs/source/index.rst b/docs/source/index.rst
index 1c46f1c8a..18a5554ca 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -6,7 +6,7 @@ Podman_ is a daemonless, open source, Linux native tool designed to make it easy
Containers under the control of Podman can either be run by root or by a non-privileged user. Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod_ library. Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers and container images in a production environment.
-The Podman service runs only on Linux platforms, however a REST API and clients are currently under development which will allow Mac and Windows platforms to call the service. There is currently a Varlink based remote client which runs on Mac or Windows platforms that allows the remote client to talk to the Podman server on a Linux platform. In addition to those clients, there is also a Mac client. NOTE: the Varlink remote client will be deprecated after the REST API is completed.
+The Podman service runs only on Linux platforms, however a REST API and clients are currently under development which will allow Mac and Windows platforms to call the service. There is currently a RESTful based remote client which runs on Mac or Windows platforms that allows the remote client to talk to the Podman server on a Linux platform. In addition to those clients, there is also a Mac client.
If you are completely new to containers, we recommend that you check out the :doc:`Introduction`. For power users or those comming from Docker, check out our :doc:`Tutorials`. For advanced users and contributors, you can get very detailed information about the Podman CLI by looking our :doc:`Commands` page. Finally, for Developers looking at how to interact with the Podman API, please see our API documentation :doc:`Reference`.
diff --git a/docs/source/markdown/podman-remote.1.md b/docs/source/markdown/podman-remote.1.md
index a7297f3f2..455631a6e 100644
--- a/docs/source/markdown/podman-remote.1.md
+++ b/docs/source/markdown/podman-remote.1.md
@@ -17,7 +17,7 @@ Podman uses Buildah(1) internally to create container images. Both tools share i
(not container) storage, hence each can use or manipulate images (but not containers)
created by the other.
-Podman-remote provides a local client interacting with a Podman backend node through a varlink ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the varlink service activated. Credentials for this session can be passed in using flags, environment variables, or in `podman-remote.conf`
+Podman-remote provides a local client interacting with a Podman backend node through a RESTful API tunneled through a ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the API service activated. Credentials for this session can be passed in using flags, environment variables, or in `podman-remote.conf`
**podman [GLOBAL OPTIONS]**
diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md
index 48e595641..3ae414f7a 100644
--- a/docs/source/markdown/podman-system-service.1.md
+++ b/docs/source/markdown/podman-system-service.1.md
@@ -31,13 +31,8 @@ Run an API listening for 5 seconds using the default socket.
podman system service --timeout 5000
```
-Run the podman varlink service with an alternate URI and accept the default timeout.
-```
-$ podman system service --varlink unix:/tmp/io.podman
-```
-
## SEE ALSO
-podman(1), podman-varlink(1)
+podman(1), podman-system-service(1), podman-system-connection(1)
## HISTORY
January 2020, Originally compiled by Brent Baude<bbaude@redhat.com>
diff --git a/docs/source/markdown/podman-varlink.1.md b/docs/source/markdown/podman-varlink.1.md
deleted file mode 100644
index 0b04d5ba3..000000000
--- a/docs/source/markdown/podman-varlink.1.md
+++ /dev/null
@@ -1,63 +0,0 @@
-% podman-varlink(1)
-
-## NAME
-podman\-varlink - Runs the varlink backend interface
-
-## SYNOPSIS
-**podman varlink** [*options*] *uri*
-
-## DESCRIPTION
-Starts the varlink service listening on *uri* that allows varlink clients to interact with podman. If no *uri* is provided, a default
-URI will be used depending on the user calling the varlink service. The default for the root user is `unix:/run/podman/io.podman`. Regular
-users will have a default *uri* of `$XDG_RUNTIME_DIR/podman/io.podman`. For example, `unix:/run/user/1000/podman/io.podman`
-The varlink service should generally be done with systemd. See _Configuration_ below.
-
-
-## OPTIONS
-
-**--help**, **-h**
-
- Print usage statement
-
-**--time**, **-t**
-
-The time until the varlink session expires in _milliseconds_. The default is 1
-second. A value of `0` means no timeout and the session will not expire.
-
-## EXAMPLES
-
-Run the podman varlink service accepting all default options.
-
-```
-$ podman varlink
-```
-
-
-Run the podman varlink service with an alternate URI and accept the default timeout.
