diff options
-rw-r--r-- | cmd/podman/containers/mount.go | 17 | ||||
-rw-r--r-- | cmd/podman/containers/unmount.go | 41 | ||||
-rw-r--r-- | cmd/podman/main.go | 18 | ||||
-rw-r--r-- | cmd/podman/registry/config.go | 3 | ||||
-rw-r--r-- | docs/source/markdown/links/podman-container-umount.1 | 2 | ||||
-rw-r--r-- | docs/source/markdown/links/podman-container-unmount.1 | 2 | ||||
-rw-r--r-- | docs/source/markdown/links/podman-umount.1 | 1 | ||||
-rw-r--r-- | docs/source/markdown/links/podman-unmount.1 | 1 | ||||
-rw-r--r-- | docs/source/markdown/podman-container.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman-mount.1.md | 9 | ||||
-rw-r--r-- | docs/source/markdown/podman-unmount.1.md (renamed from docs/source/markdown/podman-umount.1.md) | 20 | ||||
-rw-r--r-- | docs/source/markdown/podman.1.md | 8 | ||||
-rw-r--r-- | docs/tutorials/rootless_tutorial.md | 47 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 4 | ||||
-rw-r--r-- | pkg/rootless/rootless_linux.c | 7 | ||||
-rw-r--r-- | test/e2e/mount_rootless_test.go | 62 | ||||
-rw-r--r-- | test/e2e/mount_test.go | 5 | ||||
-rw-r--r-- | vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go | 2 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
20 files changed, 197 insertions, 58 deletions
diff --git a/cmd/podman/containers/mount.go b/cmd/podman/containers/mount.go index 186c4df16..b578daa49 100644 --- a/cmd/podman/containers/mount.go +++ b/cmd/podman/containers/mount.go @@ -10,6 +10,7 @@ import ( "github.com/containers/libpod/v2/cmd/podman/utils" "github.com/containers/libpod/v2/cmd/podman/validate" "github.com/containers/libpod/v2/pkg/domain/entities" + "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -31,7 +32,8 @@ var ( return validate.CheckAllLatestAndCIDFile(cmd, args, true, false) }, Annotations: map[string]string{ - registry.ParentNSRequired: "", + registry.UnshareNSRequired: "", + registry.ParentNSRequired: "", }, } @@ -51,7 +53,7 @@ var ( func mountFlags(flags *pflag.FlagSet) { flags.BoolVarP(&mountOpts.All, "all", "a", false, "Mount all containers") - flags.StringVar(&mountOpts.Format, "format", "", "Change the output format to Go template") + flags.StringVar(&mountOpts.Format, "format", "", "Print the mounted containers in specified format (json)") flags.BoolVar(&mountOpts.NoTruncate, "notruncate", false, "Do not truncate output") } @@ -90,14 +92,21 @@ func mount(_ *cobra.Command, args []string) error { } return errs.PrintErrors() } - if mountOpts.Format == "json" { + + switch mountOpts.Format { + case "json": return printJSON(reports) + case "": + // do nothing + default: + return errors.Errorf("unknown --format argument: %s", mountOpts.Format) } + mrs := make([]mountReporter, 0, len(reports)) for _, r := range reports { mrs = append(mrs, mountReporter{r}) } - row := "{{.ID}} {{.Path}}" + row := "{{.ID}} {{.Path}}\n" format := "{{range . }}" + row + "{{end}}" tmpl, err := template.New("mounts").Parse(format) if err != nil { diff --git a/cmd/podman/containers/unmount.go b/cmd/podman/containers/unmount.go index c40c2be7e..6556a6510 100644 --- a/cmd/podman/containers/unmount.go +++ b/cmd/podman/containers/unmount.go @@ -18,31 +18,32 @@ var ( An unmount can be forced with the --force flag. ` - umountCommand = &cobra.Command{ - Use: "umount [flags] CONTAINER [CONTAINER...]", - Aliases: []string{"unmount"}, + unmountCommand = &cobra.Command{ + Use: "unmount [flags] CONTAINER [CONTAINER...]", + Aliases: []string{"umount"}, Short: "Unmounts working container's root filesystem", Long: description, RunE: unmount, Args: func(cmd *cobra.Command, args []string) error { return validate.CheckAllLatestAndCIDFile(cmd, args, false, false) }, - Example: `podman umount ctrID - podman umount ctrID1 ctrID2 ctrID3 - podman umount --all`, + Example: `podman unmount ctrID + podman unmount ctrID1 ctrID2 ctrID3 + podman unmount --all`, } containerUnmountCommand = &cobra.Command{ - Use: umountCommand.Use, - Short: umountCommand.Short, - Long: umountCommand.Long, - RunE: umountCommand.RunE, + Use: unmountCommand.Use, + Short: unmountCommand.Short, + Aliases: unmountCommand.Aliases, + Long: unmountCommand.Long, + RunE: unmountCommand.RunE, Args: func(cmd *cobra.Command, args []string) error { return validate.CheckAllLatestAndCIDFile(cmd, args, false, false) }, - Example: `podman container umount ctrID - podman container umount ctrID1 ctrID2 ctrID3 - podman container umount --all`, + Example: `podman container unmount ctrID + podman container unmount ctrID1 ctrID2 ctrID3 + podman container unmount --all`, } ) @@ -50,25 +51,25 @@ var ( unmountOpts entities.ContainerUnmountOptions ) -func umountFlags(flags *pflag.FlagSet) { - flags.BoolVarP(&unmountOpts.All, "all", "a", false, "Umount all of the currently mounted containers") - flags.BoolVarP(&unmountOpts.Force, "force", "f", false, "Force the complete umount all of the currently mounted containers") +func unmountFlags(flags *pflag.FlagSet) { + flags.BoolVarP(&unmountOpts.All, "all", "a", false, "Unmount all of the currently mounted containers") + flags.BoolVarP(&unmountOpts.Force, "force", "f", false, "Force the complete unmount of the specified mounted containers") } func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ Mode: []entities.EngineMode{entities.ABIMode}, - Command: umountCommand, + Command: unmountCommand, }) - umountFlags(umountCommand.Flags()) - validate.AddLatestFlag(umountCommand, &unmountOpts.Latest) + unmountFlags(unmountCommand.Flags()) + validate.AddLatestFlag(unmountCommand, &unmountOpts.Latest) registry.Commands = append(registry.Commands, registry.CliCommand{ Mode: []entities.EngineMode{entities.ABIMode}, Command: containerUnmountCommand, Parent: containerCmd, }) - umountFlags(containerUnmountCommand.Flags()) + unmountFlags(containerUnmountCommand.Flags()) validate.AddLatestFlag(containerUnmountCommand, &unmountOpts.Latest) } diff --git a/cmd/podman/main.go b/cmd/podman/main.go index f46f74547..d0e89c2f5 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -40,13 +40,21 @@ func main() { for _, m := range c.Mode { if cfg.EngineMode == m { // Command cannot be run rootless - _, found := c.Command.Annotations[registry.ParentNSRequired] - if rootless.IsRootless() && found { - c.Command.RunE = func(cmd *cobra.Command, args []string) error { - return fmt.Errorf("cannot run command %q in rootless mode", cmd.CommandPath()) + _, found := c.Command.Annotations[registry.UnshareNSRequired] + if found { + if rootless.IsRootless() && found && os.Getuid() != 0 { + c.Command.RunE = func(cmd *cobra.Command, args []string) error { + return fmt.Errorf("cannot run command %q in rootless mode, must execute `podman unshare` first", cmd.CommandPath()) + } + } + } else { + _, found = c.Command.Annotations[registry.ParentNSRequired] + if rootless.IsRootless() && found { + c.Command.RunE = func(cmd *cobra.Command, args []string) error { + return fmt.Errorf("cannot run command %q in rootless mode", cmd.CommandPath()) + } } } - parent := rootCmd if c.Parent != nil { parent = c.Parent diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go index f5a231172..a62a41c12 100644 --- a/cmd/podman/registry/config.go +++ b/cmd/podman/registry/config.go @@ -15,7 +15,8 @@ import ( ) const ( - ParentNSRequired = "ParentNSRequired" + ParentNSRequired = "ParentNSRequired" + UnshareNSRequired = "UnshareNSRequired" ) var ( diff --git a/docs/source/markdown/links/podman-container-umount.1 b/docs/source/markdown/links/podman-container-umount.1 index 789dabbb0..aa4add453 100644 --- a/docs/source/markdown/links/podman-container-umount.1 +++ b/docs/source/markdown/links/podman-container-umount.1 @@ -1 +1 @@ -.so man1/podman-umount.1 +.so man1/podman-unmount.1 diff --git a/docs/source/markdown/links/podman-container-unmount.1 b/docs/source/markdown/links/podman-container-unmount.1 