diff options
-rw-r--r-- | cmd/podman/containers/start.go | 20 | ||||
-rw-r--r-- | docs/source/markdown/podman-save.1.md | 3 | ||||
-rw-r--r-- | docs/source/markdown/podman-start.1.md | 25 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 10 | ||||
-rw-r--r-- | libpod/define/container.go | 9 | ||||
-rw-r--r-- | pkg/domain/entities/containers.go | 1 | ||||
-rw-r--r-- | pkg/domain/filters/containers.go | 27 | ||||
-rw-r--r-- | pkg/domain/infra/abi/containers.go | 28 | ||||
-rw-r--r-- | pkg/domain/infra/tunnel/containers.go | 25 | ||||
-rw-r--r-- | test/system/045-start.bats | 17 | ||||
-rw-r--r-- | test/system/410-selinux.bats | 13 |
11 files changed, 160 insertions, 18 deletions
diff --git a/cmd/podman/containers/start.go b/cmd/podman/containers/start.go index 8d62dc12f..dcd1eca82 100644 --- a/cmd/podman/containers/start.go +++ b/cmd/podman/containers/start.go @@ -3,6 +3,7 @@ package containers import ( "fmt" "os" + "strings" "github.com/containers/podman/v3/cmd/podman/common" "github.com/containers/podman/v3/cmd/podman/registry" @@ -42,7 +43,9 @@ var ( ) var ( - startOptions entities.ContainerStartOptions + startOptions = entities.ContainerStartOptions{ + Filters: make(map[string][]string), + } ) func startFlags(cmd *cobra.Command) { @@ -56,6 +59,8 @@ func startFlags(cmd *cobra.Command) { flags.BoolVarP(&startOptions.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached") flags.BoolVar(&startOptions.SigProxy, "sig-proxy", false, "Proxy received signals to the process (default true if attaching, false otherwise)") + flags.StringSliceVarP(&filters, "filter", "f", []string{}, "Filter output based on conditions given") + _ = cmd.RegisterFlagCompletionFunc("filter", common.AutocompletePsFilters) flags.BoolVar(&startOptions.All, "all", false, "Start all containers regardless of their state or configuration") @@ -116,7 +121,18 @@ func start(cmd *cobra.Command, args []string) error { startOptions.Stdout = os.Stdout } - responses, err := registry.ContainerEngine().ContainerStart(registry.GetContext(), args, startOptions) + var containers []string = args + if len(filters) > 0 { + for _, f := range filters { + split := strings.SplitN(f, "=", 2) + if len(split) == 1 { + return errors.Errorf("invalid filter %q", f) + } + startOptions.Filters[split[0]] = append(startOptions.Filters[split[0]], split[1]) + } + } + + responses, err := registry.ContainerEngine().ContainerStart(registry.GetContext(), containers, startOptions) if err != nil { return err } diff --git a/docs/source/markdown/podman-save.1.md b/docs/source/markdown/podman-save.1.md index 0036a9379..cae0c4b05 100644 --- a/docs/source/markdown/podman-save.1.md +++ b/docs/source/markdown/podman-save.1.md @@ -45,6 +45,7 @@ Save image to **oci-archive, oci-dir** (directory with oci manifest type), or ** #### **\-\-multi-image-archive**, **-m** Allow for creating archives with more than one image. Additional names will be interpreted as images instead of tags. Only supported for **docker-archive**. +The default for this option can be modified via the `multi_image_archive="true"|"false"` flag in containers.conf. #### **\-\-quiet**, **-q** @@ -99,7 +100,7 @@ Storing signatures ``` ## SEE ALSO -podman(1), podman-load(1) +podman(1), podman-load(1), containers.conf(5) ## HISTORY July 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com> diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md index 626e6e368..7085f3f47 100644 --- a/docs/source/markdown/podman-start.1.md +++ b/docs/source/markdown/podman-start.1.md @@ -42,6 +42,31 @@ Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and Start all the containers created by Podman, default is only running containers. +#### **\-\-filter**, **-f** + +Filter what containers are going to be started from the given arguments. +Multiple filters can be given with multiple uses of the --filter flag. +Filters with the same key work inclusive with the only exception being +`label` which is exclusive. Filters with different keys always work exclusive. + +Valid filters are listed below: + +| **Filter** | **Description** | +| --------------- | -------------------------------------------------------------------------------- | +| id | [ID] Container's ID (accepts regex) | +| name | [Name] Container's name (accepts regex) | +| label | [Key] or [Key=Value] Label assigned to a container | +| exited | [Int] Container's exit code | +| status | [Status] Container's status: 'created', 'exited', 'paused', 'running', 'unknown' | +| ancestor | [ImageName] Image or descendant used to create container | +| before | [ID] or [Name] Containers created before this container | +| since | [ID] or [Name] Containers created since this container | +| volume | [VolumeName] or [MountpointDestination] Volume mounted in container | +| health | [Status] healthy or unhealthy | +| pod | [Pod] name or full or partial ID of pod | +| network | [Network] name or full ID of network | + + ## EXAMPLE podman start mywebserver diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index f0608e2b2..14816f6aa 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -377,14 +377,8 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { case "z": fallthrough case "Z": - if c.MountLabel() != "" { - if c.ProcessLabel() != "" { - if err := label.Relabel(m.Source, c.MountLabel(), label.IsShared(o)); err != nil { - return nil, err - } - } else { - logrus.Infof("Not relabeling volume %q in container %s as SELinux is disabled", m.Source, c.ID()) - } + if err := label.Relabel(m.Source, c.MountLabel(), label.IsShared(o)); err != nil { + return nil, err } default: diff --git a/libpod/define/container.go b/libpod/define/container.go index 5a2ff026f..f3125afa9 100644 --- a/libpod/define/container.go +++ b/libpod/define/container.go @@ -17,3 +17,12 @@ const ( // handling of system restart, which Podman does not yet support. RestartPolicyUnlessStopped = "unless-stopped" ) + +// RestartPolicyMap maps between restart-policy valid values to restart policy types +var RestartPolicyMap = map[string]string{ + "none": RestartPolicyNone, + RestartPolicyNo: RestartPolicyNo, + RestartPolicyAlways: RestartPolicyAlways, + RestartPolicyOnFailure: RestartPolicyOnFailure, + RestartPolicyUnlessStopped: RestartPolicyUnlessStopped, +} diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go index 4707ced85..eacc14d50 100644 --- a/pkg/domain/entities/containers.go +++ b/pkg/domain/entities/containers.go @@ -265,6 +265,7 @@ type ContainerExistsOptions struct { // ContainerStartOptions describes the val from the // CLI needed to start a container type ContainerStartOptions struct { + Filters map[string][]string All bool Attach bool DetachKeys string diff --git a/pkg/domain/filters/containers.go b/pkg/domain/filters/containers.go index 9ac72e415..965a12468 100644 --- a/pkg/domain/filters/containers.go +++ b/pkg/domain/filters/containers.go @@ -1,6 +1,7 @@ package filters import ( + "fmt" "strconv" "strings" "time" @@ -226,6 +227,32 @@ func GenerateContainerFilterFuncs(filter string, filterValues []string, r *libpo } return false }, nil + case "restart-policy": + invalidPolicyNames := []string{} + for _, policy := range filterValues { + if _, ok := define.RestartPolicyMap[policy]; !ok { + invalidPolicyNames = append(invalidPolicyNames, policy) + } + } + var filterValueError error = nil + if len(invalidPolicyNames) > 0 { + errPrefix := "invalid restart policy" + if len(invalidPolicyNames) > 1 { + errPrefix = "invalid restart policies" + } + filterValueError = fmt.Errorf("%s %s", strings.Join(invalidPolicyNames, ", "), errPrefix) + } + return func(c *libpod.Container) bool { + for _, policy := range filterValues { + if policy == "none" && c.RestartPolicy() == define.RestartPolicyNone { + return true + } + if c.RestartPolicy() == policy { + return true + } + } + return false + }, filterValueError } return nil, errors.Errorf("%s is an invalid filter", filter) } diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index ef3ccab0c..d0a2b1bae 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -694,7 +694,33 @@ func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrID s func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []string, options entities.ContainerStartOptions) ([]*entities.ContainerStartReport, error) { reports := []*entities.ContainerStartReport{} var exitCode = define.ExecErrorCodeGeneric - ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, ic.Libpod) + containersNamesOrIds := namesOrIds + if len(options.Filters) > 0 { + filterFuncs := make([]libpod.ContainerFilter, 0, len(options.Filters)) + if len(options.Filters) > 0 { + for k, v := range options.Filters { + generatedFunc, err := dfilters.GenerateContainerFilterFuncs(k, v, ic.Libpod) + if err != nil { + return nil, err + } + filterFuncs = append(filterFuncs, generatedFunc) + } + } + candidates, err := ic.Libpod.GetContainers(filterFuncs...) + if err != nil { + return nil, err + } + containersNamesOrIds = []string{} + for _, candidate := range candidates { + for _, nameOrID := range namesOrIds { + if nameOrID == candidate.ID() || nameOrID == candidate.Name() { + containersNamesOrIds = append(containersNamesOrIds, nameOrID) + } + } + } + } + + ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, containersNamesOrIds, ic.Libpod) if err != nil { return nil, err } diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go index aa26825e0..3830835cc 100644 --- a/pkg/domain/infra/tunnel/containers.go +++ b/pkg/domain/infra/tunnel/containers.go @@ -506,7 +506,30 @@ func startAndAttach(ic *ContainerEngine, name string, detachKeys *string, input, func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []string, options entities.ContainerStartOptions) ([]*entities.ContainerStartReport, error) { reports := []*entities.ContainerStartReport{} var exitCode = define.ExecErrorCodeGeneric - ctrs, err := getContainersByContext(ic.ClientCtx, options.All, false, namesOrIds) + containersNamesOrIds := namesOrIds + if len(options.Filters) > 0 { + containersNamesOrIds = []string{} + opts := new(containers.ListOptions).WithFilters(options.Filters).WithAll(true) + candidates, listErr := containers.List(ic.ClientCtx, opts) + if listErr != nil { + return nil, listErr + } + for _, candidate := range candidates { + for _, nameOrID := range namesOrIds { + if nameOrID == candidate.ID { + containersNamesOrIds = append(containersNamesOrIds, nameOrID) + continue + } + for _, containerName := range candidate.Names { + if containerName == nameOrID { + containersNamesOrIds = append(containersNamesOrIds, nameOrID) + continue + } + } + } + } + } + ctrs, err := getContainersByContext(ic.ClientCtx, options.All, false, containersNamesOrIds) if err != nil { return nil, err } diff --git a/test/system/045-start.bats b/test/system/045-start.bats index ff818e51d..542f9d1c2 100644 --- a/test/system/045-start.bats +++ b/test/system/045-start.bats @@ -40,4 +40,21 @@ load helpers fi } +@test "podman start --filter - start only containers that match the filter" { + run_podman run -d $IMAGE /bin/true + cid="$output" + run_podman start --filter restart-policy=always $cid "CID of restart-policy=always container" + is "$output" "" + + run_podman start --filter restart-policy=none $cid "CID of restart-policy=none container" + is "$output" "$cid" +} + +@test "podman start --filter invalid-restart-policy - return error" { + run_podman run -d $IMAGE /bin/true + cid="$output" + run_podman 125 start --filter restart-policy=fakepolicy $cid "CID of restart-policy=<not-exists> container" + is "$output" "Error: fakepolicy invalid restart policy" +} + # vim: filetype=sh diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 95233c1e6..f8cee0e59 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -198,20 +198,23 @@ function check_label() { skip_if_no_selinux LABEL="system_u:object_r:tmp_t:s0" + RELABEL="system_u:object_r:container_file_t:s0" tmpdir=$PODMAN_TMPDIR/vol touch $tmpdir chcon -vR ${LABEL} $tmpdir ls -Z $tmpdir run_podman run -v $tmpdir:/test $IMAGE cat /proc/self/attr/current - level=$(secon -l $output) run ls -dZ ${tmpdir} is "$output" ${LABEL} "No Relabel Correctly" - run_podman run -v $tmpdir:/test:Z --security-opt label=disable $IMAGE cat /proc/self/attr/current - level=$(secon -l $output) + run_podman run -v $tmpdir:/test:z --security-opt label=disable $IMAGE cat /proc/self/attr/current + run ls -dZ $tmpdir + is "$output" ${RELABEL} "Privileged Relabel Correctly" + + run_podman run -v $tmpdir:/test:z --privileged $IMAGE cat /proc/self/attr/current run ls -dZ $tmpdir - is "$output" ${LABEL} "No Privileged Relabel Correctly" + is "$output" ${RELABEL} "Privileged Relabel Correctly" run_podman run -v $tmpdir:/test:Z $IMAGE cat /proc/self/attr/current level=$(secon -l $output) @@ -220,7 +223,7 @@ function check_label() { run_podman run -v $tmpdir:/test:z $IMAGE cat /proc/self/attr/current run ls -dZ $tmpdir - is "$output" "system_u:object_r:container_file_t:s0" "Shared Relabel Correctly" + is "$output" ${RELABEL} "Shared Relabel Correctly" } # vim: filetype=sh |