-
-```
-$ podman varlink unix:/tmp/io.podman
-```
-
-Run the podman varlink service manually with a 5 second timeout.
-
-```
-$ podman varlink --timeout 5000
-```
-
-## CONFIGURATION
-
-Users of the podman varlink service should enable the _io.podman.socket_ and _io.podman.service_.
-This is the preferred method for running the varlink service.
-
-You can do this via systemctl.
-
-```
-$ systemctl enable --now io.podman.socket
-```
-
-## SEE ALSO
-podman(1), systemctl(1)
-
-## HISTORY
-April 2018, Originally compiled by Brent Baude<bbaude@redhat.com>
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index 8dc486b65..2f338452c 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -207,7 +207,6 @@ the exit codes follow the `chroot` standard, see below:
| [podman-unpause(1)](podman-unpause.1.md) | Unpause one or more containers. |
| [podman-unshare(1)](podman-unshare.1.md) | Run a command inside of a modified user namespace. |
| [podman-untag(1)](podman-untag.1.md) | Removes one or more names from a locally-stored image. |
-| [podman-varlink(1)](podman-varlink.1.md) | Runs the varlink backend interface. |
| [podman-version(1)](podman-version.1.md) | Display the Podman version information. |
| [podman-volume(1)](podman-volume.1.md) | Simple management tool for volumes. |
| [podman-wait(1)](podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes. |
diff --git a/go.mod b/go.mod
index 81c906e60..e5cbb1073 100644
--- a/go.mod
+++ b/go.mod
@@ -11,8 +11,8 @@ require (
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.6
github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224
- github.com/containers/common v0.13.1
- github.com/containers/conmon v2.0.17+incompatible
+ github.com/containers/common v0.14.0
+ github.com/containers/conmon v2.0.18+incompatible
github.com/containers/image/v5 v5.4.5-0.20200529084758-46b2ee6aebb0
github.com/containers/psgo v1.5.1
github.com/containers/storage v1.20.2
diff --git a/go.sum b/go.sum
index c559ccdd4..e5e65df1d 100644
--- a/go.sum
+++ b/go.sum
@@ -70,10 +70,10 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV
github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224 h1:EqwBZRqyUYvU7JOmmSSPviSaAoUP1wN0cefXXDZ9ATo=
github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224/go.mod h1:5ZkWjOuK90yl55L5R+purJNLfUo0VUr8pstJazNtYck=
github.com/containers/common v0.11.2/go.mod h1:2w3QE6VUmhltGYW4wV00h4okq1Crs7hNI1ZD2I0QRUY=
-github.com/containers/common v0.13.1 h1:6aE/IIxPPQk8DmND87tsWU1Aop/7mCC0T3dk/fZdm3k=
-github.com/containers/common v0.13.1/go.mod h1:Kg9Enw+WOUa9pwx47fzxEdzOn5+ofYXjBJdCyaCeSSA=
-github.com/containers/conmon v2.0.17+incompatible h1:8BooocmNIwjOwAUGAoDD6fi3u0RrFyQ/fDkQzdiVtrI=
-github.com/containers/conmon v2.0.17+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
+github.com/containers/common v0.14.0 h1:hiZFDPf6ajKiDmojN5f5X3gboKPO73NLrYb0RXfrQiA=
+github.com/containers/common v0.14.0/go.mod h1:9olhlE+WhYof1npnMJdyRMX14/yIUint6zyHzcyRVAg=
+github.com/containers/conmon v2.0.18+incompatible h1:rjwjNnE756NuXcdE/uUmj4kDbrykslPuBMHI31wh43E=
+github.com/containers/conmon v2.0.18+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U=
github.com/containers/image/v5 v5.4.4/go.mod h1:g7cxNXitiLi6pEr9/L9n/0wfazRuhDKXU15kV86N8h8=
github.com/containers/image/v5 v5.4.5-0.20200529084758-46b2ee6aebb0 h1:K1ez+qAi9hCMHv/akPF4ddZumQTq/PBGf2Nzc7e+7lI=
@@ -318,8 +318,6 @@ github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.12.3 h1:+RYp9QczoWz9zfUyLP/5SLXQVhfr6gZOoKGfQqHuLZQ=
-github.com/onsi/ginkgo v1.12.3/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
github.com/onsi/ginkgo v1.13.0 h1:M76yO2HkZASFjXL0HSoZJ1AYEmQxNJmY41Jx1zNUq1Y=
github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0=
github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 1101e35dc..d81f7e911 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -478,7 +478,7 @@ func (ir *Runtime) getImages(rwOnly bool) ([]*Image, error) {
if err != nil {
return nil, err
}
- newImages := make([]*Image, 0, len(images))
+ newImages := []*Image{}
for _, i := range images {
if rwOnly && i.ReadOnly {
continue
diff --git a/pkg/api/server/register_ping.go b/pkg/api/server/register_ping.go
index 8a1cda3d4..bf7763029 100644
--- a/pkg/api/server/register_ping.go
+++ b/pkg/api/server/register_ping.go
@@ -19,6 +19,7 @@ func (s *APIServer) registerPingHandlers(r *mux.Router) error {
// Return protocol information in response headers.