index 789dabbb0..aa4add453 100644 --- a/docs/source/markdown/links/podman-container-unmount.1 +++ b/docs/source/markdown/links/podman-container-unmount.1 @@ -1 +1 @@ -.so man1/podman-umount.1 +.so man1/podman-unmount.1 diff --git a/docs/source/markdown/links/podman-umount.1 b/docs/source/markdown/links/podman-umount.1 new file mode 100644 index 000000000..aa4add453 --- /dev/null +++ b/docs/source/markdown/links/podman-umount.1 @@ -0,0 +1 @@ +.so man1/podman-unmount.1 diff --git a/docs/source/markdown/links/podman-unmount.1 b/docs/source/markdown/links/podman-unmount.1 deleted file mode 100644 index 789dabbb0..000000000 --- a/docs/source/markdown/links/podman-unmount.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/podman-umount.1 diff --git a/docs/source/markdown/podman-container.1.md b/docs/source/markdown/podman-container.1.md index 4ea7c7acc..0a6ceea33 100644 --- a/docs/source/markdown/podman-container.1.md +++ b/docs/source/markdown/podman-container.1.md @@ -41,7 +41,7 @@ The container command allows you to manage containers | stats | [podman-stats(1)](podman-stats.1.md) | Display a live stream of one or more container's resource usage statistics. | | stop | [podman-stop(1)](podman-stop.1.md) | Stop one or more running containers. | | top | [podman-top(1)](podman-top.1.md) | Display the running processes of a container. | -| umount | [podman-umount(1)](podman-umount.1.md) | Unmount a working container's root filesystem.(Alias unmount) | +| unmount | [podman-unmount(1)](podman-unmount.1.md) | Unmount a working container's root filesystem.(Alias unmount) | | unpause | [podman-unpause(1)](podman-unpause.1.md) | Unpause one or more containers. | | wait | [podman-wait(1)](podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes. | diff --git a/docs/source/markdown/podman-mount.1.md b/docs/source/markdown/podman-mount.1.md index eaed1051e..33c5aece8 100644 --- a/docs/source/markdown/podman-mount.1.md +++ b/docs/source/markdown/podman-mount.1.md @@ -12,9 +12,12 @@ podman\-mount - Mount a working container's root filesystem Mounts the specified containers' root file system in a location which can be accessed from the host, and returns its location. -If you execute the command without any arguments, the tool will list all of the +If you execute the command without any arguments, Podman will list all of the currently mounted containers. +Rootless mode only supports mounting VFS driver, unless you enter the user namespace +via the `podman unshare` command. All other storage drivers will fail to mount. + ## RETURN VALUE The location of the mounted file system. On error an empty string and errno is returned. @@ -27,7 +30,7 @@ Mount all containers. **--format**=*format* -Print the mounted containers in specified format (json) +Print the mounted containers in specified format (json). **--latest**, **-l** @@ -70,4 +73,4 @@ a7060253093b /var/lib/containers/storage/overlay/0ff7d7ca68bed1ace424f9df154d2dd ``` ## SEE ALSO -podman(1), podman-umount(1), mount(8) +podman(1), podman-umount(1), mount(8), podman-unshare(1) diff --git a/docs/source/markdown/podman-umount.1.md b/docs/source/markdown/podman-unmount.1.md index 31a213f28..47c55cc0b 100644 --- a/docs/source/markdown/podman-umount.1.md +++ b/docs/source/markdown/podman-unmount.1.md @@ -1,23 +1,23 @@ -% podman-umount(1) +% podman-unmount(1) ## NAME -podman\-umount - Unmount a working container's root filesystem +podman\-unmount - Unmount a working container's root filesystem ## SYNOPSIS -**podman umount** [*options*] *container* [...] +**podman unmount** [*options*] *container* [...] -**podman container umount** [*options*] *container* [...] +**podman umount** [*options*] *container* [...] **podman container unmount** [*options*] *container* [...] -**podman unmount** [*options*] *container* [...] +**podman container umount** [*options*] *container* [...] ## DESCRIPTION Unmounts the