// `HEAD /libpod/_ping` is also supported.
// `/_ping` is available for compatibility with other engines.
+ // The '_ping' endpoints are not versioned.
// tags:
// - system (compat)
// - system
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go
index eca5c342c..0ec98d3b6 100644
--- a/pkg/autoupdate/autoupdate.go
+++ b/pkg/autoupdate/autoupdate.go
@@ -251,8 +251,19 @@ func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName str
return false, err
}
+ data, err := img.Inspect(context.Background())
+ if err != nil {
+ return false, err
+ }
+
sys := runtime.SystemContext()
sys.AuthFilePath = options.Authfile
+
+ // We need to account for the arch that the image uses. It seems
+ // common on ARM to tweak this option to pull the correct image. See
+ // github.com/containers/libpod/issues/6613.
+ sys.ArchitectureChoice = data.Architecture
+
remoteImg, err := remoteRef.NewImage(context.Background(), sys)
if err != nil {
return false, err
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 2abffc71a..5f9e2bdd2 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -377,7 +377,7 @@ func (ic *ContainerEngine) ContainerLogs(_ context.Context, nameOrIDs []string,
case <-ctx.Done():
return err
case line := <-outCh:
- _, _ = io.WriteString(options.Writer, line)
+ _, _ = io.WriteString(options.Writer, line+"\n")
}
}
}
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index 36b0d1831..9ddc5f1a9 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -39,7 +39,7 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
return nil, err
}
- is := make([]*entities.ImageSummary, 0, len(images))
+ is := make([]*entities.ImageSummary, len(images))
for i, img := range images {
hold := entities.ImageSummary{}
if err := utils.DeepCopy(&hold, img); err != nil {
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 266abd28d..1c34f622b 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -112,7 +112,7 @@ func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image
if initPath == "" {
return nil, errors.Errorf("no path to init binary found but container requested an init")
}
- finalCommand = append([]string{initPath, "--"}, finalCommand...)
+ finalCommand = append([]string{"/dev/init", "--"}, finalCommand...)
}
return finalCommand, nil
diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go
index 241c9adeb..0d78421a6 100644
--- a/pkg/specgen/generate/storage.go
+++ b/pkg/specgen/generate/storage.go
@@ -314,8 +314,8 @@ func addContainerInitBinary(s *specgen.SpecGenerator, path string) (spec.Mount,
if !s.PidNS.IsPrivate() {
return mount, fmt.Errorf("cannot add init binary as PID 1 (PID namespace isn't private)")
}
- if s.Systemd == "true" || s.Systemd == "always" {
- return mount, fmt.Errorf("cannot use container-init binary with systemd")
+ if s.Systemd == "always" {
+ return mount, fmt.Errorf("cannot use container-init binary with systemd=always")
}
if _, err := os.Stat(path); os.IsNotExist(err) {
return mount, errors.Wrap(err, "container-init binary not found on the host")
diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at
index 2dea1918a..9b8ff04f0 100644
--- a/test/apiv2/40-pods.at
+++ b/test/apiv2/40-pods.at
@@ -25,6 +25,16 @@ t POST "libpod/pods/create (dup pod)" name=foo 409 \
#t POST libpod/pods/create a=b 400 .cause='bad parameter' # FIXME: unimplemented
+t POST libpod/pods/foo/start '' 200 \
+ .Errs=null \
+ .Id=$pod_id
+
+t POST libpod/pods/foo/start '' 304 \
+
+t POST libpod/pods/fakename/start '' 404 \
+ .cause="no such pod" \
+ .message="no pod with name or ID fakename found: no such pod"
+
if root || have_cgroupsv2; then
t POST libpod/pods/foo/pause '' 200
else
@@ -35,12 +45,72 @@ else
fi
t POST libpod/pods/foo/unpause '' 200
t POST "libpod/pods/foo/unpause (2nd unpause in a row)" '' 200
+t POST "libpod/pods/fakename/unpause" '' 404\
+ .cause="no such pod" \
+ .message="no pod with name or ID fakename found: no such pod"
+
+
+t POST libpod/pods/foo/stop '' 200 \
+ .Errs=null \
+ .Id=$pod_id
+
t POST "libpod/pods/foo/stop (pod is already stopped)" '' 304
+t POST "libpod/pods/fakename/stop" '' 404\
+ .cause="no such pod" \
+ .message="no pod with name or ID fakename found: no such pod"
+
t POST libpod/pods/foo/restart '' 200 \
.Errs=null \
.Id=$pod_id
t POST "libpod/pods/bar/restart (restart on nonexistent pod)" '' 404
+t POST libpod/pods/create name=bar 201 .Id~[0-9a-f]\\{64\\}
+pod_bar_id=$(jq -r .Id <<<"$output")
+
+t POST libpod/pods/bar/restart '' 200 \
+ .Errs=null \
+ .Id=$pod_bar_id
+
+t GET libpod/pods/bar/json 200 \
+ .State=Running
+
+t POST libpod/pods/bar/restart '' 200 \
+ .Errs=null \
+ .Id=$pod_bar_id
+
+t POST "libpod/pods/bar/stop?t=invalid" '' 400 \
+ .cause="schema: error converting value for \"t\"" \
+ .message~"Failed to parse parameters for"
+
+podman run -d --pod bar busybox sleep 999
+
+t POST libpod/pods/bar/stop?t=1 '' 200 \
+ .Errs=null \
+ .Id=$pod_bar_id
+
+t POST libpod/pods/bar/start '' 200
+
+t GET libpod/pods/stats?all=true 200
+is $(jq '. | length' <<<"$output") 3 "stats?all=true: number of records found"
+
+t GET libpod/pods/stats?namesOrIDs=foo 200
+is $(jq '. | length' <<<"$output") 1 "stats?namesOrIDs=foo: number of records found"
+
+t GET libpod/pods/stats?namesOrIDs=fakename 404 \
+ .cause="no such pod" \
+ .message="unable to get list of pods: no pod with name or ID fakename found: no such pod"
+
+t DELETE libpod/pods/bar?force=true 200
+
+t GET libpod/pods/foo/top 200 \
+ .Processes[0][-1]="/pause " \
+ .Titles[-1]="COMMAND"
+
+t GET libpod/pods/foo/top?ps_args=args,pid 200 \
+ .Processes[0][0]="/pause " \
+ .Processes[0][1]="1" \
+ .Titles[0]="COMMAND" \
+ .Titles[1]="PID" \
# FIXME: I'm not sure what 'prune' is supposed to do; as of 20200224 it
# just returns 200 (ok) with empty result list.
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 76944b3db..6dce0b48d 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -151,12 +151,36 @@ var _ = Describe("Podman run", func() {
session := podmanTest.Podman([]string{"run", "--init", ALPINE, "ls"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
+ result := podmanTest.Podman([]string{"inspect", "-l"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(Equal(0))
+ conData := result.InspectContainerToJSON()
+ Expect(conData[0].Path).To(Equal("/dev/init"))
+ Expect(conData[0].Config.Annotations["io.podman.annotations.init"]).To(Equal("TRUE"))
})
It("podman run a container with --init and --init-path", func() {
session := podmanTest.Podman([]string{"run", "--init", "--init-path", "/usr/libexec/podman/catatonit", ALPINE, "ls"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
+ result := podmanTest.Podman([]string{"inspect", "-l"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(Equal(0))
+ conData := result.InspectContainerToJSON()
+ Expect(conData[0].Path).To(Equal("/dev/init"))
+ Expect(conData[0].Config.Annotations["io.podman.annotations.init"]).To(Equal("TRUE"))
+ })
+
+ It("podman run a container without --init", func() {
+ session := podmanTest.Podman([]string{"run", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ result := podmanTest.Podman([]string{"inspect", "-l"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.ExitCode()).To(Equal(0))
+ conData := result.InspectContainerToJSON()
+ Expect(conData[0].Path).To(Equal("ls"))
+ Expect(conData[0].Config.Annotations["io.podman.annotations.init"]).To(Equal("FALSE"))
})
It("podman run seccomp test", func() {
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 9657ecb69..ce479088e 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -74,105 +74,105 @@ type Config struct {
type ContainersConfig struct {
// Devices to add to all containers
- Devices []string `toml:"devices"`
+ Devices []string `toml:"devices,omitempty"`
// Volumes to add to all containers
- Volumes []string `toml:"volumes"`
+ Volumes []string `toml:"volumes,omitempty"`
// ApparmorProfile is the apparmor profile name which is used as the
// default for the runtime.