specified containers' root file system, if no other processes are using it. Container storage increments a mount counter each time a container is mounted. -When a container is unmounted, the mount counter is decremented and the +When a container is unmounted, the mount counter is decremented, and the container's root filesystem is physically unmounted only when the mount counter reaches zero indicating no other processes are using the mount. An unmount can be forced with the --force flag. @@ -45,11 +45,11 @@ The latest option is not supported on the remote client. ## EXAMPLE -podman umount containerID +podman container unmount containerID -podman umount containerID1 containerID2 containerID3 +podman unmount containerID1 containerID2 containerID3 -podman umount --all +podman unmount --all ## SEE ALSO -podman(1), podman-mount(1) +podman(1), podman-container-mount(1), podman-image-mount(1) diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 776ee7a67..e1f176869 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -207,7 +207,7 @@ the exit codes follow the `chroot` standard, see below: | [podman-system(1)](podman-system.1.md) | Manage podman. | | [podman-tag(1)](podman-tag.1.md) | Add an additional name to a local image. | | [podman-top(1)](podman-top.1.md) | Display the running processes of a container. | -| [podman-umount(1)](podman-umount.1.md) | Unmount a working container's root filesystem. | +| [podman-unmount(1)](podman-unmount.1.md) | Unmount a working container's root filesystem. | | [podman-unpause(1)](podman-unpause.1.md) | Unpause one or more containers. | | [podman-unshare(1)](podman-unshare.1.md) | Run a command inside of a modified user namespace. | | [podman-untag(1)](podman-untag.1.md) | Removes one or more names from a locally-stored image. | @@ -217,7 +217,7 @@ the exit codes follow the `chroot` standard, see below: ## FILES -**containers.conf** (`/usr/share/containers/containers.conf`) +**containers.conf** (`/usr/share/containers/containers.conf`, `/etc/containers/containers.conf`, `$HOME/.config/containers/containers.conf`) Podman has builtin defaults for command line options. These defaults can be overridden using the containers.conf configuration files. @@ -235,13 +235,13 @@ When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.con Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid. -**registries.conf** (`/etc/containers/registries.conf`) +**registries.conf** (`/etc/containers/registries.conf`, `$HOME/.config/containers/registries.conf`) registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. -**storage.conf** (`/etc/containers/storage.conf`) +**storage.conf** (`/etc/containers/storage.conf`, `$HOME/.config/contaners/storage.conf`) storage.conf is the storage configuration file for all tools using containers/storage diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md index 821c07647..b53b67647 100644 --- a/docs/tutorials/rootless_tutorial.md +++ b/docs/tutorials/rootless_tutorial.md @@ -58,7 +58,7 @@ The number of user namespaces that are allowed on the system is specified in the ### /etc/subuid and /etc/subgid configuration -Rootless Podman requires the user running it to have a range of UIDs listed in /etc/subuid and /etc/subgid files. The `shadows-utils` or `newuid` package provides these files on different distributions and they must be installed on the system. These files will need someone with root privileges on the system to add or update the entries within them. The following is a summarization from the [How does rootless Podman work?](https://opensource.com/article/19/2/how-does-rootless-podman-work) article by Dan Walsh on [opensource.com](https://opensource.com) +Rootless Podman requires the user running it to have a range of UIDs listed in /etc/subuid and /etc/subgid files. The `shadow-utils` or `newuid` package provides these files on different distributions and they must be