- ApparmorProfile string `toml:"apparmor_profile"`
+ ApparmorProfile string `toml:"apparmor_profile,omitempty"`
// Annotation to add to all containers
- Annotations []string `toml:"annotations"`
+ Annotations []string `toml:"annotations,omitempty"`
// Default way to create a cgroup namespace for the container
- CgroupNS string `toml:"cgroupns"`
+ CgroupNS string `toml:"cgroupns,omitempty"`
// Default cgroup configuration
- Cgroups string `toml:"cgroups"`
+ Cgroups string `toml:"cgroups,omitempty"`
// Capabilities to add to all containers.
- DefaultCapabilities []string `toml:"default_capabilities"`
+ DefaultCapabilities []string `toml:"default_capabilities,omitempty"`
// Sysctls to add to all containers.
- DefaultSysctls []string `toml:"default_sysctls"`
+ DefaultSysctls []string `toml:"default_sysctls,omitempty"`
// DefaultUlimits specifies the default ulimits to apply to containers
- DefaultUlimits []string `toml:"default_ulimits"`
+ DefaultUlimits []string `toml:"default_ulimits,omitempty"`
// DefaultMountsFile is the path to the default mounts file for testing
DefaultMountsFile string `toml:"-"`
// DNSServers set default DNS servers.
- DNSServers []string `toml:"dns_servers"`
+ DNSServers []string `toml:"dns_servers,omitempty"`
// DNSOptions set default DNS options.
- DNSOptions []string `toml:"dns_options"`
+ DNSOptions []string `toml:"dns_options,omitempty"`
// DNSSearches set default DNS search domains.
- DNSSearches []string `toml:"dns_searches"`
+ DNSSearches []string `toml:"dns_searches,omitempty"`
// EnableLabeling tells the container engines whether to use MAC
// Labeling to separate containers (SELinux)
- EnableLabeling bool `toml:"label"`
+ EnableLabeling bool `toml:"label,omitempty"`
// Env is the environment variable list for container process.
- Env []string `toml:"env"`
+ Env []string `toml:"env,omitempty"`
// EnvHost Pass all host environment variables into the container.
- EnvHost bool `toml:"env_host"`
+ EnvHost bool `toml:"env_host,omitempty"`
// HTTPProxy is the proxy environment variable list to apply to container process
- HTTPProxy bool `toml:"http_proxy"`
+ HTTPProxy bool `toml:"http_proxy,omitempty"`
// Init tells container runtimes whether to run init inside the
// container that forwards signals and reaps processes.
- Init bool `toml:"init"`
+ Init bool `toml:"init,omitempty"`
// InitPath is the path for init to run if the Init bool is enabled
- InitPath string `toml:"init_path"`
+ InitPath string `toml:"init_path,omitempty"`
// IPCNS way to to create a ipc namespace for the container
- IPCNS string `toml:"ipcns"`
+ IPCNS string `toml:"ipcns,omitempty"`
// LogDriver for the container. For example: k8s-file and journald
- LogDriver string `toml:"log_driver"`
+ LogDriver string `toml:"log_driver,omitempty"`
// LogSizeMax is the maximum number of bytes after which the log file
// will be truncated. It can be expressed as a human-friendly string
// that is parsed to bytes.
// Negative values indicate that the log file won't be truncated.
- LogSizeMax int64 `toml:"log_size_max"`
+ LogSizeMax int64 `toml:"log_size_max,omitempty"`
// NetNS indicates how to create a network namespace for the container
- NetNS string `toml:"netns"`
+ NetNS string `toml:"netns,omitempty"`
// NoHosts tells container engine whether to create its own /etc/hosts
- NoHosts bool `toml:"no_hosts"`
+ NoHosts bool `toml:"no_hosts,omitempty"`
// PidsLimit is the number of processes each container is restricted to
// by the cgroup process number controller.
- PidsLimit int64 `toml:"pids_limit"`
+ PidsLimit int64 `toml:"pids_limit,omitempty"`
// PidNS indicates how to create a pid namespace for the container
- PidNS string `toml:"pidns"`
+ PidNS string `toml:"pidns,omitempty"`
// SeccompProfile is the seccomp.json profile path which is used as the
// default for the runtime.
- SeccompProfile string `toml:"seccomp_profile"`
+ SeccompProfile string `toml:"seccomp_profile,omitempty"`
// ShmSize holds the size of /dev/shm.
- ShmSize string `toml:"shm_size"`
+ ShmSize string `toml:"shm_size,omitempty"`
// UTSNS indicates how to create a UTS namespace for the container
- UTSNS string `toml:"utsns"`
+ UTSNS string `toml:"utsns,omitempty"`
// UserNS indicates how to create a User namespace for the container
- UserNS string `toml:"userns"`
+ UserNS string `toml:"userns,omitempty"`
// UserNSSize how many UIDs to allocate for automatically created UserNS
- UserNSSize int `toml:"userns_size"`
+ UserNSSize int `toml:"userns_size,omitempty"`
}
// EngineConfig contains configuration options used to set up a engine runtime
@@ -183,20 +183,20 @@ type EngineConfig struct {
// CGroupManager is the CGroup Manager to use Valid values are "cgroupfs"
// and "systemd".
- CgroupManager string `toml:"cgroup_manager"`
+ CgroupManager string `toml:"cgroup_manager,omitempty"`
// NOTE: when changing this struct, make sure to update (*Config).Merge().
// ConmonEnvVars are environment variables to pass to the Conmon binary
// when it is launched.
- ConmonEnvVars []string `toml:"conmon_env_vars"`
+ ConmonEnvVars []string `toml:"conmon_env_vars,omitempty"`
// ConmonPath is the path to the Conmon binary used for managing containers.
// The first path pointing to a valid file will be used.
- ConmonPath []string `toml:"conmon_path"`
+ ConmonPath []string `toml:"conmon_path,omitempty"`
//DetachKeys is the sequence of keys used to detach a container.
- DetachKeys string `toml:"detach_keys"`
+ DetachKeys string `toml:"detach_keys,omitempty"`
// EnablePortReservation determines whether engine will reserve ports on the
// host when they are forwarded to containers. When enabled, when ports are
@@ -205,32 +205,32 @@ type EngineConfig struct {
// programs on the host. However, this can cause significant memory usage if
// a container has many ports forwarded to it. Disabling this can save
// memory.
- EnablePortReservation bool `toml:"enable_port_reservation"`
+ EnablePortReservation bool `toml:"enable_port_reservation,omitempty"`
// EventsLogFilePath is where the events log is stored.
- EventsLogFilePath string `toml:"events_logfile_path"`
+ EventsLogFilePath string `toml:"events_logfile_path,omitempty"`
// EventsLogger determines where events should be logged.
- EventsLogger string `toml:"events_logger"`
+ EventsLogger string `toml:"events_logger,omitempty"`
// configuration files. When the same filename is present in in
// multiple directories, the file in the directory listed last in
// this slice takes precedence.
- HooksDir []string `toml:"hooks_dir"`
+ HooksDir []string `toml:"hooks_dir,omitempty"`
// ImageDefaultTransport is the default transport method used to fetch
// images.
- ImageDefaultTransport string `toml:"image_default_transport"`
+ ImageDefaultTransport string `toml:"image_default_transport,omitempty"`
// InfraCommand is the command run to start up a pod infra container.
- InfraCommand string `toml:"infra_command"`
+ InfraCommand string `toml:"infra_command,omitempty"`
// InfraImage is the image a pod infra container will use to manage
// namespaces.
- InfraImage string `toml:"infra_image"`
+ InfraImage string `toml:"infra_image,omitempty"`
// InitPath is the path to the container-init binary.
- InitPath string `toml:"init_path"`
+ InitPath string `toml:"init_path,omitempty"`
// LockType is the type of locking to use.
LockType string `toml:"lock_type,omitempty"`
@@ -244,27 +244,27 @@ type EngineConfig struct {
Namespace string `toml:"namespace,omitempty"`
// NetworkCmdPath is the path to the slirp4netns binary.