installed on the system. These files will need someone with root privileges on the system to add or update the entries within them. The following is a summarization from the [How does rootless Podman work?](https://opensource.com/article/19/2/how-does-rootless-podman-work) article by Dan Walsh on [opensource.com](https://opensource.com) Update the /etc/subuid and /etc/subgid with fields for each user that will be allowed to create containers that look like the following. Note that the values for each user must be unique and without any overlap. If there is an overlap, there is a potential for a user to use another’s namespace and they could corrupt it. @@ -106,9 +106,50 @@ Once the Administrator has completed the setup on the machine and then the confi ### User Configuration Files -The Podman configuration files for root reside in `/usr/share/containers` with overrides in `/etc/containers`. In the rootless environment they reside in `${XDG_CONFIG_HOME}/containers` (usually `~/.config/containers`) and are owned by each individual user. The main files are `containers.conf` and `storage.conf` and the user can modify these files as they wish. +The Podman configuration files for root reside in `/usr/share/containers` with overrides in `/etc/containers`. In the rootless environment they reside in `${XDG_CONFIG_HOME}/containers` (usually `~/.config/containers`) and are owned by each individual user. -The default authorization file used by the `podman login` and `podman logout` commands reside in `${XDG_RUNTIME_DIR}/containers/auth.json`. +The three main configuration files are [containers.conf](https://github.com/containers/common/blob/master/docs/containers.conf.5.md), [storage.conf](https://github.com/containers/storage/blob/master/docs/containers-storage.conf.5.md) and [registries.conf](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md). The user can modify these files as they wish. + +#### containers.conf +Podman reads +1. `/usr/share/containers/containers.conf` +2. `/etc/containers/containers.conf` +3. `$HOME/.config/containers/containers.conf` + +if they exist in that order. Each file can override the previous for particular fields. + +#### storage.conf +For `storage.conf` the order is +1. `/etc/containers/storage.conf` +2. `$HOME/.config/containers/storage.conf` + +In rootless podman certain fields in `/etc/containers/storage.conf` are ignored. These fields are: +``` +graphroot="" + container storage graph dir (default: "/var/lib/containers/storage") + Default directory to store all writable content created by container storage programs. + +runroot="" + container storage run dir (default: "/var/run/containers/storage") + Default directory to store all temporary writable content created by container storage programs. +``` +In rootless podman these fields default to +``` +graphroot="$HOME/.local/share/containers/storage" +runroot="$XDG_RUNTIME_DIR/containers" +``` +[$XDG_RUNTIME_DIR](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html#variables) defaults on most systems to `/run/user/$UID`. + +#### registries +Registry configuration is read in by this order +1. `/etc/containers/registries.conf` +2. `/etc/containers/registries.d/*` +3. `HOME/.config/containers/registries.conf` + +The files in the home directory should be used to configure rootless podman for personal needs. These files are not created by default. Users can copy the files from `/usr/share/containers` or `/etc/containers` and modify them. + +#### Authorization files + The default authorization file used by the `podman login` and `podman logout` commands reside in `${XDG_RUNTIME_DIR}/containers/auth.json`. ### Using volumes @@ -46,7 +46,7 @@ require ( github.com/opentracing/opentracing-go v1.2.0 github.com/pkg/errors v0.9.1 github.com/pmezard/go-difflib v1.0.0 - github.com/rootless-containers/rootlesskit v0.9.5 + github.com/rootless-containers/rootlesskit v0.10.0 