- NetworkCmdPath string `toml:"network_cmd_path"`
+ NetworkCmdPath string `toml:"network_cmd_path,omitempty"`
// NoPivotRoot sets whether to set no-pivot-root in the OCI runtime.
- NoPivotRoot bool `toml:"no_pivot_root"`
+ NoPivotRoot bool `toml:"no_pivot_root,omitempty"`
// NumLocks is the number of locks to make available for containers and
// pods.
NumLocks uint32 `toml:"num_locks,omitempty"`
// OCIRuntime is the OCI runtime to use.
- OCIRuntime string `toml:"runtime"`
+ OCIRuntime string `toml:"runtime,omitempty"`
// OCIRuntimes are the set of configured OCI runtimes (default is runc).
- OCIRuntimes map[string][]string `toml:"runtimes"`
+ OCIRuntimes map[string][]string `toml:"runtimes,omitempty"`
// PullPolicy determines whether to pull image before creating or running a container
// default is "missing"
- PullPolicy string `toml:"pull_policy"`
+ PullPolicy string `toml:"pull_policy,omitempty"`
// Indicates whether the application should be running in Remote mode
- Remote bool `toml:"_"`
+ Remote bool `toml:"-"`
// RemoteURI containers connection information used to connect to remote system.
RemoteURI string `toml:"remote_uri,omitempty"`
@@ -280,15 +280,15 @@ type EngineConfig struct {
// RuntimeSupportsJSON is the list of the OCI runtimes that support
// --format=json.
- RuntimeSupportsJSON []string `toml:"runtime_supports_json"`
+ RuntimeSupportsJSON []string `toml:"runtime_supports_json,omitempty"`
// RuntimeSupportsNoCgroups is a list of OCI runtimes that support
// running containers without CGroups.
- RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroupv2"`
+ RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroupv2,omitempty"`
// RuntimeSupportsKVM is a list of OCI runtimes that support
// KVM separation for conatainers.
- RuntimeSupportsKVM []string `toml:"runtime_supports_kvm"`
+ RuntimeSupportsKVM []string `toml:"runtime_supports_kvm,omitempty"`
// SetOptions contains a subset of config options. It's used to indicate if
// a given option has either been set by the user or by the parsed
@@ -300,11 +300,11 @@ type EngineConfig struct {
// SignaturePolicyPath is the path to a signature policy to use for
// validating images. If left empty, the containers/image default signature
// policy will be used.
- SignaturePolicyPath string `toml:"_"`
+ SignaturePolicyPath string `toml:"-"`
// SDNotify tells container engine to allow containers to notify the host systemd of
// readiness using the SD_NOTIFY mechanism.
- SDNotify bool
+ SDNotify bool `toml:"-"`
// StateType is the type of the backing state store. Avoid using multiple
// values for this with the same containers/storage configuration on the
@@ -315,20 +315,20 @@ type EngineConfig struct {
// StaticDir is the path to a persistent directory to store container
// files.
- StaticDir string `toml:"static_dir"`
+ StaticDir string `toml:"static_dir,omitempty"`
// StopTimeout is the number of seconds to wait for container to exit
// before sending kill signal.
- StopTimeout uint `toml:"stop_timeout"`
+ StopTimeout uint `toml:"stop_timeout,omitempty"`
// TmpDir is the path to a temporary directory to store per-boot container
// files. Must be stored in a tmpfs.
- TmpDir string `toml:"tmp_dir"`
+ TmpDir string `toml:"tmp_dir,omitempty"`
// VolumePath is the default location that named volumes will be created
// under. This convention is followed by the default volume driver, but
// may not be by other drivers.
- VolumePath string `toml:"volume_path"`
+ VolumePath string `toml:"volume_path,omitempty"`
}
// SetOptions contains a subset of options in a Config. It's used to indicate if
@@ -377,14 +377,14 @@ type SetOptions struct {
// NetworkConfig represents the "network" TOML config table
type NetworkConfig struct {
// CNIPluginDirs is where CNI plugin binaries are stored.
- CNIPluginDirs []string `toml:"cni_plugin_dirs"`
+ CNIPluginDirs []string `toml:"cni_plugin_dirs,omitempty"`
// DefaultNetwork is the network name of the default CNI network
// to attach pods to.
DefaultNetwork string `toml:"default_network,omitempty"`
// NetworkConfigDir is where CNI network configuration files are stored.