github.com/seccomp/containers-golang v0.5.0 github.com/sirupsen/logrus v1.6.0 github.com/spf13/cobra v0.0.7 @@ -391,8 +391,8 @@ github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQl github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rootless-containers/rootlesskit v0.9.5 h1:ygvFn6ms/14MlRQmMK8OSLKwwtHeRLFNblm+rOIndA0= -github.com/rootless-containers/rootlesskit v0.9.5/go.mod h1:OZQfuRPb+2MA1p+hmjHmSmDRv9SdTzlQ3taNA/0d7XM= +github.com/rootless-containers/rootlesskit v0.10.0 h1:62HHP8s8qYYcolEtAsuo4GU6qau6pWmcQ1Te+TZTFds= +github.com/rootless-containers/rootlesskit v0.10.0/go.mod h1:OZQfuRPb+2MA1p+hmjHmSmDRv9SdTzlQ3taNA/0d7XM= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 h1:2c1EFnZHIPCW8qKWgHMH/fX2PkSabFc5mrVzfUNdg5U= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 716db81dc..8e0151496 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -210,6 +210,13 @@ can_use_shortcut () ret = false; break; } + + if (argv[argc+1] != NULL && strcmp (argv[argc], "container") == 0 && + strcmp (argv[argc+1], "mount") == 0) + { + ret = false; + break; + } } free (argv[0]); diff --git a/test/e2e/mount_rootless_test.go b/test/e2e/mount_rootless_test.go new file mode 100644 index 000000000..986c11c16 --- /dev/null +++ b/test/e2e/mount_rootless_test.go @@ -0,0 +1,62 @@ +// +build !remote + +package integration + +import ( + "os" + + . "github.com/containers/libpod/v2/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman mount", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + if os.Geteuid() == 0 { + Skip("This function is not enabled for rootfull podman") + } + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman mount", func() { + setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + cid := setup.OutputToString() + + mount := podmanTest.Podman([]string{"mount", cid}) + mount.WaitWithDefaultTimeout() + Expect(mount.ExitCode()).ToNot(Equal(0)) + Expect(mount.ErrorToString()).To(ContainSubstring("podman unshare")) + }) + + It("podman unshare podman mount", func() { + setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + cid := setup.OutputToString() + + session := podmanTest.Podman([]string{"unshare", PODMAN_BINARY, "mount", cid}) + session.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + }) +}) diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index 36d1f856d..0b1667fd3 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -80,6 +80,11 @@ var _ = Describe("Podman mount", func() { Expect(j.ExitCode()).To(Equal(0)) Expect(j.IsJSONOutputValid()).To(BeTrue()) + j = podmanTest.Podman([]string{"mount", "--format='{{.foobar}}'"}) + j.WaitWithDefaultTimeout() + Expect(j.ExitCode()).ToNot(Equal(0)) + Expect(j.ErrorToString()).To(ContainSubstring("unknown --format")) + umount := podmanTest.Podman([]string{"umount", cid}) umount.WaitWithDefaultTimeout() Expect(umount.ExitCode()).To(Equal(0)) diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go index 7cce235a6..112a926c3 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go @@ -119,11 +119,13 @@ func (d *childDriver) handleConnectRequest(c *net.UnixConn, req *msg.Request) er if err != nil { return err } + defer targetConnFile.Close() oob := unix.UnixRights(int(targetConnFile.Fd())) f, err := c.File() if err != nil { return err } + defer f.Close() for { err = unix.Sendmsg(int(f.Fd()), []byte("dummy"), oob, nil, 0) if err != unix.EINTR { diff --git a/vendor/modules.txt b/vendor/modules.txt index 7cd0f86df..1c1865e23 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -468,7 +468,7 @@ github.com/prometheus/common/model github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util -# github.com/rootless-containers/rootlesskit v0.9.5 +# github.com/rootless-containers/rootlesskit v0.10.0 github.com/rootless-containers/rootlesskit/pkg/msgutil github.com/rootless-containers/rootlesskit/pkg/port github.com/rootless-containers/rootlesskit/pkg/port/builtin |