- NetworkConfigDir string `toml:"network_config_dir"`
+ NetworkConfigDir string `toml:"network_config_dir,omitempty"`
}
// NewConfig creates a new Config. It starts with an empty config and, if
@@ -856,3 +856,77 @@ func Path() string {
}
return OverrideContainersConfig
}
+
+func customConfigFile() (string, error) {
+ path := os.Getenv("CONTAINERS_CONF")
+ if path != "" {
+ return path, nil
+ }
+ if unshare.IsRootless() {
+ path, err := rootlessConfigPath()
+ if err != nil {
+ return "", err
+ }
+ return path, nil
+ }
+ return OverrideContainersConfig, nil
+}
+
+//ReadCustomConfig reads the custom config and only generates a config based on it
+//If the custom config file does not exists, function will return an empty config
+func ReadCustomConfig() (*Config, error) {
+ path, err := customConfigFile()
+ if err != nil {
+ return nil, err
+ }
+ // hack since Ommitempty does not seem to work with Write
+ c, err := Default()
+ if err != nil {
+ if os.IsNotExist(errors.Cause(err)) {
+ c, err = DefaultConfig()
+ }
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ newConfig := &Config{}
+ if _, err := os.Stat(path); err == nil {
+ newConfig, err = readConfigFromFile(path, newConfig)
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ if !os.IsNotExist(err) {
+ return nil, err
+ }
+ }
+ newConfig.Containers.LogSizeMax = c.Containers.LogSizeMax
+ newConfig.Containers.PidsLimit = c.Containers.PidsLimit
+ newConfig.Containers.UserNSSize = c.Containers.UserNSSize
+ newConfig.Engine.NumLocks = c.Engine.NumLocks
+ newConfig.Engine.StopTimeout = c.Engine.StopTimeout
+ return newConfig, nil
+}
+
+// Write writes the configuration to the default file
+func (c *Config) Write() error {
+ var err error
+ path, err := customConfigFile()
+ if err != nil {
+ return err
+ }
+ if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+ return err
+ }
+ configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0600)
+ if err != nil {
+ return errors.Wrapf(err, "cannot open %s", path)
+ }
+ defer configFile.Close()
+ enc := toml.NewEncoder(configFile)
+ if err := enc.Encode(c); err != nil {
+ return err
+ }
+ return nil
+}
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index a029aedeb..389479fa5 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -92,7 +92,7 @@
# Ulimits has limits for non privileged container engines.
#
# default_ulimits = [
-# “nofile”=”1280:2560”,
+# "nofile"="1280:2560",
# ]
# List of default DNS options to be added to /etc/resolv.conf inside of the container.
@@ -105,7 +105,7 @@
# Set default DNS servers.
# This option can be used to override the DNS configuration passed to the
-# container. The special value “none” can be specified to disable creation of
+# container. The special value "none" can be specified to disable creation of
# /etc/resolv.conf in the container.
# The /etc/resolv.conf file in the image will be used without changes.
#
@@ -125,7 +125,7 @@
# Path to OCI hooks directories for automatically executed hooks.
#
# hooks_dir = [
-# “/usr/share/containers/oci/hooks.d”,
+# "/usr/share/containers/oci/hooks.d",
# ]
# Default proxy environment variables passed into the container.
@@ -220,7 +220,7 @@
# userns = "host"
# Number of UIDs to allocate for the automatic container creation.
-# UIDs are allocated from the “container” UIDs listed in
+# UIDs are allocated from the "container" UIDs listed in
# /etc/subuid & /etc/subgid
#
# userns_size=65536
@@ -241,7 +241,7 @@
[engine]
# Cgroup management implementation used for the runtime.
-# Valid options “systemd” or “cgroupfs”
+# Valid options "systemd" or "cgroupfs"
#
# cgroup_manager = "systemd"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 03a6e19de..92d25f428 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -84,14 +84,14 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.13.1
+# github.com/containers/common v0.14.0
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/auth
github.com/containers/common/pkg/capabilities
github.com/containers/common/pkg/cgroupv2
github.com/containers/common/pkg/config
github.com/containers/common/pkg/sysinfo
-# github.com/containers/conmon v2.0.17+incompatible
+# github.com/containers/conmon v2.0.18+incompatible
github.com/containers/conmon/runner/config
# github.com/containers/image/v5 v5.4.5-0.20200529084758-46b2ee6aebb0
github.com/containers/image/v5/copy